The Kelp DAO and LayerZero bridge exploit that took place over the weekend has left lending protocol Aave with potential losses of up to $230 million, depending on how the situation is resolved.
The incident, according to a report by Aave Labs and service provider LlamaRisk published on Aave’s governance forum, centers on rsETH, a liquid restaking token issued by KelpDAO. To move rsETH between blockchains, the protocol relies on a bridging mechanism that locks tokens on one chain while issuing equivalent copies on another.
An attacker exploited this setup by forging a transfer message that appeared valid. The system approved the transfer even though the tokens were never taken out of the sending chain, meaning new tokens were effectively created without backing, releasing 116,500 rsETH from the Ethereum side bridge.
Instead of selling the assets on the open market, the attacker deposited 89,567 rsETH into Aave as collateral and borrowed about $190 million in ETH and related assets across Ethereum and Arbitrum, according to the report. This made Aave exposed to collateral, the support of which may be significantly impaired.
Aave Labs said it moved quickly to limit the risk. Within hours, the protocol froze the rsETH markets across its deployments, setting the leverage ratio to zero and halting new borrowing against the asset.
The result now largely depends on how Kelp handles the shortage. If losses are spread across all rsETH holders, the token will face an estimated 15% depegging (meaning the value of the staked tokens will not match the value of actual ETH), resulting in around $124 million in bad debt to Aave. If losses were instead isolated to Layer 2 networks, the impact would be far more severe, with bad debt rising to around $230 million and concentrated on networks like Arbitrum and Mantle.
The exploit stemmed from weaknesses in how Kelp verified cross-chained messages using LayerZero. By manipulating this process, the attacker was able to make certain assets appear fully supported when they were not, allowing them to extract value from the system. LayerZero itself wasn’t directly hacked, but its messaging layer exposed faulty assumptions about how Kelp validated data across chains.
The incident raised concerns that some positions on Aave were backed by collateral that was mispriced or no longer fully covered, increasing the risk of undersecured loans.
In response, users moved to reduce exposure. About $6 billion in total value locked up was withdrawn from Aave after the incident, reflecting a broad withdrawal as participants reacted to the uncertainty.
The episode highlighted its indirect exposure to external systems. The impact was felt through increased collateralization, pressure on lending positions and a sharp drop in deposits as users reassessed the security of interconnected DeFi infrastructure.
The report said its DAO fund holds approximately $181 million in assets and that discussions are underway with ecosystem participants to address potential losses. Kelp has yet to outline how it plans to allocate losses, leaving Aave’s ultimate exposure uncertain as the situation continues to evolve.
Read more: Kelp DAO Claims LayerZero’s ‘Default’ Settings Are What Actually Caused Massive $290M Disaster
