Kelp DAO has announced the completion of its comprehensive recovery efforts for rsETH, its liquid restaking token. This milestone arrives roughly five weeks after a significant exploit that had been reported initially on April 18, 2026, that saw approximately 116,500 to 117,132 rsETH tokens—valued at around $292 million—unauthorizedly released through a vulnerability in the protocol’s LayerZero-powered bridge adapter.
The incident, widely attributed to North Korea-linked actors such as the Lazarus Group, involved the forgery of a cross-chain message that allowed the minting of unbacked rsETH without corresponding burns on the source chain.
Attackers then leveraged the stolen tokens as collateral on major lending platforms like Aave and Compound, generating substantial bad debt estimated in the hundreds of millions across multiple positions on Ethereum and Arbitrum.
This event triggered widespread market disruptions, including liquidity strains and temporary pauses in related DeFi operations.
In response, a collaborative effort known as DeFi United—comprising various protocols, notably led by involvement from Aave—mobilized swiftly. Contributors pooled over $300 million in ETH commitments to backstop the affected token.
The recovery strategy unfolded along parallel tracks: staged deposits of ETH converted into rsETH and injected into the bridge’s lockbox contract (RSETH_OFTAdapter) to restore full collateralization at the prevailing exchange rate of approximately 1.07 ETH per rsETH, alongside coordinated liquidations to reclaim value from the attacker’s leveraged positions.
Key operational steps included burning the exploiter’s compromised rsETH holdings on Arbitrum, which cleared residual risks.
Refilling occurred progressively over about two weeks, with tranches released from recovery safes managed by Aave’s Recovery Guardian and Kelp’s own reserves.
The final installment of roughly 20,374 rsETH was transferred to the relevant smart contract on May 25 or 26, pushing the backing ratio above 100% and officially closing the active phase of the restoration.
This coordinated action enabled the gradual reopening of bridging, deposits, withdrawals, minting, redemptions, and reward distributions.
Kelp DAO also implemented strengthened security measures, such as requiring multiple attestors for verifications and increasing block confirmations, while planning a full migration away from LayerZero’s OFT standard to Chainlink’s CCIP for enhanced robustness.
The swift industry-wide response highlights DeFi’s maturing capacity for self-healing without centralized intervention.
It mitigated broader contagion, though Aave experienced a notable dip in total value locked, dropping from peaks above $26 billion amid outflows before stabilizing.
Holders on bridged chains may have faced selective impacts, but mainnet rsETH remained largely protected.
Analysts generally view the incident as a clear reminder of ensuring proper bridge security, single-point verifiers, and cross-protocol dependencies, yet the outcome underscores the ecosystem’s resilience through collective governance and capital commitments. With operations normalized and backing restored, Kelp DAO positions itself for potential growth in the liquid restaking space.