$290M Kelp Bridge Exploit Leaves Aave with Bad Debt
LayerZero blames Kelp DAO’s single‑verifier setup for the $290 million rsETH bridge exploit, which triggered $195 million in bad debt on Aave and withdrawal surges. Blame debates rage as Ethereum liquidity for liquidations dries up, risking cascading losses if ETH drops.
Quick Take
Attacker drained 116,500 rsETH via Kelp’s single‑DVN bridge configuration.
Aave faces $195M bad debt after exploiter borrowed against stolen rsETH.
LayerZero pushes multi‑DVN setups and cuts support for single‑verifier apps.
Market fears 15‑20% ETH drop could trigger mass liquidations on Aave.
Market Impact Analysis
BearishThe exploit and resulting Aave bad debt erode trust in cross‑chain bridges and DeFi, likely causing sell pressure on AAVE and ETH amid liquidation fears.
Speculation Analysis
Key Takeaways
- Attacker drained 116,500 rsETH via Kelp’s single-DVN bridge configuration.
- Aave faces $195M bad debt after exploiter borrowed against stolen rsETH.
- LayerZero pushes multi-DVN setups and cuts support for single-verifier apps.
- Market fears 15-20% ETH drop could trigger mass liquidations on Aave.
- No compensation plan exists yet; blame game delays recovery.
What Happened
Kelp DAO's rsETH bridge was drained of $290 million in a single-verifier exploit. An attacker siphoned 116,500 rsETH tokens, then used them as collateral on Aave to borrow real assets, leaving $195 million in unrecoverable debt. LayerZero, which powered the bridge, pinned blame on Kelp's decision to use only one verifier—a configuration the interoperability protocol had warned against. With no recovery plan in place, the incident quickly devolved into a cross-protocol blame game, as users questioned whether Kelp DAO, LayerZero, or Aave should foot the bill.
The Numbers
The exploit's scale is staggering: $290 million in rsETH drained from Kelp's bridge. On Aave, the attacker leveraged the stolen tokens to create $195 million in bad debt, triggering an $8.9 billion exodus of total value locked from the lending protocol. The 116,500 rsETH tokens now sit in the attacker's wallet. Aave's liquidity for ETH liquidations has thinned, raising the specter of cascading losses if markets move against outstanding positions.
Why It Happened
The root cause was a single point of failure: Kelp DAO configured its bridge with only one LayerZero Decentralized Verifier Network (DVN) as the sole verification path. Despite explicit advice to diversify verifiers, Kelp stuck with a 1/1 setup. That meant one compromised verifier could greenlight fraudulent messages, bypassing all other checks. The exploit underscores a recurring DeFi weakness—centralization in critical infrastructure invites catastrophe, and cross-chain bridges remain prime targets.
Broader Impact
The fallout extends beyond Kelp and Aave. Trust in bridge security takes another hit, just as LayerZero pushes to mandate multi-DVN configurations. Aave's bad debt tests the resilience of DeFi's largest lending protocol, with liquidation mechanisms under scrutiny. Should ETH price slide, thin liquidity could amplify losses, potentially triggering a cascade. The incident also reignites debate over whether foundational infrastructure like LayerZero should share liability when partner apps cut corners.
What to Watch Next
- Negotiations with the attacker—a 10-15% bounty could recover most funds.
- Aave's liquidity health: monitor ETH price and total borrow positions for liquidation risk.
- Kelp DAO's response and whether LayerZero's ecosystem fund absorbs losses if talks fail.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
