In 2026, the biggest DeFi robbery, hackers stole one

Written by: Cake, Deep tide TechFlow

 

On the evening of 18 April, at 17:35 (UTC), a wallet washed with Tornado Cash sent a cross-link message to the Rayer Zero EndpointV2 contract。

The semantics of this message are simple: users on a certain chain want to cross rsETH back to the Etherwood host network. Layer Zero was designed to deliver the directive faithfully, as agreed. The bridge contract for Kelp DAO deployed to the main network was also designed to implement the release faithfully。

The 116,500 rsETH, at the current price of approximately $292 million, was transferred to an address controlled by the attackers in a transaction。

The problem is that no one in the other chain has ever saved this rsETH. This "cross-chain request" was forged in vain, RayerZero believed it, and Kelp's bridge believed it。

After 46 minutes, Kelp pressed the pause button for emergency multiple signatures. At this point, the assailants completed the second half of the operation, mortgaged stolen rsETH, which is essentially unattended, into Aave V3, lending some $236 million worth of WeTH。

This was the largest theft of DeFi to date in 2026, with millions more than the Drift agreement that was attacked by Korean hackers on 1 April, but it really cools the back of the industry, not just the amount。

How the attack took place: three times between 17:35 and 18:28 Notes

Revert the timeline。

17:35 UTC, FIRST SHOT。The attackers called the lzreceive function of the Layer Zero Endpoint V2 contract, a wallet supported by Tornado Cash funds, and sent a forged cross-chain data package to Kelp ' s bridge contract. The contract was certified and 116,500 rsETH was released to the attackers ' address. Single pen. Clean。

18:21 UTC, Kelp ' s emergency moratorium on the freezing of rsETH core contracts on the main network and multiple L2。46 minutes from attack。

At 18:26 and 18:28 UTC, the attackers launched two more attempts, each with an additional 40,000 rsETH (approximately $100 million) LayerZero data packs。on both occasions, the contracts had been frozen, but the attackers were apparently still trying to roll away the remaining mobility。

It was almost three hours between first-time success and the issuance of a public statement by Kelp。

Kelp ' s first X post was issued only at 20:10 UTC, with very restrained wording: suspicious cross-chain activities involving rsETH were detected, the main network and several L2 rsETH contracts were suspended, and root cause analysis was being carried out in cooperation with Layer Zero, Unichain, the auditing party and external security experts。

However, earlier than the official statement, the conclusion was reached by ZachXBT, a chain detective who warned on his Telegram channel by 3 p.m. American Eastern time, listed six wallet addresses related to the theft and noted that the assault wallets had been prepared for funding through Tornado Cash before the operation began. He did not name Kelp DAO, but it took the chain analyst hours to connect his address。

This is one timePremeditated, minute-level operationsI don't know. Prefilled wallets, well-structured cross-chain data packs, attacks on the sequence of Aave mortgages, each step of the way is like stepping on a metronome。

You're going to have to do it

If it was a simple breach of the bridge that stole 116,500 rsETHs and then ran, it would be a major accident in 2026. Kelp incurred losses, the community digested for several days and the industry continued。

But the attackers apparently did. The secondary liquidity of rsETH itself was not adequate, with $292 million being thrown directly into DEX for sale, and the slide point would eat a significant portion of the profits. The more elegant way out is to package the "irsETH" in a seemingly decent form and borrow real liquid assets in a loan agreement。

So the attackers took the second step:Store stolen rsETH into Aave V3 as collateral and lend a large amount of WeTH。

Why is this step fatal? Because the Aave contract was at that point in time calculating the value of the collateral according to rsETH ' s prognosis machine price, and the stock on the bridge had been emptied, the economic base of the rsETH was de facto no longer present. Loan agreements are also being issued at the "100 per cent gold" rate, but the collateral is already a blank cheque。

The result is:The attackers transferred the risk of the funds being liquidated to the WeTH reserve in Aave。

Ave V3's WETH reserve is now digesting bad debts, and Solidity Developers and Auditors 0xQuit remind depositors on X that the WETH pool has in fact been damaged and that some withdrawals are likely to recover only after the Umbrella back-up module of Aave has been closed。

The most recent estimate of the scale of bad debts is at $177 million, which is only on the side of the Taifu Master Network。

The first test of a prophecy

For old DeFi players, there is a familiar sense of vision in this section, and when Luna crashed in 2022, Safety Module of Aave V2 played a similar role。

But this time, Umbrella, in late 2025, Aave launched a new generation back-up system to replace the old version of Safety Module, the first major operational stress test of the Umbrella automatic bad debt cover mechanism。

Umbrella ' s logic is straightforward: the aWETH, aUSDC, and GHO atokens are pledged to the corresponding Umbrella vault to generate additional incentives at normal times, but when the counterpart pool is in deficit, this portion of the pledge will be proportionally slashing (reduced) to cover the hole。

The design is beautiful, with Aave v3.3 running for the first month, with a cumulative pool deficit of approximately $400, corresponding to nearly $9.5 billion in outstanding loans, to a small extent almost negligible。

However, $177 million in bad debts is another volume. This is the first time that aweth-to-Umbrella users are actually feeling the weight of the word "taking the risk of slashing." Aave's official statement is very cautious:In the event of bad debts, Aave plans to use Umbrella assets to cover any financial gaps. However, the full coverage, the high proportion of slashing and the reduction of the principal of the pledge would have to be completed before figures could be given。

The original sin of the bridge

More disturbing is the identity of the stolen rsETH。

the rsETH was deployed on more than 20 networks, including Base, Arbitrum, Linea, Blast, Mantle and Scroll, and trans-chain flows were carried out by the OFT standard of LayerZero. The rsETH from the empty bridge is the reserve that supports all the wrapped versions of rsETH on these networks。

At first glance, the design is conventional: the main network vault holds 1:1 reserves, and the holders of rsETH on L2 are theoretically free to go back to the main network at any time. But this mechanism is premised on the fact that there is no one in the world to talk aboutThe vault is richI don't know。

The vault is now 18% empty. Some 18 per cent of Kelp ' s rsETH supply stock lost its counterpart overnight。

This creates a feedback loop: once the holders on L2 are in shock for ransom, the pressure is passed to the unaffected Etherwood supply side, possibly forcing Kelp to release the re-staking position to satisfy the withdrawal request。

Re-staking's off is not about pressing a button. There was a delay in the withdrawal of EigenLayer and a queue for the withdrawal of the bottom Validator. If the rsETH holders on L2 were to rush to the foreclosure window collectively, Kelp might not be in a position to prepare the main network to pay for the ammunition。

This is a fundamental risk to the bridge storage model: the water pressure of all sub-divisions downstream will collapse as long as there is a problem with the main network。Each of the rsETH holders on L2 is making the same choice at this point, whether to run first or trust Kelp to go the bottom

The panic completed the firing of the entire DeFi loan block within hours。

The rsETH markets of Aave V3 and V4 have been frozen and new deposits and rsETH-based lending channels have been closed。

SparkLend, Fluid followed up on freezing the rsETH market。

Ethena, while declaring that it had no rsETH open and maintained more than 101 per cent over-collateralization, suspended as a precautionary measure the Layer Zero OFT bridge, which started with the Taifeng host network, for an estimated six hours, a very interesting reaction: the Layer Zero-related bridge was also stopped by players without direct access。

Lido Finance suspended additional deposits for its earnETH products (as the product contains rsETH convertibles), while stressing that stETH and wstETH were not affected and that the Lido core staking agreement was not relevant to the incident。

Upshift suspended access to the High Growth ETH and Kelp Gain vaults。

The list continues to grow。

Deep tide comment: DeFi is safe

As of this writing, the root cause analysis of Kelp DAO is still ongoing. How many of the stolen rsETHs can be recovered through security teams or white hats? Can Aave's Umbrella stand up to this bad debt? Will the rsETH holder on L2 trigger the run? Can the prices of AAVE and rsETH stand steady by the end of the weekend

But there are some issues that have been highlighted。

FOR EXAMPLE, CAN LRT CONTINUE TO BE A QUALIFIED COLLATERAL FOR A LOAN AGREEMENT

Liquid Restaking Token (movable re-admittance token) was the pet of the eco-ecosystem in the previous cycle. EigenLayer opened the narrative "A ETH for multi-layered gains" and Kelp, other.fi, Puffer and so on industrialization. The final results are:LRT IS INCLUDED IN THE WHITE LIST OF MORTGAGES AS A STRUCTURAL ASSET IN MAJOR LENDING AGREEMENTS。

THIS DECISION IS BASED ON THE ASSUMPTION THAT THE LRT ANCHORING MECHANISM IS ROBUST ENOUGH AND THAT THE MULTILAYERED RISK OF THE BOTTOM ASSET CAN BE SUFFICIENTLY MODELLED AND ISOLATED AT THE SMART CONTRACT LEVEL。

The Kelp incident took one afternoon and the hypothesis was poked into a hole. LRT ' s risk comes not only from the underlying smart contract but also from its cross-chain distribution structure; it also comes not only from a single agreement, but also from every dependency between it and EigenLayer, Layer Zero and Aave。Every building block of De Fluego looks safe, but they put together puzzles, and the risks are multiplied rather than added。

IN THE COMING MONTHS, ALL LENDING AGREEMENTS THAT ALSO INCLUDE LRT AS A HIGH-LEVEL COLLATERAL ARE RE-EVALUATED. THE SUPPLY CEILING WILL BE LOWERED, THE CLEARING BUFFER WILL BE INCREASED AND SOME AGREEMENTS MAY GO DOWN DIRECTLY。

DeFi's moat has been called "comprehensible" but this incident reminds everyone:Combinability is a double-edged sword. You're proud of the cyber effect, the amplifier。

This attacker had planned a way out, not just to steal, but to use DeFi as a weapon, and the greater the dependency between the agreements, the greater the scope of the attack, the more financial highs they could call。

DeFi is safe and still has a long way to go。