The biggest DeFi heist of 2026, hackers stole everything and conveniently tricked Aave as well

Author: Xiao Bing, Deep Tide TechFlow

On April 18th at 17:35 UTC, a wallet that had used Tornado Cash for laundering sent a cross-chain message to LayerZero’s EndpointV2 contract.

The message’s meaning was simple: a user on one chain wanted to cross back rsETH to the Ethereum mainnet. According to protocol design, LayerZero faithfully relayed the instruction. Kelp DAO’s bridge contract deployed on the mainnet also faithfully executed the release as intended.

116,500 rsETH, valued at approximately $292 million at the time, was transferred in a single transaction to an attacker-controlled address.

The problem was, no one on the other chain had ever deposited that rsETH. This “cross-chain request” was fabricated out of thin air, LayerZero believed it, and Kelp’s bridge also trusted it.

46 minutes later, Kelp’s emergency multisig finally hit the pause button. By then, the attacker had already completed the second half of the operation: collateralizing the stolen, essentially unanchored rsETH into Aave V3 and borrowing about $236 million worth of wETH.

This is the largest DeFi theft so far in 2026, surpassing the $3 million attack on the Drift protocol by North Korean hackers on April 1st, but what truly chills industry spines isn’t just the amount.

How the attack happened: three attempts from 17:35 to 18:28

Let’s reconstruct the timeline.

17:35 UTC, first strike. The attacker called the lzReceive function on LayerZero EndpointV2 contract, using a Tornado Cash-funded wallet, to send a forged cross-chain data packet to Kelp’s bridge contract. The contract verified it successfully, releasing 116,500 rsETH to the attacker’s address. Single transaction. Clean.

18:21 UTC, Kelp’s emergency pause multisig froze core rsETH contracts on mainnet and multiple L2s. 46 minutes after the attack.

18:26 and 18:28 UTC, the attacker launched two more attempts, each carrying a LayerZero data packet trying to withdraw another 40,000 rsETH (about $100 million). Both were reverted; the contracts were frozen, but the attacker apparently kept trying to drain the remaining liquidity.

From the first successful hit to Kelp’s public statement, nearly three hours passed.

Kelp’s first tweet was only issued at 20:10 UTC, with restrained wording: “Suspicious cross-chain activity involving rsETH detected, mainnet and multiple L2 rsETH contracts have been paused, working with LayerZero, Unichain, auditors, and external security experts for root cause analysis.”

But earlier than the official statement, chain analyst ZachXBT had already issued an alert on his Telegram channel before 3 PM ET, listing six wallet addresses linked to the theft, noting that these wallets had used Tornado Cash before acting. He didn’t name Kelp DAO explicitly, but on-chain analysts quickly connected the dots within hours.

This was a premeditated, minute-level execution operation. Pre-funded laundering wallets, meticulously crafted cross-chain data packets, continuous actions involving attack and Aave collateralization—each step was like walking to a beat.

After the theft, a second scam

If it were just a bridge vulnerability, stealing 116,500 rsETH and fleeing, this would be at most a major incident of 2026. Kelp bears the loss, the community absorbs it over a few days, and the industry moves on.

But the attacker clearly did the math. rsETH’s secondary liquidity isn’t deep; dumping $292 million into a DEX for sale would cause significant slippage, eating into profits. A more elegant exit would be to package this “spontaneously obtained rsETH” as seemingly solid collateral, then borrow real liquid assets against it.

So the attacker took a second step: deposit the stolen rsETH into Aave V3 as collateral and borrow a large amount of wETH.

Why is this step deadly? Because at that moment, the Aave contract still valued the collateral based on rsETH’s price from the oracle, even though the reserves in the bridge had been emptied. The underlying economic value of that rsETH was effectively nonexistent. The lending protocol was still issuing loans as if the collateral was worth 100% of its face value, but in reality, it was a worthless check.

The result: the attacker shifted the risk of liquidation onto Aave’s wETH reserve pool.

Aave V3’s wETH reserves are now absorbing the bad debt. Solidity developer and auditor 0xQuit warned on X that the wETH pool is actually impaired; some withdrawals can only be processed after Aave’s Umbrella backstop module covers the deficit.

The latest estimate of bad debt is around $177 million, and that’s just on Ethereum mainnet.

The first major test in a prophecy

For seasoned DeFi players, this feels familiar—like the Luna collapse in 2022, when Aave V2’s Safety Module also played a similar role.

But this time, it’s Umbrella. Aave launched the new generation of backstop system at the end of 2025 to replace the old Safety Module, and this incident is the first major stress test of Umbrella’s automatic bad debt coverage mechanism.

Umbrella’s logic is straightforward: pledge aTokens like aWETH, aUSDC, GHO into the Umbrella insurance vault, earn extra incentives during normal times, but if the asset pool goes into deficit, the pledged assets are slashed proportionally to cover the gap.

This design looks good on paper. In the first month of Aave v3.3, the total pool deficit was about $400, with nearly $9.5 billion in outstanding loans—an almost negligible ratio.

But $177 million in bad debt is a different scale. For users who staked aWETH into Umbrella, this will be the first real test of what “bearing slashing risk” actually means. Aave’s official statement was cautious: if bad debt occurs, Aave plans to use Umbrella assets to cover any shortfall. But whether it can fully cover, how high the slashing ratio will be, and how much principal will be lost, all depends on the final settlement.

The original sin of cross-chain bridges

Even more unsettling is the identity of the stolen rsETH.

rsETH is deployed across over 20 networks including Base, Arbitrum, Linea, Blast, Mantle, Scroll, with cross-chain transfer handled via LayerZero’s OFT standard. The compromised bridge’s rsETH reserves are the backing for all “wrapped” rsETH on these networks.

This setup sounds routine: mainnet vault holds 1:1 reserves, L2 rsETH holders can theoretically redeem back to mainnet at any time. But this mechanism’s premise is that the vault is actually funded.

Now, the vault is 82% empty. About 18% of the circulating rsETH supply in Kelp’s ecosystem suddenly lost its backing overnight.

This creates a feedback loop: if L2 holders panic and redeem en masse, pressure will transfer to the unaffected Ethereum supply, possibly forcing Kelp to unwind re-staking positions to meet withdrawal demands.

Unwinding re-staking isn’t instant. EigenLayer withdrawals have delays, validator exits are queued. If L2 rsETH holders rush to redeem, Kelp might not have enough time to prepare the mainnet liquidity.

This is a fundamental risk of the bridge reserve model: as soon as the mainnet pool fails, downstream liquidity is at risk of collapse. Every L2 rsETH holder faces the same dilemma: run first or trust Kelp to cover.

Within hours, panic swept through the entire DeFi lending sector.

Aave V3 and V4’s rsETH markets froze, new deposits and rsETH-based lending channels shut down.

SparkLend, Fluid followed suit, freezing rsETH markets.

Ethena, claiming no rsETH exposure and maintaining over 101% collateralization, paused its LayerZero OFT bridge from Ethereum mainnet as a precaution, expected to be down for about six hours. This reaction is telling: even players without direct exposure are halting LayerZero bridges.

Lido Finance paused new deposits into its earnETH product (which contains rsETH exposure), emphasizing that stETH and wstETH are unaffected, and that the core staking protocol is unrelated to this incident.

Upshift paused deposits and withdrawals for High Growth ETH and Kelp Gain vaults.

The list continues to grow.

Deep Tide commentary: DeFi security remains a long road

As of this writing, Kelp DAO’s root cause analysis is ongoing. How much of the stolen rsETH can be recovered through security teams or white-hat negotiations? Can Aave’s Umbrella withstand this bad debt? Will L2 rsETH holders trigger a run? Can AAVE and rsETH prices stabilize before the weekend?

But some issues have already become apparent.

For example, can LRT still qualify as collateral in lending protocols?

Liquid Restaking Token (LRT) was the darling of the Ethereum ecosystem last cycle. EigenLayer’s “earn multiple layers of yield from one ETH” narrative, along with protocols like Kelp, ether.fi, Puffer, industrialized this idea. The end result: LRT was added to the collateral whitelist of major lending protocols as a structured asset.

This decision was based on an assumption: that LRT’s peg mechanism is robust enough, and the multi-layered risk of nested assets can be fully modeled and isolated at the smart contract level.

The Kelp incident punctured this assumption in a single afternoon. LRT’s risk isn’t just from underlying smart contracts; it also stems from its cross-chain distribution architecture. Not only from individual protocols, but from every dependency between it, EigenLayer, LayerZero, and Aave. Every Lego block in DeFi looks safe alone, but assembled into a puzzle, the risks multiply rather than add.

In the coming months, all lending protocols still listing LRT as high-grade collateral will need to reassess risk parameters. Borrowing limits will decrease, liquidation buffers will widen, some protocols may delist altogether.

DeFi’s moat has long been called “composability,” but this incident reminds everyone: composability is a double-edged sword. The network effects you pride in can become amplifiers in the hands of attackers.

This attack was premeditated with a clear exit plan. Not just theft, but weaponizing DeFi’s composability—when dependencies between protocols are tighter and composability richer, the attack surface expands, and the attacker can leverage more financial Lego blocks.

DeFi security, still a long journey ahead.