The $292 million Kelp DAO exploit has triggered a wave of reaction across the crypto industry, with developers and traders warning that the incident exposed deeper flaws in the way decentralized finance (DeFi) is built.
Data shared by market participants shows that the immediate consequences extended far beyond the hacked protocol.
“The rsETH hack is causing withdrawals across all lending protocols, including solana and unaffected protocols,” 0xngmi said in a post on Sunday, pointing to strong outflows including “Aave: -6.2 billion (-23%) net inflows” and smaller but notable drops in Morpho, Sky, and JupLend. rsETH is the Kelp DAO liquid recovery protocol and is a liquid recovery token (LRT) that allows users to earn ether staking and recovery rewards while keeping their assets liquid, even when locked in staking.
That pressure quickly turned into something more severe. A widely circulated post by Josu San Martín described cascading liquidity stress within credit markets: “ETH depositors cannot withdraw ETH, so they are borrowing stables to ‘withdraw’ funds… This is a total run on AAVE.”
While Stani Kulechov, founder of Aave, said that the exploit was external and that the protocol’s contracts were not compromised, depositors panicked. The total value locked (or deposits) fell from $26.4 billion on April 18 to nearly $20 billion in US morning hours on Sunday, according to DefiLlama. The AAVE token also fell more than 18% as depositors rushed to withdraw their money over the weekend.
A ‘case study’
The exploit itself has become a focal point for engineers and developers.
Several developers rejected initial assumptions that the problem arose from the core infrastructure. “The KelpDAO exploit (~$290 million, is NOT a LayerZero protocol bug. It is a configuration issue and a case study that every project with a cross-chain token should consider today,” read a technical breakdown from cryptogoblin.
The thread details how a single verification point enabled the attack. “A signature and 116,500 rsETH materialized out of thin air on Ethereum,” the post said, describing a system where “the [smart] The contracts were not broken. The verification layer was,” the post stated.
Others argued that the problem goes beyond a single configuration option.
One reviewer, who goes by Fishy Catfish on A DVN (Decentralized Verification Network) in DeFi, specifically within LayerZero V2, is an independent entity responsible for validating and attesting to the authenticity of messages sent across different blockchain networks. Basically, DVNs verify message hashes between a source chain and a destination chain.
To make the point, the author made a real-world comparison: “Imagine if a roller coaster manufacturer allowed amusement parks to individually decide what the minimum safety specifications were.” Basically, the author is simply saying that flexibility without guardrails can create hidden risks.
The publication even went so far as to claim that the configuration was the problem within the design. “I personally think this is a flawed design. Modular security is a worthwhile design space, however, the security range should have a native security floor that is fairly strong, and then allow *additional* layers of security on top of that for higher value use cases.”
‘DeFi is dead’
It’s not just the quantity and complexity of the exploit that provoked harsh and terrified criticism. The scale of the exploit has raised concerns.
Approximately 116,500 rsETH, approximately 18% of the supply, were affected. The attacker tricked LayerZero’s cross-chain messaging layer into believing that a valid instruction had arrived from another network, causing the Kelp bridge to release 116,500 rsETH to an address controlled by the attacker.
The protocols responded by freezing markets and pausing functions. Aave stopped rsETH activity. Lido stopped deposits linked to the asset. Other projects took similar steps to limit exposure as the situation developed.
Beyond the technical debate, sentiment around cryptocurrencies turned markedly negative. One post perhaps captured the mood shift in blunt terms: “DeFi is dead… ‘just use aave’ is dead,” while adding that “The crypto era is over” and asking, “If you’re reading this, why are you still in crypto?”
While the response may seem like an overreaction, that kind of “knee-jerk” reaction is not unusual after great feats, but the breadth of this event stands out.
The attack affected cross-chain infrastructure, disrupting lending models and markets simultaneously. It also follows a series of recent incidents. The hack lands on an unusually hostile streak for DeFi, particularly this month. Solana-based perpetual protocol Drift lost around $285 million on April 1 in an attack later linked to North Korean-affiliated actors, and at least a dozen smaller protocols have been exploited in the weeks since, including CoW Swap, Zerion, Rhea Finance, and Silo Finance.
‘Check your settings’
Despite all the explanations, there are still more questions than answers.
Even LayerZero is still trying to figure out all the details of the exploit. “We are fully aware of the rsETH exploit and have been in active remediation with the @KelpDAO team since the incident and continue to monitor. All other applications remain secure,” he said in a post on
KelpDAO echoed this sentiment. “Today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts on the mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors, and top security experts at RCA. We will keep you informed as we learn more about this situation.”
Still, some developers see a clearer lesson in this chaos.
The exploit did not rely on breaking encryption or bypassing smart contracts. Instead, it exposed how fragile systems can become when they depend on layered assumptions.
In simple terms, the tools worked as designed. The way they were set up was not.
That distinction can shape what comes next. Builders are now urging projects to review their configurations, especially those that rely on cross-chain messaging.
As Cryptogoblin bluntly put it: “Check your settings. Stay safe.”
Read more: DeFi returns are falling so hard they can’t compete with a traditional savings account
