Kelp DAO's $293M Bridge Exploit Exposes Cascading Risks in Liquid Staking

Kelp DAO's LayerZero bridge was exploited to mint unbacked rsETH, which attackers then used as collateral to borrow $200M+ from Aave before markets could react. The incident highlights how composability risks cascade across DeFi protocols.

Kelp DAO fell victim to a sophisticated bridge exploit that unraveled across multiple protocols in a matter of hours, ultimately leaving Aave with over $200 million in uncollateralized debt. The attack exploited a critical vulnerability in Kelp's LayerZero bridge integration, where an attacker was able to mint unbacked quantities of rsETH—Kelp's liquid restaking token—without corresponding collateral backing the issuance. This artificial inflation of rsETH supply created the conditions for a follow-on attack that devastated downstream lending markets.

The attacker's execution revealed how quickly composability can become a liability in decentralized finance. Once rsETH was minted without proper collateral, the attacker deposited this worthless collateral into Aave V3 and V4, borrowing substantial amounts of WETH before the protocols could identify and freeze the affected markets. The speed of this attack—executed before governance or automated risk systems could react—highlights a persistent challenge in DeFi: the time gap between vulnerability discovery and circuit-breaker activation. By the time Aave's risk management systems flagged the unusual borrowing activity, approximately $293 million had already moved through the exploit pipeline, with $200 million remaining as bad debt on Aave's balance sheet.

This incident exposes structural vulnerabilities in how liquid restaking tokens are designed and integrated across chains. Kelp's reliance on LayerZero for cross-chain messaging introduced a trust assumption that proved fatal when execution logic could be manipulated. Liquid restaking has become increasingly central to Ethereum's economic security model, with protocols like Kelp, EigenLayer, and others now managing billions in staked assets. When these protocols suffer exploits, the damage propagates instantly through lending markets, derivatives platforms, and other DeFi infrastructure that treats these tokens as risk-free assets.

The incident underscores why risk managers must view bridge-issued assets with skepticism, regardless of their underlying utility. Protocols minting tokens across bridges require not just secure bridge infrastructure, but also robust on-chain mechanisms that prevent artificial supply inflation. Aave and similar lending protocols will likely implement stricter onboarding requirements for restaking tokens going forward, potentially slowing innovation in the liquid restaking space while these vulnerabilities are systematically addressed.