KelpDAO Suffers $292M rsETH Exploit, Triggers DeFi Contagion
On March 25, 2025, KelpDAO suffered an exploit, losing approximately 116,500 rsETH tokens, valued at $292-294 million, representing about 18% of rsETH's total circulating supply. The attacker exploited a LayerZero bridge vulnerability by forging an lzReceive call, minting fake, unbacked $rsETH tokens. This incident echoes past cross-chain bridge exploits like Wormhole and Ronin Bridge.
The attacker utilized the illicitly obtained $rsETH as collateral on the Aave protocol to borrow real $ETH. Across the broader DeFi market, total TVL declined by nearly $10 billion in two days, from $99.497 billion to $86.286 billion.
Aave confirmed $rsETH on Ethereum mainnet remained fully backed but froze $rsETH across its V3 and V4 deployments, and WETH reserves across Ethereum, Arbitrum, Base, Mantle, and Linea to cap exposure. The price of $rseth experienced a 25.2% decline over 24 hours and a 20.7% decline over seven days.
Aave Protocol Incurs $280M Bad Debt, Freezes $5.4B ETH
The Aave protocol incurred $280 million in unrecoverable debt, attributed to 'bad collateral' from the KelpDAO exploit, leading to the freezing of $5.4 billion in $ETH withdrawals. Aave's Total Value Locked (TVL) declined by $8.45 billion in 48 hours, reaching $17.947 billion from its previous $26.3 billion. The $AAVE token price fell 17%, from $111 to $92. Core markets on Aave reached 100% utilization, rendering approximately $3 billion in $USDT and $2 billion in $USDC temporarily unwithdrawable.
Discussions to address the debt include proposals for socializing losses across users, involving an 18.5% haircut on approximately $216 million in bad debt. Proposed coverage includes $55 million from Umbrella and $85 million from the Aave treasury, leaving a $76 million gap.
Justin Sun Negotiates with Hacker; LayerZero Operations Paused
Justin Sun initiated direct negotiations with the individual responsible for the KelpDAO exploit. Sun publicly addressed the hacker, offering a reward and stating the stolen funds would be challenging to spend. KelpDAO will assist in facilitating these discussions.
Following the incident, TRON DAO paused its LayerZero bridge operations. Curve Finance also halted its LayerZero infrastructure, affecting $CRV bridging and the $crvUSD fast bridge. Ethena paused its LayerZero bridge, confirming its $5.63 billion $USDe backing despite the exploit affecting $rsETH-linked DeFi systems.
Takara and Unitas Labs confirmed no exposure to $rsETH. Polygon also confirmed its chain, AggLayer, and broader ecosystem remained unaffected.