Kelp DAO Completes Final Phase of rsETH Recovery
Ethereum liquid staking protocol Kelp DAO announced Monday that it has completed the operational phase of its recovery plan following the devastating April exploit that drained roughly $293 million from infrastructure connected to the protocol.
In a post on X, Kelp DAO confirmed that the final tranche of 20,373.7 rsETH tokens had been transferred back into the LayerZero smart contract responsible for handling cross-chain rsETH transfers.
The contract manages the locking, minting, burning, and release of rsETH tokens across different blockchain networks.
The final tranche of 20,373.72 rsETH has been sent to the rsETH OFT adapter earlier today. This closes the operational part of the rsETH recovery plan.
— Kelp (@KelpDAO) May 25, 2026
Tx: https://t.co/fB2HLWvggk
The final tranche of 20,373.72 rsETH has been sent to the rsETH OFT adapter earlier today. This closes the operational part of the rsETH recovery plan.
— Kelp (@KelpDAO) May 25, 2026
Tx: https://t.co/fB2HLWvggk
The announcement marks the end of a five-week emergency effort to restore the token’s backing and stabilize affected DeFi markets.
Lazarus Attack Triggered Massive DeFi Contagion
The exploit, which occurred on April 18, was later linked to North Korea’s notorious Lazarus Group.
Attackers stole approximately 116,500 rsETH and then used a large portion of those assets as collateral inside decentralized lending platforms.
The hack rapidly spiraled into one of the largest DeFi contagion events of 2026, exposing how deeply interconnected major decentralized finance protocols have become.
The attackers did not simply bridge out the stolen assets. Instead, they leveraged the stolen rsETH to borrow other assets across lending markets, creating widespread liquidity stress throughout the ecosystem.
Aave Suffered Massive Liquidity Shock
One of the protocols hit hardest was Aave.
The attackers deposited large amounts of stolen rsETH into Aave and borrowed wrapped Ether against it, creating approximately $190 million in bad debt across the platform.
The situation triggered panic among users, causing a wave of withdrawals and liquidity shortages across several lending pools.
At one point, utilization rates inside certain Aave markets spiked dramatically, leaving many users struggling to access deposited funds.
The exploit reignited concerns surrounding systemic risk in decentralized finance, where failures in one protocol can quickly spread across interconnected lending, staking, and liquidity systems.
Industry Groups Helped Fund Recovery
Kelp DAO said several crypto protocols and ecosystem participants contributed funds to help restore rsETH reserves through a coordinated initiative known as DeFi United.
The recovery process began earlier this month.
On May 13, the protocol transferred an initial tranche of 25,000 rsETH, allowing bridging operations between Ethereum mainnet and layer-2 networks to resume.
One day later, Kelp DAO reopened withdrawals for rsETH holders.
The team now says minting, redemption, and rewards functions for rsETH have been operating normally since withdrawals resumed.
April Became One of the Worst Months for Crypto Hacks
The Kelp DAO exploit became one of the largest hacks recorded this year and contributed heavily to April’s surge in crypto-related losses.
According to industry tracking data, the crypto sector suffered roughly $630 million in losses from 25 separate hacks during April alone.
That made it the worst month for crypto exploits since February 2025, when Bybit lost a record $1.5 billion in a historic attack.
The repeated involvement of Lazarus Group in major crypto exploits continues intensifying international scrutiny around blockchain security, sanctions enforcement, and cross-chain infrastructure vulnerabilities.
Cross-Chain Security Remains Major Industry Concern
The exploit also placed renewed attention on the risks surrounding cross-chain bridges and restaking infrastructure.
Kelp DAO’s rsETH token functions as a liquid restaking asset tied to Ethereum staking and EigenLayer rewards, allowing users to maintain liquidity while earning yield.
Because the system depends heavily on interoperability infrastructure, vulnerabilities inside bridge mechanisms or messaging systems can create cascading risks across multiple protocols simultaneously.
The recovery effort may help restore confidence in rsETH itself, but the attack has already become another major example of how fragile DeFi liquidity systems can become during large-scale exploits.
For many analysts, the Kelp DAO incident reinforced growing calls for stricter smart-contract auditing, better bridge security, and stronger risk management standards across decentralized finance.
