Kelp DAO Restores rsETH After $293M Lazarus Hack
Kelp DAO completes five-week rsETH recovery following $293M Lazarus Group exploit. Final tranche of 20,373 tokens transferred. Aave, hit with $190M bad debt, sees TVL stagnation despite operational normality. DeFi United initiative aided restoration, highlighting interconnected DeFi risks.
Quick Take
Kelp DAO's rsETH fully restored after five-week, $293M Lazarus hack recovery.
Final 20,373.7 rsETH sent to LayerZero, closing operational recovery phase.
Aave’s TVL remains below $15B, still affected by $190M bad debt.
April saw 25 crypto hacks totaling $630M, worst month since Bybit hack.
Market Impact Analysis
NeutralRestoration reduces systemic risk but Aave's stagnant TVL and lingering bad debt offset bullish momentum.
Speculation Analysis
Key Takeaways
- Kelp DAO restored full rsETH backing after a five-week, $293M Lazarus Group exploit, closing recovery with a final 20,373.7 token transfer.
- Aave still carries $190M bad debt from the hack, with TVL stagnating below $15B despite rsETH operations normalizing.
- April marked 2025’s worst month for crypto hacks with $630M stolen across 25 incidents, exposing deep DeFi security cracks.
What Happened
Kelp DAO completed the operational recovery of its rsETH token on Monday after a five-week effort to restore backing lost in a $293 million hack by North Korea’s Lazarus Group. The exploit on April 18 drained funds and disrupted rsETH’s peg, triggering a crisis across lending markets. The final tranche of 20,373.7 rsETH was transferred to the LayerZero smart contract handling cross-chain minting and burning, closing the recovery plan. Multiple DeFi protocols contributed funds under the DeFi United initiative to re-collateralize the token. Withdrawals, mints, and rewards are now running normally, though the market impact lingers.
The Numbers
The attack was the largest in a month that saw 25 hacks totaling $630 million, second only to February’s Bybit record heist. Aave suffered $190 million in bad debt after the hacker used stolen rsETH as collateral to borrow wrapped Ether. Aave’s TVL plummeted from $26.4 billion to below $14 billion, and despite easing outflows, it has failed to recover above $15.1 billion. The recovery involved multiple tranches, starting with 25,000 rsETH on May 13, culminating in the final 20,373.7 transfer.
Why It Happened
The exploit exposed vulnerabilities in cross-chain liquid staking derivatives and the interconnectivity of DeFi lending. Lazarus Group executed a sophisticated attack on Kelp DAO’s smart contracts, forcing a systemic ripple as the hacker leveraged stolen assets on Aave. The recovery was made possible through coordinated industry support via the DeFi United initiative, with protocols contributing funds to cover the shortfall. The episode underscored the sector’s reliance on collaborative bailouts when code fails.
Broader Impact
The hack reignited debate about DeFi’s systemic risk from concentrated protocol dependencies. Aave’s lingering TVL depression shows that bad debt can freeze liquidity even after technical fixes. It also demonstrated the power of DeFi collectives in crisis response, though questions remain about moral hazard and the need for stronger security audits across liquid staking providers.
What to Watch Next
- Aave’s TVL trajectory—whether it can recapture the $20 billion mark or if trust erosion leads to permanent migration to competitors.
- Potential Lazarus Group movements: stolen funds may be laundered through mixers, drawing regulatory scrutiny on privacy tools.
- Kelp DAO’s security upgrade announcements and rsETH adoption metrics as the market digests the recovery.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
