•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
An attacker reportedly exploited a bridge vulnerability in KelpDAO’s rsETH liquid restaking token on April 18, 2026, draining an estimated $280 million or more across Ethereum and Arbitrum.
On-chain investigator ZachXBT posted the initial alert to his public Telegram channel shortly before 3 p.m. ET, listing six wallet addresses tied to the theft. In the post, ZachXBT said the attacker wallets were funded through Tornado Cash before the drain began. While the post did not name KelpDAO directly, on-chain analysts connected the addresses to the incident within hours.
“KelpDAO appears to have had $280M+ stolen one hour ago on Ethereum and Arbitrum,” ZachXBT wrote. “The attack addresses were funded via Tornado Cash.”
Reports indicate the attackers exploited a flaw in KelpDAO’s Layerzero-powered bridge, triggering the unauthorized release of a large volume of rsETH without depositing new collateral. The acquired rsETH was then deposited into Aave V3 lending markets on both Ethereum and Arbitrum.
After depositing the tokens, the attacker borrowed significant amounts of ETH and other assets against the rsETH collateral. When the collateral’s validity was called into question, the positions reportedly exited Aave, leaving the protocol with bad debt.
Community estimates of total losses ranged from $100 million to roughly $293 million. The higher-end estimate was described as equivalent to approximately 116,500 rsETH at current prices.
AAVE dropped sharply on the news. Market data cited a decline of between 10% and 13% within hours of the initial alert, as traders weighed potential bad-debt exposure across Aave’s lending pools.
Liquid restaking tokens such as rsETH are used as collateral across multiple DeFi lending markets, which can accelerate the spread of losses when an underlying asset’s validity is disrupted. The KelpDAO incident was presented as an example of how bridge-level failures can propagate through DeFi composability.
ZachXBT’s listed attacker wallets reportedly showed large ETH positions held on Aave and Compound. One address alone was said to have held approximately $120 million in ETH on Aave at the time of detection, with funds moved quickly after the drain.
The use of Tornado Cash to pre-fund operational wallets before the attack was described as a common tactic to obscure transaction origins, indicating a deliberate and planned operation rather than a new technique.
As of approximately 3 p.m. ET on April 18, KelpDAO had not published an official statement or post-mortem. The community was reportedly monitoring the project’s X account and website for updates, as well as Aave governance channels for any emergency actions.
Editor’s note: This article was updated to note that the issue was reported as bridge exploit.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
