News linked to both this project and an event.
Circle Ventures, Consensys, and Joseph Lubin have announced their support for the DeFi United initiative, aimed at mitigating losses caused by the Kelp DAO vulnerability. Circle Ventures is supporting the ecosystem by purchasing AAVE tokens. Consensys and Ethereum co-founder Joseph Lubin have confirmed the provision of 30,000 ETH to DeFi United. To date, DeFi United has raised over 132,000 ETH, with a total value exceeding $300 million. These funds will be used to cover bad debts resulting from an attacker minting unbacked rsETH via the LayerZero bridge and borrowing assets on Aave. Previously, Aave proposed a donation of 25,000 ETH, while Lido DAO, Ether.fi, and Kelp have respectively proposed or pledged donations of 2,500 ETH, 5,000 ETH, and 2,000 ETH.
Odaily报道 According to Ai Yi monitoring, a Galaxy Digital OTC-related address (0x16F...1Fde) has deposited 15,000 ETH, worth $34.74 million, to an exchange. These funds originated from 38,000 ETH withdrawn from Aave a week ago, which was the day when Kelp DAO was attacked, causing Aave to potentially face bad debt.
Kelp DAO released a community update on X, noting that the recent rsETH security incident has remained tense over the past several days. However, with support from partners and the broader community, discussions are progressing in a positive direction, and efforts to identify an appropriate resolution are being accelerated. The guiding principles have already been reflected in initial actions, and subsequent updates will continue along this path, aiming for a win-win outcome for all stakeholders. Over the past four days, the Kelp team has engaged in in-depth communication with partners and other relevant parties. Specific progress includes: the Arbitrum Security Council has taken measures to freeze the stolen funds, and the SEAL 911 emergency response team has swiftly stepped in to conduct preliminary investigations, providing a clear and objective analytical perspective on the incident. While some developments have not yet been fully disclosed, related work continues to advance steadily. Kelp DAO stated that its current priority is safeguarding user assets and strengthening the protocol itself. This incident is also viewed as a critical test—not only for the project but for the broader DeFi ecosystem—and key follow-up developments will continue to be shared via official channels.
According to on-chain analyst Ai Aunt (@ai_9684xtpa), the address 0xb5E…Fc24e deposited a total of 1.397 million UNI tokens—worth approximately $4.6 million—into three exchanges two hours ago. Notably, the Bybit deposit address has had multiple interactions with the DeFi crypto fund DeFiance Capital, which is an investor in both Aave and LayerZero—two entities closely linked to the recent Kelp DAO hack incident.
According to The Block, JPMorgan analysts noted in their latest report that ongoing DeFi security vulnerabilities and stagnant growth in total value locked (TVL) continue to constrain institutional enthusiasm for the DeFi sector. Recently, Kelp DAO’s cross-chain bridge suffered a major attack, during which the attacker minted $292 million worth of uncollateralized rsETH tokens and borrowed real ETH on Aave, resulting in approximately $230 million in bad debt. This caused DeFi TVL to evaporate by roughly $20 billion within several days. LayerZero and blockchain security researchers have attributed this attack to the North Korean hacker group Lazarus Group; some of the stolen funds have been frozen, while the rest remain in circulation. Analysts also pointed out that DeFi TVL denominated in ETH has remained range-bound for an extended period, raising market concerns about whether DeFi can achieve organic growth sufficient to support institutional adoption. Furthermore, following each security incident, users tend to shift funds into USDT as a safe-haven asset—yet this trend has not yet significantly driven USDT’s market capitalization growth.
the Lido team has initiated a proposal, planning to allocate up to 2,500 stETH (approximately $5.8 million) from the DAO to cover the rsETH asset shortfall resulting from the recent attack on Kelp DAO.Lido noted that the LayerZero-based exploit has led to insufficient rsETH reserves, triggering a chain reaction across the DeFi ecosystem, including rising interest rate pressure, tightening lending markets, and certain leveraged strategies facing passive liquidation risks.The proposal emphasizes that these funds will only be used as part of a complete recovery solution, provided that the overall shortfall can be fully addressed.Previously, the approximately $292 million attack on Kelp DAO had already impacted Aave, leading to bad debt issues, and its total value locked (TVL) once declined by nearly $8 billion.
Lido has released an update regarding the Kelp security incident, stating that its Earn-series vaults are working with the management team to address the issue, focusing on two key risk areas: rsETH exposure and tightening liquidity in lending markets. Lido emphasizes that its core staking protocol remains unaffected, and both stETH and wstETH remain secure and stable. Currently, only the EarnETH vault holds approximately 9% of its TVL in rsETH exposure; related deposits and withdrawals have been suspended by the management team pending resolution. Of the ~$70 million in ETH stolen in the earlier attack, roughly $70 million has already been recovered; asset recovery and loss allocation efforts are ongoing. To mitigate liquidity pressure, the management team has reduced leverage and optimized position structures, significantly decreasing wETH debt exposure. Should losses ultimately materialize, EarnETH will activate its $3 million “first-loss protection mechanism,” funded by the DAO. Other vaults remain unaffected: DVV and EarnUSD are operating normally. The GGV sub-vault is currently experiencing negative yields due to a combination of recursive staking strategies and rising borrowing rates, but active adjustments are underway. Users’ previously submitted withdrawal requests will be processed at pre-incident valuations.
According to Natalie Newson, Senior Blockchain Investigator at CertiK, real-time deepfakes, phishing attacks, supply-chain compromises, and cross-chain vulnerabilities will be the primary drivers of cryptocurrency hacks in 2026. So far this year, the industry has lost over $600 million to hacking incidents—including the $293 million Kelp DAO exploit and the $280 million theft from Drift Protocol in April—both linked to a North Korean hacker group. Newson warns that the accelerated advancement of AI will make attack methods increasingly sophisticated, including more realistic deepfakes, autonomous attack agents, and “agent AIs” capable of automatically scanning smart contracts for vulnerabilities. However, AI can also serve as a defensive tool. CertiK advises investors to verify URL authenticity and store assets in cold wallets to mitigate risk.
According to on-chain analyst PeckShield (@PeckShieldAlert), the KelpDAO attacker has transferred ETH from Ethereum to Arbitrum via the Across Protocol, swapped it for USDT, and then routed the funds to TRON DAO via LayerZero.
Odaily News Wall Street investment bank Jefferies' analysis indicates that the approximately $293 million attack on Kelp DAO on April 18 exposed critical infrastructure risks, which may prompt traditional financial institutions to reassess the pace of blockchain and tokenization advancement.Jefferies believes the attacker triggered market sell-offs and liquidity stress by minting unbacked tokens and borrowing across platforms. The incident is suspected to be potentially linked to the Lazarus Group and also highlights the single point of failure in the validation mechanisms of cross-chain bridges. As institutions accelerate the tokenization of assets (such as funds, bonds, and deposits), related risks may cause some banks and asset management firms to temporarily pause deployments, prioritizing a review of system security. Especially in scenarios reliant on cross-chain infrastructure, security vulnerabilities could lead to market fragmentation, undermining the practical utility of tokenized assets.Despite short-term confidence being shaken, Jefferies still emphasizes that the long-term trend remains unchanged. Against the backdrop of regulatory progress and continuous infrastructure improvement, use cases like stablecoins still hold growth potential. However, the industry as a whole is still in its early development stage and requires time to enhance system robustness. (CoinDesk)
According to Cointelegraph, DefiLlama data shows that there have been 518 hacking incidents in the crypto space over the past decade, resulting in cumulative losses exceeding $1.7 billion. A significant portion of these losses stemmed from private key leaks, phishing attacks, and other credential-based attacks. As smart contract security continues to improve, attackers are increasingly shifting their focus toward wallet security, signature infrastructure, development tools, and user operations. Recently, Kelp DAO’s rsETH cross-chain bridge was attacked, with approximately 116,500 rsETH tokens stolen—valued at roughly $290–293 million at the time of the incident.
According to monitoring by PeckShield, the Kelp DAO attacker transferred 30,765 ETH (approximately $70.92 million) to a special address starting with 0x00000, suspected to be a burning action.
Odaily News Kelp DAO officially posted on X regarding the follow-up on the theft incident, stating that the cause was the compromise of two RPC nodes hosted by LayerZero, while the third RPC node suffered a DDoS attack. This was an attack targeting LayerZero's infrastructure; Kelp's own systems were not involved in the construction or operation of this infrastructure.The 1/1 DVN configuration is the scheme documented in LayerZero's documentation and is the default setting for all new OFT deployments. Kelp has been operating on LayerZero's infrastructure since January 2024 and has maintained open communication with the LayerZero team. During Kelp's expansion to Layer2, the DVN configuration was discussed, and the default configuration was explicitly confirmed as appropriate at that time.Kelp's current top priority is to protect user interests and prevent risks from spreading within the DeFi ecosystem. The team is collaborating with various parties in the ecosystem to analyze the impact, seek support, and explore all possible mitigation solutions.
Odaily News Lido posted on platform X stating that on April 18th, the Kelp cross-chain bridge was attacked, resulting in the theft of approximately 116,500 rsETH (worth about $292 million). Subsequently, the related assets were frozen on lending markets such as Aave.Its treasury product EarnETH has approximately a 9% risk exposure (about $21.6 million) through leveraged rsETH/ETH positions on Aave. Meanwhile, rising borrowing utilization is creating cost pressure on other strategies. The team is advancing deleveraging and reducing overall risk.Lido pointed out that the final impact of the rsETH positions depends on the subsequent handling by Kelp, LayerZero, and Aave, including loss sharing, asset recovery, and bad debt processing.Regarding risk mitigation, EarnETH can, if necessary, activate a $3 million "first-loss protection mechanism" (provided by the DAO treasury) to cover losses. The specific scale of its use is still pending further evaluation. Currently, the treasury has suspended deposits and withdrawals to ensure fairness and complete loss assessment. If the handling process is slow, redemption channels may be reopened based on the worst-case loss expectations.The official emphasized that stETH and wstETH are unaffected, and the core staking protocol was not involved in this incident.
According to an official Lido tweet, on April 18, 2026, attackers stole 116,500 rsETH (approximately $292 million) from the Kelp cross-chain bridge. Lending platforms including Aave subsequently froze the rsETH market. Lido’s EarnETH treasury holds approximately 9% exposure to rsETH (roughly $21.6 million) via leveraged positions on Aave; deposits and withdrawals are currently suspended. The EarnETH team is actively reducing leverage and mitigating risk; the final loss amount will depend on subsequent decisions by Kelp, LayerZero, and Aave. The Lido DAO treasury has a $3 million “first-loss protection mechanism,” which may be activated—via burning DAO treasury shares—as needed. Lido’s core staking protocol, as well as stETH and wstETH, remain unaffected by this incident.
According to CoinDesk, Kelp DAO will dispute LayerZero’s explanation of the $290 million rsETH cross-chain bridge vulnerability, stating that the compromised single-validator configuration relied on LayerZero’s own infrastructure and that this setup was part of LayerZero’s default integration—rather than a custom choice by Kelp DAO violating recommended practices. The attacker stole approximately 116,500 rsETH by compromising the servers LayerZero used to verify cross-chain transactions and disrupting its fallback nodes. Kelp DAO emphasized that the incident affected only the LayerZero-based bridging layer, leaving its core liquidity re-staking contracts unimpacted. LayerZero subsequently responded by announcing it would cease signing messages for any applications using a single-validator configuration and would mandate secure migration.
According to a post by 0xngmi, founder of DefiLlama, following the hack of KelpDAO, Aave is facing severe pressure in handling bad debt. Currently, there are three potential solutions: First, socializing the loss across all users—this would result in an 18.5% impairment for users, generating approximately $216 million in bad debt. Aave’s Umbrella Insurance could cover $55 million, and the treasury could contribute an additional $85 million, leaving a shortfall of roughly $76 million. Second, executing a “rug pull” on rsETH holders on L2 chains—this would generate approximately $341 million in bad debt, with Arbitrum, Mantle, and Base markets suffering the heaviest losses. Third, returning assets to holders based on a pre-attack snapshot—but this approach is extremely operationally challenging, and even after Umbrella Insurance coverage, an estimated $91 million in losses would remain. Additionally, some suggest confiscating the hacker’s collateral to offset part of the bad debt. Meanwhile, Aave’s OG Security Module still holds approximately $300 million worth of AAVE tokens; applying a 20% reduction would provide an additional ~$60 million in loss coverage.
Odaily News: A LayerZero cross-chain bridge related to Kelp DAO was hacked on Saturday, resulting in 116,500 rsETH worth $291 million flowing to a new wallet. The hacker used the illicitly obtained rsETH as collateral to borrow on Aave, causing the utilization rate of Aave's core lending pool to reach 100% and triggering a liquidity crunch. According to monitoring by 0xngmi, as of early Sunday, the net withdrawal amount from Aave had reached $6.2 billion. Kelp DAO has suspended the rsETH contracts on the Ethereum mainnet and several L2 networks. Affected by this, the price of the Aave token fell 16% to $90.13, and the price of Ethereum dropped 2% to $2,300. Currently, Justin Sun has posted on platform X attempting to negotiate with the hacker.
According to a post by Lido, the Lido Earn team is aware of the developments regarding the Kelp DAO exploit, and earnETH has exposure to rsETH. As a precautionary measure, additional deposits to earnETH have been paused while the situation is being assessed with relevant partners. More details will be announced later.
According to on-chain analyst Onchain Lens (@OnchainLens), Kelp DAO lost approximately $294 million in the cross-chain bridge exploit. As a result, $ZRO dropped from $2 to $1.40. A whale holding a long $ZRO position on HyperLiquid was partially liquidated, incurring a loss of $2.88 million. The whale still holds the position, with an unrealized loss exceeding $750,000 and a total loss of approximately $28.98 million.