Advertise
- Anjali Belgaumkar
Anjali Belgaumkar
Writer by choice, CryptoCurrency Writer, and Researcher by chance. Currently, focusing on financial news and analysis, as well as cryptocurrency news and data. One may not call me a crypto “Enthusiast” but trust me I'm getting there.
- Apr 19, 2026 07:58 UTC
-
Aave Hit With $5.4 Billion in ETH Withdrawals After Kelp DAO rsETH Exploit
A nearly $300 million exploit targeting Kelp DAO’s rsETH cross-chain bridge has triggered a mass withdrawal event at Aave, with over $5.4 billion in ETH leaving the protocol as users rushed to pull funds following concerns about bad debt accumulating on the platform.
The attacker deposited rsETH into Aave to drain ETH, leaving the protocol holding exposure it cannot easily unwind. The consequence was immediate. Aave’s ETH utilization rate climbed to 100%, meaning every available ETH in the lending pool is now borrowed and the protocol has no liquidity buffer remaining.
The Whale Exodus
The scale of the withdrawal was driven by large holders acting quickly. Justin Sun alone removed 65,584 ETH worth approximately $154 million from Aave in a single move, a transaction that on its own would have been headline news on any other day.
According to on-chain tracking by Lookonchain, the broader exodus of $5.4 billion reflects a wider panic among sophisticated users who understood what bad debt at Aave means for depositors unable to withdraw at will.
What Actually Happened
Kelp DAO paused rsETH contracts across mainnet and multiple Layer 2 networks shortly after identifying suspicious cross-chain activity. The team said it was working with LayerZero, Unichain, auditors and security experts to determine the root cause.
On-chain analysis from D2 Finance pointed to a private key leak on the source chain as the root cause, creating a trust issue with OApp nodes that allowed the attacker to manipulate the bridge.
A further nuance was added by investigators following the forensics. Two possible failure paths exist. If a legitimate source transaction exists for the relevant nonce, the compromise originated from the source-side OApp key. If no source transaction surfaces, the failure is on the DVN side, compounded by Kelp’s configuration of a single point of failure using LayerZero Labs as the sole verifier.
What Comes Next
Kelp DAO’s contracts remain paused while the investigation continues. Aave’s ETH utilization at 100% creates a situation where depositors cannot withdraw until borrowed ETH is repaid or new liquidity enters the pool.
The bad debt question is the more pressing concern. If the exploited rsETH positions cannot be recovered, Aave will need to determine how losses are distributed across the protocol, a process that has historically been contentious and slow.
Full forensics and an attacker cluster map are still being compiled. Official updates are expected through Kelp DAO’s verified channels as the investigation progresses.
Trust with CoinPedia:
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
Investment Disclaimer:
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored and Advertisements:
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
Yes 
No 
