The liquidations, executed on May 6, targeted eight positions spread across Aave's Ethereum Core and Arbitrum deployments. The protocol expects to recover approximately 12,323 WETH through this process. Because the attacker's collateral consisted entirely of unbacked rsETH (Kelp's liquid restaking token) that was still priced at market value, Aave's normal liquidation triggers could not fire automatically. To work around this, Aave governance voted to temporarily lower the oracle price reported for rsETH, artificially pushing the attacker's collateral ratio below the liquidation threshold. All oracle changes were scoped to the recovery sequence and are set to be fully reversed once the process is complete.

The recovery plan, developed by a cross-protocol coalition called DeFi United, routes the seized rsETH to a dedicated multisig wallet managed by the group, where it is redeemed for ETH through Kelp DAO's standard withdrawal mechanism and applied against an estimated $246 million in outstanding market deficits. Aave warned in its technical documentation that active interference by the attacker could complicate this process: "Deliberate interference by the attacker could result in incomplete deficit accrual, requiring additional liquidation steps," the protocol stated.

How the Exploit Unfolded

At 17:35 UTC on April 18, an attacker forged a cross-chain message on Kelp's LayerZero V2 bridge connecting Unichain to Ethereum. The fake message was verified by a single Decentralised Verifier Node, or DVN, with no corresponding asset burn on the source chain. This tricked Kelp's Ethereum adapter into releasing 116,500 rsETH, roughly 18% of the token's circulating supply at the time. Security firm Halborn attributed the root vulnerability to Kelp's use of a 1-of-1 DVN configuration, meaning one verifier was the only check on cross-chain messages. Hackers, widely attributed to North Korea's Lazarus Group by both Halborn and Chainalysis, compromised two RPC nodes feeding that verifier, injected fraudulent messages, and then flooded legitimate nodes with traffic to force a failover to the poisoned ones.

Malware erased itself and deleted log files after execution.

Within 46 minutes, the attacker deposited 89,567 rsETH as collateral across Aave V3 markets and then borrowed roughly $190 to $236 million in ETH and wrapped staked ETH across Aave, Compound, and Euler.

Aave's TVL fell approximately $6.6 billion in 29 hours, a drop of 41.1%. Glassnode Research described the exploit as having triggered "the largest confidence-driven liquidity event in Aave's operational history." The AAVE token fell approximately 21%, from $115 to $90, during this period. WETH pool utilisation on Aave reached 100% within 1.4 hours. Stablecoin borrowing rates on USDT and USDC on Aave V3 jumped from 3.4% to 14%.

Across DeFi broadly, total value locked contracted by around $13.2 billion within 48 hours.

A Coalition Response, and a Legal Fight

Aave led the formation of DeFi United, a recovery coalition that drew in EtherFi, Lido, Mantle, Ethena, Consensys, the Ink Foundation, the Golem Foundation, and Aave founder Stani Kulechov, among others. Mantle contributed a 30,000 ETH credit facility, the largest single named commitment from the group and a structurally distinct arrangement from the pledges made by other members.

Total ETH commitments from the group exceeded $320 million, surpassing the estimated $230 million shortfall by roughly 39%. The Arbitrum Security Council separately froze 30,766 ETH (approximately $71 million) directly from the attacker's Arbitrum addresses on April 21. On May 4, Aave filed an emergency motion in US District Court in New York to unfreeze those funds, arguing they belong to protocol users rather than to any judgment debtor named in the related restraining notice. A restraining notice is a legal instrument through which a court prohibits a named party from accessing or transferring specific assets pending resolution of a claim.

A Bengaluru Team, a Global Blowback

Kelp DAO was founded in Bengaluru by Amitej Gajjala and Dheeraj Borra, both of whom previously co-founded Stader Labs, another liquid staking protocol. Gajjala previously served as AVP at Swiggy and Zapr Media Labs; Borra previously worked as an engineer at LinkedIn, Blend Labs, and PayPal.

By the scale of on-chain damage, this incident is the most consequential security failure to originate from an Indian DeFi team.

The dispute over who bears responsibility for the 1-of-1 DVN setup carries particular weight for South Asian teams integrating cross-chain infrastructure. LayerZero stated the configuration "directly contradicts" its recommended multi-DVN model and has since banned 1-of-1 setups entirely. LayerZero also asserted that its protocol "functioned exactly as intended," and separately alleged that Kelp had originally deployed a multi-DVN configuration and then manually downgraded to the vulnerable 1-of-1 setup.

Kelp countered that a LayerZero team member had said "No problem on using defaults either" over two and a half years and eight integration discussions.

Security researcher Sujith Somraaj had previously flagged the 1-of-1 DVN flaw to LayerZero's bug bounty program and been rejected.

At the time of the exploit, 47% of approximately 2,665 active LayerZero application contracts used the same vulnerable configuration, putting over $4.5 billion at risk across the wider ecosystem.

What Comes Next

Kelp has since migrated rsETH from LayerZero's OFT standard to Chainlink's CCIP (Cross-Chain Interoperability Protocol), which uses a multi-node verification model.

For protocols in South Asia, Africa, and other regions where teams often build with limited security budgets, post-incident analysis of the Kelp DAO exploit has identified dependence on vendor-supplied configuration defaults, without independent security review, as a central contributing factor.

rsETH is currently trading at approximately $2,420 with a market cap near $1.53 billion. Multiple lending markets froze rsETH in the aftermath of the exploit, and SparkLend deprecated it as collateral in January 2026, reflecting the disruption to the token's standing in DeFi lending infrastructure as the broader recovery sequence concludes.

The DeFi United coalition's governance-driven approach, combining oracle adjustments, multisig-managed redemptions, and cross-protocol coordination, may serve as an operational template for future incidents where legal remedies against state-sponsored actors remain out of reach.