The Kelp DAO and LayerZero bridge exploit that occurred over the weekend has left lending protocol Aave facing potential losses of up to $230 million, depending on how the situation is resolved.
The incident, according to a report from Aave Labs and service provider LlamaRisk posted on the Aave governance forum, centers on rsETH, a liquid takeover token issued by KelpDAO. To move rsETH between blockchains, the protocol relies on a bridging mechanism that locks tokens on one chain while issuing corresponding copies on another.
An attacker exploited this configuration by forging a transfer message that appeared to be valid. The system approved the transfer even though the tokens were never removed from the sending chain, meaning new tokens were effectively created without support, releasing 116,500 rsETH from the bridge on the Ethereum side.
Rather than selling the assets on the open market, the attacker deposited 89,567 rsETH into Aave as collateral and borrowed approximately $190 million in ETH and associated assets on Ethereum and Arbitrum, according to the report. This left Aave exposed to collateral whose support may be significantly compromised.
Aave Labs said it acted quickly to contain the risk. Within hours, the protocol froze rsETH markets across all of its deployments, set loan-to-value ratios at zero, and halted new borrowing on the asset.
The outcome now largely depends on how Kelp manages the deficit. If the losses are distributed among all rsETH holders, the token would face an estimated 15% reduction (meaning the value of tokens staked would not match the value of actual ETH), resulting in approximately $124 million in bad debt for Aave. If losses were instead limited to Layer 2 networks, the impact would be much more severe, with bad debts totaling approximately $230 million and concentrated on networks such as Arbitrum and Mantle.
The exploit stems from weaknesses in how Kelp verifies cross-chain messages using LayerZero. By manipulating this process, the attacker was able to make certain assets appear fully collateralized when they were not, allowing them to extract value from the system. LayerZero itself was not directly hacked, but its messaging layer exposed flawed assumptions about how Kelp validated cross-chain data.
The incident raised concerns that some positions on Aave were backed by collateral that was mispriced or no longer fully collateralized, increasing the risk of undercollateralized loans.
In response, users decided to reduce their exposure. About $6 billion in total value locked was withdrawn from Aave following the incident, reflecting a broad pullback as participants reacted to the uncertainty.
The episode highlighted his indirect exposure to external systems. The impact was felt through increased collateral risk, pressure on lending positions, and a sharp drop in deposits as users reassessed the security of interconnected DeFi infrastructure.
The report states that its Treasury DAO holds approximately $181 million in assets and that discussions are ongoing with ecosystem participants to address potential losses. Kelp has yet to explain how he plans to distribute losses, leaving Aave’s ultimate exposure uncertain as the situation continues to evolve.
Read more: Kelp DAO claims LayerZero ‘default’ settings caused massive $290 million disaster.
