KelpDAO Hit by Major Exploit Exceeding $280 Million in Losses
We have always followed the principles of transparency and clear information. Some of our content includes affiliate links, and we may earn a small commission through these partnerships. These partnerships do not influence our editorial independence or opinion. By using our site, you accept our privacy policy and terms and conditions.
Financial services expert with over three years of experience monitoring cryptocurrency markets and blockchain innovation. Passionate about digital assets and the decentralized future.
Cryptocurrency is a high-risk asset class, and investing carries significant risk, including the potential loss of some or all of your investment. The information on this website is provided for informational and educational purposes only and does not constitute financial, investment, or gambling advice. Cryptowinx does not endorse any specific exchange or gaming platform. For more details, please read our terms and full disclaimer.
Cryptowinx navigates the digital asset universe with a dynamic, forward-looking vision. Throughout our evolution, we have followed every market cycle, from vertical rises to corrections, always remaining a solid point of reference for our community. Our team is made up of industry experts and analysts who experience the blockchain ecosystem daily: we constantly monitor Bitcoin’s stability, study the expansion of the Ethereum ecosystem, and analyze the new frontiers of crypto casinos. We are committed to absolute editorial integrity, separating the signal from the noise through rigorous fact-checking and multi-perspective news analysis. In a landscape where innovations emerge in moments, our mission is to simplify complex concepts and offer transparency into what is established and what is still experimental.
Learn more Cryptowinx
On April 18, 2026, the decentralized finance (DeFi) sector faced a significant setback as an exploit targeting KelpDAO’s rsETH liquid restaking token reportedly led to losses surpassing $280 million across Ethereum and Arbitrum. The news came from blockchain investigator ZachXBT, who alerted the community around 3 p.m. ET via his Telegram channel.
While ZachXBT did not name KelpDAO explicitly in his initial warning, he highlighted six wallet addresses linked to the exploit. It was noted that these wallets had been funded through Tornado Cash prior to the incident, a method often employed by attackers to obfuscate their identities.
The exploit appears to have stemmed from a flaw in KelpDAO’s infrastructure concerning the rsETH token, allowing a malicious actor to extract a large quantity of the token without sufficient collateral. This exploit enabled the attacker to deposit the obtained rsETH into Aave V3 lending markets on both Ethereum and Arbitrum, where they secured substantial loans in ETH and other assets.
Subsequently, doubts arose regarding the validity of these collateral positions, leaving Aave exposed to bad debt. Estimates suggest that losses could be between $100 million and $293 million, equating to around 116,500 rsETH at current valuations.
In the wake of the incident, the AAVE token’s value plummeted by approximately 10 to 13%, reflecting investor concern over potential bad debt exposure in the protocolβs lending ecosystem. To mitigate risks, the AAVE multisig guardian responded by freezing rsETH on lending platforms.
The KelpDAO incident serves as a stark reminder of the risks associated with liquid restaking tokens, which can be leveraged as collateral across multiple lending markets. This vulnerability allows losses to propagate rapidly throughout the DeFi landscape.
Analysis of the identified attacker wallets revealed substantial holdings of ETH on Aave and Compound, with one wallet alone containing about $120 million in ETH at the time of the incident. Following the exploit, the stolen funds were promptly shifted to obscure their trail.
The use of Tornado Cash to fund attacker wallets before executing such exploits is a calculated strategy to disguise the origins of stolen funds, underscoring the premeditated nature of the operation.
As of late afternoon on April 18, no official confirmation from KelpDAO about the exploit had been released. The community remained vigilant, anticipating updates through the project’s X account and website, as well as Aave’s governance channels to address potential emergency measures.
DeFi security firms, including Peckshield and Slowmist, had not produced detailed analyses at the time of this report, highlighting the swift evolution of this situation. Nevertheless, it was evident from the overlapping addresses that linked the attack to KelpDAO.
This incident is part of a broader pattern of vulnerabilities within the DeFi sector, where both small and large-scale exploits can have a cascading impact on market stability and investor confidence. The ongoing monitoring of the identified wallets continues as analysts strive to trace the movement of the compromised funds.
Leave the reaction
Gregory Russell
Commentaries
Add your comment
Fill in necessary fields and publish