Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
Gate MCP
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
#AaveLaunchesrsETHRecoveryPlan
DEFI'S BIGGEST CRISIS OF 2026 AND THE INDUSTRY-WIDE RESCUE THAT FOLLOWED
THE HACK THAT SHOOK THE FOUNDATION OF DEFI
April 18, 2026 will be remembered as one of the darkest days in the history of decentralized finance. An attacker exploited Kelp DAO's LayerZero-powered bridge to drain 116,500 rsETH — about 292 million dollars and roughly 18 percent of the token's circulating supply — triggering an emergency pause of core contracts. Because the bridge held reserves backing rsETH on more than 20 networks, the loss raised immediate doubts about the backing of rsETH on layer 2s and sparked a wave of market freezes by protocols including Aave, SparkLend, and Fluid.
The attack was neither random nor unsophisticated. Preliminary indicators suggest attribution to North Korea's Lazarus Group, specifically TraderTraitor. Crucially, this was not a smart contract hack, but a sophisticated attack on off-chain infrastructure — the attackers compromised internal RPC nodes and DDoS'd external nodes to feed false data to a single-point-of-failure verification network. This tricked the Ethereum contract into releasing funds based on a phantom token burn on the source chain.
In less than an hour, one of the most complex and coordinated heists in blockchain history had been executed — and the damage would ripple far beyond KelpDAO itself, landing squarely on the books of the world's largest DeFi lending protocol, Aave.
---
HOW THE ATTACK ACTUALLY WORKED: A 46-MINUTE MASTERCLASS IN CHAOS
To understand the scale of the crisis, one must understand the mechanics of the attack with precision. The exploit unfolded in phases over approximately 46 minutes, starting at 18:52 UTC on April 18, 2026. The attacker exploited a flaw in KelpDAO's LayerZero bridge configuration — specifically, the 1-of-1 DVN (single signer verification) that validated cross-chain messages. The attacker didn't hack the blockchain itself — they manipulated the message verification system that tells one chain the token exists on another.
The operational sophistication of the attack was extraordinary. The modified nodes fed forged data to the LayerZero DVN while continuing to return truthful data to other systems querying them, including monitoring services. They were also engineered to self-destruct once the window for the attack closed, wiping malicious binaries, logs, and configurations behind them. A simultaneous Distributed Denial of Service attack was launched against external RPC nodes, forcing the DVN to rely on compromised internal nodes.
Kelp's emergency multisig froze the protocol's core contracts 46 minutes after the successful drain. Two follow-up attempts also failed, each attempting an additional large-scale drain. The attackers were methodical, prepared, and operating at a level consistent with state-sponsored capability.
---
THE BLAME GAME: KELPDAO VS LAYERZERO
Almost immediately after the exploit became public, a dispute erupted between KelpDAO and LayerZero over responsibility. LayerZero stated that the affected configuration relied on a 1-of-1 DVN setup, which contradicts recommended multi-verifier security practices.
KelpDAO pushed back, arguing the compromised infrastructure belonged to LayerZero itself and that similar configurations were widely used across the ecosystem. The disagreement spread rapidly across the crypto space, while hundreds of millions in user funds remained compromised.
---
AAVE: THE COLLATERAL VICTIM OF A FOREIGN EXPLOIT
While others debated responsibility, Aave faced the financial impact. The attacker borrowed over 82,600 ETH — approximately 195 million dollars — using stolen rsETH as collateral, creating significant bad debt.
Aave confirmed its own systems were not compromised, but the impact was immediate. Users withdrew massive liquidity, leading to around 10 billion dollars in outflows and a sharp decline in total value locked. Market confidence dropped, forcing urgent action.
---
DEFI UNITED: THE RESCUE COALITION ASSEMBLES
What followed was unprecedented. A coordinated industry-wide recovery effort, known as DeFi United, emerged to stabilize the ecosystem and restore confidence.
Major contributors pledged support. Combined commitments reached tens of thousands of ETH, including contributions from protocols, companies, and individual leaders in the space. The initiative aimed to restore rsETH backing and protect affected users.
This marked a rare moment of unity in decentralized finance — a collective response backed by real capital.
---
THE 25,000 ETH PROPOSAL: AAVE DAO GOES TO GOVERNANCE
The central pillar of the recovery plan is a governance proposal for Aave DAO to contribute 25,000 ETH from its treasury.
The proposal includes structured conditions and dependencies, including reopening withdrawals, restoring bridge operations, and releasing frozen funds. It also allows the use of treasury assets and future revenue as part of the recovery framework.
This represents one of the largest coordinated recovery commitments in DeFi history.
---
MANTLE'S LIFELINE: A STRUCTURED CREDIT FACILITY
Alongside direct contributions, Mantle proposed a credit facility of up to 30,000 ETH to support Aave.
The facility includes structured repayment terms, interest linked to staking yields, and collateral requirements tied to protocol revenue and governance tokens. This mechanism provides long-term financial flexibility instead of forcing immediate liquidation.
---
THE ARBITRUM FROZEN FUNDS: A CRITICAL PIECE
A key component of the recovery is approximately 30,766 ETH frozen by Arbitrum's Security Council.
A proposal has been introduced to redirect these funds into the recovery pool. However, governance timelines may delay access, creating uncertainty around how quickly funds can be deployed.
---
WHERE THE NUMBERS STAND: PROGRESS BUT NOT COMPLETE
By late April 2026, approximately 160 million dollars has been raised toward covering the losses, with a remaining gap still to be filled.
The recovery effort continues, with progress dependent on governance approvals, fund releases, and execution of pledged contributions.
---
THE BIGGER LESSON: DEFI'S STRUCTURAL WEAKNESS
This crisis highlights a fundamental issue in decentralized finance — cross-chain bridge vulnerabilities.
The exploit was not due to a flaw in smart contracts, but in the verification systems that enable cross-chain communication. These systems remain one of the weakest points in DeFi infrastructure.
The industry has responded with upgrades and stricter security practices, but the broader challenge remains unresolved.
Aave has spearheaded a massive recovery initiative dubbed "DeFi United" to address the $292 million rsETH shortfall created by the KelpDAO bridge exploit, bringing together major DeFi protocols in an unprecedented show of industry solidarity.
The Incident:
On April 18, 2026, Kelp DAO suffered a devastating $292 million bridge exploit that turned its widely-used rsETH (restaked ETH) token from a trusted collateral asset into a source of systemic protocol risk. The attack, attributed to North Korean hacking group TraderTraitor, targeted Kelp's cross-chain bridge infrastructure.
Attack Details:
- Total stolen: $292 million in cryptocurrency
- Additional blocked attack: 40,000 rsETH (-$95 million)
- Method: Exploitation of 1-of-1 verifier configuration
- Primary target: Cross-chain bridge validation process
The DeFi United Recovery Plan:
Rather than allowing the exploit to cascade through DeFi ecosystems, Aave launched "DeFi United" - a coordinated recovery effort involving major industry players committed to restoring rsETH backing and preventing systemic contagion.
Key Participants:
- Aave: Leading the recovery initiative
- Lido: Major liquid staking provider
- EtherFi: Restaking protocol
- Ethena: Synthetic dollar protocol
- Other major DeFi protocols: Contributing to relief fund
Aave's Commitment:
Aave founder and CEO Stani Kulechov has made a personal commitment of 5,000 ETH to the relief fund, demonstrating leadership accountability. The Aave DAO is also considering a substantial 25,000 ETH treasury contribution to help restore Kelp DAO's rsETH backing.
Immediate Protocol Response:
Following the exploit, Aave took decisive action to contain risk:
April 18, 2026:
- Froze rsETH markets across all instances
- Prevented new borrows against rsETH collateral
- Activated emergency protocols
April 19, 2026:
- Froze WETH markets on several instances
- Adjusted interest rates on non-Core markets
- Implemented WETH interest rate adjustments on Core markets
- Monitored fallout from rsETH incident
The Attacker's Aave Strategy:
In a surprising twist, rather than immediately dumping the stolen rsETH, the attacker deposited nearly 90,000 rsETH into Aave as collateral across Ethereum and Arbitrum networks. This allowed them to borrow approximately $190 million in ETH and other assets, creating complex liquidation scenarios.
Recovery Scenarios:
Aave governance has outlined multiple approaches to address the bad debt:
Scenario 1: Uniform Socialization of Losses
- Losses distributed across all WETH markets
- Ethereum Core WETH included in slash
- Broad-based impact but systemic stability maintained
Scenario 2: Losses Isolated to L2 rsETH
- Impact contained to Layer 2 markets
- Ethereum Core markets protected
- Concentrated losses for L2 participants
Technical Implementation:
Aave has reached agreement with KelpDAO and LayerZero on technical steps required for implementing the recovery plan. The collaboration focuses on:
- Bridge security improvements
- Verification mechanism upgrades
- Multi-DVN (Decentralized Verifier Network) configuration
- Enhanced monitoring systems
The Structural Problem:
The Kelp DAO exploit highlights a critical vulnerability in DeFi infrastructure: cross-chain bridges remain a single point of failure despite being marketed as decentralized infrastructure. Kelp's reliance on a '1-of-1 verifier configuration' allowed attackers to poison the verification process.
LayerZero's Position:
LayerZero, the underlying messaging protocol, noted that it had previously recommended Kelp DAO migrate from its single-DVN configuration. The company emphasized that "no single DVN should represent a unilateral point of trust or failure."
Kelp DAO's Response:
Kelp DAO has pointed to LayerZero's documentation, noting that the single-DVN setup was the configuration officially recommended. The protocol paused relevant contracts and blacklisted the attackers' wallet, successfully blocking a second attack attempt.
North Korean Connection:
The exploit has been attributed to North Korea's TraderTraitor hacking group, part of the regime's ongoing crypto theft operations. North Korean hackers stole over $2 billion in crypto in 2025 alone, with total stolen crypto since 2017 estimated at around $6 billion.
Industry Implications:
For DeFi Security:
- Cross-chain bridges require enhanced security models
- Multi-signature verification becomes essential
- Real-time monitoring systems needed
- Insurance mechanisms for bridge risks
For Protocol Governance:
- Emergency response procedures
- Treasury allocation for recovery
- Multi-protocol coordination
- Risk assessment frameworks
For Users:
- Diversification of collateral assets
- Understanding bridge risks
- Monitoring protocol health
- Insurance product utilization
Market Impact:
The AAVE token has become a sentiment indicator for the recovery effort's success. While price action alone cannot explain the full scale of risk, market reaction reflects confidence in the DeFi United initiative.
Accounting and Regulatory Questions:
The exploit raises complex questions about:
- DAO control and consolidation
- Revenue recognition for protocol fees
- Governance risk disclosures
- Insurance and recovery accounting
- Regulatory compliance for cross-chain assets
Lessons Learned:
Technical:
- Single points of failure must be eliminated
- Verification mechanisms need redundancy
- Real-time monitoring is essential
- Emergency pause functions save funds
Governance:
- Multi-protocol coordination is possible
- Industry solidarity matters in crises
- Treasury reserves provide stability
- Leadership commitment builds confidence
Risk Management:
- Bridge risks are systemic
- Collateral diversification is critical
- Insurance products need development
- User education is paramount
Looking Forward:
The DeFi United recovery plan represents a watershed moment for the industry. If successful, it will demonstrate that DeFi can self-organize to address systemic threats without centralized intervention.
The recovery effort is ongoing, with Aave and partners working "nonstop" according to Stani Kulechov. The outcome will likely influence DeFi architecture, governance models, and risk management practices for years to come.
Key Metrics to Watch:
- rsETH peg restoration
- Bad debt resolution progress
- AAVE token performance
- Cross-chain bridge upgrades
- Insurance product development
The KelpDAO exploit and subsequent recovery effort may ultimately strengthen DeFi by exposing vulnerabilities and demonstrating the industry's capacity for collective action in crisis.
#AaveLaunchesrsETHRecoveryPlan