News linked to both this project and an event.
Odaily News ether.fi CEO Mike Silagadze posted on X platform to explain the reason behind the company's commitment of 5,000 ETH to the Kelp hack recovery fund. He stated that the team believes this incident posed a real risk of "destroying the entire DeFi ecosystem." If Kelp were to go bankrupt, $1.5 billion worth of rsETH could be frozen long-term, potentially bringing the $30 billion Aave lending market to a standstill and triggering a cascading collapse across both DeFi and CeFi, which he described as making "FTX look insignificant by comparison." Mike Silagadze added that while most institutions chose to step back and defer to legal counsel, proactively taking responsibility and quickly raising funds to plug the gap was the right choice to help avert the worst-case scenario.
Circle Ventures, Consensys, and Joseph Lubin have announced their support for the DeFi United initiative, aimed at mitigating losses caused by the Kelp DAO vulnerability. Circle Ventures is supporting the ecosystem by purchasing AAVE tokens. Consensys and Ethereum co-founder Joseph Lubin have confirmed the provision of 30,000 ETH to DeFi United. To date, DeFi United has raised over 132,000 ETH, with a total value exceeding $300 million. These funds will be used to cover bad debts resulting from an attacker minting unbacked rsETH via the LayerZero bridge and borrowing assets on Aave. Previously, Aave proposed a donation of 25,000 ETH, while Lido DAO, Ether.fi, and Kelp have respectively proposed or pledged donations of 2,500 ETH, 5,000 ETH, and 2,000 ETH.
Odaily报道 According to Ai Yi monitoring, a Galaxy Digital OTC-related address (0x16F...1Fde) has deposited 15,000 ETH, worth $34.74 million, to an exchange. These funds originated from 38,000 ETH withdrawn from Aave a week ago, which was the day when Kelp DAO was attacked, causing Aave to potentially face bad debt.
according to on-chain analyst Ai Yi's monitoring, an address linked to the Balancer attacker has transferred 5,609 ETH, worth $13 million, to THORChain over the past 9 hours. In November 2025, Balancer was hacked for over $116 million, a incident with the same suspected culprit as the Aave attack, both pointing to the North Korean hacker group Lazarus Group. Both entities have recently been frequently using Tornado Cash for money laundering.
According to on-chain analyst Ai Aunt (@ai_9684xtpa), the address 0xb5E…Fc24e deposited a total of 1.397 million UNI tokens—worth approximately $4.6 million—into three exchanges two hours ago. Notably, the Bybit deposit address has had multiple interactions with the DeFi crypto fund DeFiance Capital, which is an investor in both Aave and LayerZero—two entities closely linked to the recent Kelp DAO hack incident.
According to information on the governance forum page, Mantle plans to provide Aave with a loan of 30,000 ETH to help it address the non-performing loan risk triggered by the recent attack. According to analyst Yujin’s statistics, confirmed rescue funds now cover a shortfall of approximately 43,500 ETH.
According to The Block, JPMorgan analysts noted in their latest report that ongoing DeFi security vulnerabilities and stagnant growth in total value locked (TVL) continue to constrain institutional enthusiasm for the DeFi sector. Recently, Kelp DAO’s cross-chain bridge suffered a major attack, during which the attacker minted $292 million worth of uncollateralized rsETH tokens and borrowed real ETH on Aave, resulting in approximately $230 million in bad debt. This caused DeFi TVL to evaporate by roughly $20 billion within several days. LayerZero and blockchain security researchers have attributed this attack to the North Korean hacker group Lazarus Group; some of the stolen funds have been frozen, while the rest remain in circulation. Analysts also pointed out that DeFi TVL denominated in ETH has remained range-bound for an extended period, raising market concerns about whether DeFi can achieve organic growth sufficient to support institutional adoption. Furthermore, following each security incident, users tend to shift funds into USDT as a safe-haven asset—yet this trend has not yet significantly driven USDT’s market capitalization growth.
According to information from the governance forum, Bybit’s public chain Mantle plans to lend 30,000 ETH to Aave to address the bad debt risks arising from recent security incidents.According to statistics from crypto analyst Ember (@EmberCN), the confirmed scale of bailout funds is estimated to cover a shortfall of approximately 43,500 ETH.
According to on-chain analyst Ember (@EmberCN), the rsETH incident on April 18 resulted in a funding shortfall of approximately 68,900 ETH (around $160 million): the hacker collateralized rsETH to borrow 99,600 ETH; after Arbitrum recovered 30,700 ETH, the remaining funds were fully converted by the hacker into BTC. The incident has now entered the remediation phase. Aave is coordinating the establishment of a “DeFi United” relief fund, which has so far received cumulative donations totaling 13,500 ETH (approximately $31.45 million). Donors include Lido Finance (2,500 stETH), ether.fi Foundation (5,000 ETH), Aave founder Stani Kulechov (5,000 ETH), Golem Foundation (1,000 ETH), as well as LayerZero and Ink Foundation (amounts undisclosed).
the Lido team has initiated a proposal, planning to allocate up to 2,500 stETH (approximately $5.8 million) from the DAO to cover the rsETH asset shortfall resulting from the recent attack on Kelp DAO.Lido noted that the LayerZero-based exploit has led to insufficient rsETH reserves, triggering a chain reaction across the DeFi ecosystem, including rising interest rate pressure, tightening lending markets, and certain leveraged strategies facing passive liquidation risks.The proposal emphasizes that these funds will only be used as part of a complete recovery solution, provided that the overall shortfall can be fully addressed.Previously, the approximately $292 million attack on Kelp DAO had already impacted Aave, leading to bad debt issues, and its total value locked (TVL) once declined by nearly $8 billion.
Aave released the latest update on the rsETH security incident on the X platform, announcing that it has paused rsETH reserve-related operations on the Ethereum mainnet as well as networks including Arbitrum, Base, Mantle, and Linea. This measure is intended to prevent excess aETHrsETH from being withdrawn, thereby pushing positions close to the 95% liquidation threshold. This action aims to preserve as much capital as possible and reduce systemic risk while the asset recovery plan is underway. Aave stated that further progress and resolution plans will be continuously disclosed to the community.
Aave announced the latest developments regarding the rsETH security incident on X, stating that rsETH-related reserve operations have been suspended on Ethereum Mainnet and on networks including Arbitrum, Base, Mantle, and Linea. This measure aims to preserve as much capital as possible and mitigate systemic risk while the asset recovery plan is underway. Aave stated that it will continue to disclose subsequent updates and resolution plans to the community.
Spark announced on X that the total staked native token SPK has just surpassed 500 million tokens, reaching 509,969,466 tokens according to its displayed data. Users staking SPK can now participate in Season 4 of the Spark Points Program and earn points rewards. Previously, due to the rsETH security incident, funds continuously flowed out of Aave, while Spark absorbed some of the capital withdrawn by large whales/institutions from Aave.
Michael Egorov (@newmichwill), founder of Curve Finance, posted that recent security incidents in the DeFi space—triggered by centralized failure points—have occurred frequently and severely damaged the industry’s reputation. Citing examples such as Aave users being unable to withdraw funds following the rsETH exploit and the LayerZero cross-chain bridge hack, he emphasized that problems must be prevented *before* they occur—not addressed only after damage is done. He called on the industry to jointly establish DeFi security standards, proposing that the Ethereum Foundation and Solana Foundation take the lead in collaborating with projects across ecosystems, auditing firms, and risk-assessment teams to develop principles and specifications for secure system design—and suggesting that lessons could be drawn from traditional finance’s approaches to safeguarding centralized nodes.
Aave risk service provider LlamaRisk has released an incident report: On April 18, 2026, the attacker exploited a vulnerability in Kelp’s LayerZero V2 Unichain-to-Ethereum rsETH routing (a 1-of-1 DVN configuration flaw), forged inbound packets, and illicitly released 116,500 rsETH from the Ethereum-side adapter. Of these, 89,567 rsETH were deposited as collateral into multiple Aave V3 markets—including Ethereum Core and Arbitrum—enabling the borrowing of approximately 82,650 WETH (valued at ~$191 million) and 821 wstETH. Currently, only 40,373 rsETH remain in the adapter, while the total claimable rsETH on the remote chain stands at 152,577—creating a substantial shortfall. Depending on the loss allocation methodology, Aave faces two potential bad-debt scenarios: - Scenario 1 (global pro-rata allocation): Estimated bad debt of ~$123.7 million, with Ethereum Core bearing the greatest pressure; - Scenario 2 (loss confined to L2s): Estimated bad debt of ~$230.1 million, with Mantle facing a WETH reserve shortfall of up to 71.45% and Arbitrum facing a 26.67% shortfall. Following the incident, Aave Protocol Guardians and Risk Administrators immediately froze rsETH/wrsETH reserves across all 11 affected markets.
Odaily News Lido posted on platform X stating that on April 18th, the Kelp cross-chain bridge was attacked, resulting in the theft of approximately 116,500 rsETH (worth about $292 million). Subsequently, the related assets were frozen on lending markets such as Aave.Its treasury product EarnETH has approximately a 9% risk exposure (about $21.6 million) through leveraged rsETH/ETH positions on Aave. Meanwhile, rising borrowing utilization is creating cost pressure on other strategies. The team is advancing deleveraging and reducing overall risk.Lido pointed out that the final impact of the rsETH positions depends on the subsequent handling by Kelp, LayerZero, and Aave, including loss sharing, asset recovery, and bad debt processing.Regarding risk mitigation, EarnETH can, if necessary, activate a $3 million "first-loss protection mechanism" (provided by the DAO treasury) to cover losses. The specific scale of its use is still pending further evaluation. Currently, the treasury has suspended deposits and withdrawals to ensure fairness and complete loss assessment. If the handling process is slow, redemption channels may be reopened based on the worst-case loss expectations.The official emphasized that stETH and wstETH are unaffected, and the core staking protocol was not involved in this incident.
According to an official Lido tweet, on April 18, 2026, attackers stole 116,500 rsETH (approximately $292 million) from the Kelp cross-chain bridge. Lending platforms including Aave subsequently froze the rsETH market. Lido’s EarnETH treasury holds approximately 9% exposure to rsETH (roughly $21.6 million) via leveraged positions on Aave; deposits and withdrawals are currently suspended. The EarnETH team is actively reducing leverage and mitigating risk; the final loss amount will depend on subsequent decisions by Kelp, LayerZero, and Aave. The Lido DAO treasury has a $3 million “first-loss protection mechanism,” which may be activated—via burning DAO treasury shares—as needed. Lido’s core staking protocol, as well as stETH and wstETH, remain unaffected by this incident.
According to monetsupply.eth, Spark’s Strategy Lead, in a post on X, Spark has long maintained a relatively high borrowing interest rate cap for its SparkLend ETH market. Although this policy caused many users to migrate to Aave—resulting in substantial loss of business and revenue—the current market liquidity crisis has validated the prudence of this strategy. Presently, Aave is experiencing severe liquidity shortages across multiple chains—including Ethereum Mainnet, Arbitrum, Polygon Plasma, Mantle, and Base—with ETH borrowing utilization reaching 100%. This has prevented depositors from withdrawing funds and hindered normal liquidation of ETH collateral. He warns that if the current liquidity crunch persists, a 15–20% drop in ETH’s price could expose Aave to widespread bad debt—compounded by the potential impact of the rsETH vulnerability incident.
According to on-chain analytics platform Lookonchain (@lookonchain), an OTC whale previously purchased 163,405 ETH (approximately $440 million) and 4,000 cbBTC (approximately $296 million). Due to the KelpDAO rsETH cross-chain bridge vulnerability, this whale was unable to withdraw ETH normally from Aave and was forced to discount-swap 7,438 aEthWETH (approximately $16.83 million) for 1,930 stETH and 5,272 ETH, incurring a loss of approximately 237 ETH (about $540,000). The whale has since withdrawn 98,032 wstETH (approximately $272 million) and 3,000 cbBTC (approximately $221.6 million) from Aave, leaving 10,000 ETH (approximately $22.8 million) still deposited in Aave.
According to a post by 0xngmi, founder of DefiLlama, following the hack of KelpDAO, Aave is facing severe pressure in handling bad debt. Currently, there are three potential solutions: First, socializing the loss across all users—this would result in an 18.5% impairment for users, generating approximately $216 million in bad debt. Aave’s Umbrella Insurance could cover $55 million, and the treasury could contribute an additional $85 million, leaving a shortfall of roughly $76 million. Second, executing a “rug pull” on rsETH holders on L2 chains—this would generate approximately $341 million in bad debt, with Arbitrum, Mantle, and Base markets suffering the heaviest losses. Third, returning assets to holders based on a pre-attack snapshot—but this approach is extremely operationally challenging, and even after Umbrella Insurance coverage, an estimated $91 million in losses would remain. Additionally, some suggest confiscating the hacker’s collateral to offset part of the bad debt. Meanwhile, Aave’s OG Security Module still holds approximately $300 million worth of AAVE tokens; applying a 20% reduction would provide an additional ~$60 million in loss coverage.