The Kelp DAO and LayerZero bridge exploit that occurred over the weekend has left lending protocol Aave facing potential losses of up to $230 million, depending on how the situation is resolved.
The incident, according to a report from Aave Labs and service provider LlamaRisk posted on the Aave governance forum, centers around rsETH, a liquid recovery token issued by KelpDAO. To move rsETH between blockchains, the protocol relies on a bridging mechanism that locks tokens on one chain while issuing corresponding copies on another.
An attacker took advantage of that configuration by forging a transfer message that looked valid. The system approved the transfer even though the tokens were never taken off the sending chain, meaning new unbacked tokens were effectively created, releasing 116,500 rsETH from the Ethereum-side bridge.
According to the report, instead of selling the assets on the open market, the attacker deposited 89,567 rsETH in Aave as collateral and borrowed approximately $190 million worth of ETH and related assets on Ethereum and Arbitrum. This left Aave exposed to collateral whose support may be significantly affected.
Aave Labs said it acted quickly to contain the risk. Within hours, the protocol froze rsETH markets across all its implementations, set the loan-to-value ratio to zero, and stopped new lending against the asset.
The outcome now largely depends on how Kelp handles the deficit. If the losses are spread across all rsETH holders, the token would face an estimated 15% decoupling (meaning the value of the staked tokens would not match the value of the actual ETH), resulting in around $124 million in bad debts for Aave. If losses are limited to Layer 2 networks, the impact would be much more severe, with bad debts totaling approximately $230 million and concentrated on networks such as Arbitrum and Mantle.
The exploit arose from weaknesses in the way Kelp verified cross-chain messages using LayerZero. By manipulating this process, the attacker was able to make certain assets appear fully backed up when they were not, allowing them to extract value from the system. LayerZero itself was not hacked directly, but its messaging layer exposed erroneous assumptions about how Kelp validated cross-chain data.
The incident raised concerns that some positions in Aave were backed by incorrectly priced collateral or were no longer fully backed, increasing the risk of undersecured loans.
In response, users took steps to reduce exposure. About $6 billion in total value locked was withdrawn from Aave after the incident, reflecting a broad pullback as participants reacted to the uncertainty.
The episode highlighted their indirect exposure to external systems. The impact was felt through increased collateral risk, pressure on credit positions, and a sharp drop in deposits as users reassessed the security of interconnected DeFi infrastructure.
The report says its DAO treasury has approximately $181 million in assets and that talks are underway with ecosystem participants to address potential losses. Kelp has not yet defined how it plans to allocate losses, leaving Aave’s ultimate exposure uncertain as the situation continues to evolve.
Read more: Kelp DAO claims LayerZero ‘default’ settings are what really caused the massive $290 million disaster
