Kelp and Aave Restore rsETH Backing After Exploit, Burn Hacker's Tokens
Hızlı Bakış
Ethereum liquid restaking platform Kelp, in conjunction with Aave, has burned the exploiter's rsETH tokens and is progressively refilling the backing for its liquid staking token, aiming to restore user funds after a $293 million hack.
Yapay zekâ özeti
Neden Önemli?
Kelp is a liquid restaking protocol on Ethereum built on EigenLayer, allowing users to deposit ETH for additional yields. Aave is a decentralized lending protocol. The exploit involved Kelp's rsETH adapter bridge contract, leading to a loss of approximately $293 million.
Ethereum liquid restaking platform Kelp and decentralized lending protocol Aave have completed a series of steps to restore rsETH backing, including burning the exploiter’s rsETH tokens.
Kelp DAO detailed a post-exploit recovery for its liquid staking token rsETH on Tuesday, confirming that the hacker’s tokens were burned on the layer-2 Arbitrum network.
The 117,132 rsETH, currently worth about $278 million, will be refilled progressively over two weeks from Aave Recovery Guardian, a multisignature wallet controlled by the DeFi United recovery group and Kelp’s own recovery safe into the LayerZero OFT adapter, a smart contract that handles locking, minting, burning and releasing rsETH during cross-chain transfers.
Kelp DAO confirmed that rsETH on mainnet and layer-2 networks, which has a market capitalization of $1.5 billion, remains fully backed at all times.
The move to recover the liquid staking tokens will bring users impacted by one of this year’s largest DeFi exploits one step closer to recovery.
Kelp was hacked in April when attackers widely attributed to North Korea’s Lazarus Group exploited its rsETH adapter bridge contract, the software that manages the platform’s liquid restaking token, and drained about $293 million.
Blockchain security firm OpenZeppelin reported at the time that no smart contract bug had been publicly identified, adding that “the system failed operationally,” and this is a category of risk the DeFi industry has “consistently underweighted.”
Withdrawals will resume within 24 hours
Kelp said it will unpause withdrawals, “tentatively within 24 hours,” after the first tranche is returned to the smart contract. All rsETH operations, including deposits, redemptions, bridging and claims, will resume as usual after the contracts are reactivated.
The protocol has also completed a “security hardening pass,” and bridging security now requires four independent attestors and 64 block confirmations, while it has deprecated some layer-2 routes.
It is also in the process of migrating to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) for “further strengthened cross-chain bridging.”
Kelp is a prominent liquid restaking protocol on Ethereum, primarily built on top of EigenLayer, where users deposit ETH or other supported liquid staking tokens for additional yields.
The protocol’s total value locked hit an all-time high of just over $2 billion in September 2025 but has since declined by about 26% to $1.55 billion, according to DeFiLlama.
Cointelegraph reported this week that metrics showed ETH derivatives traders were holding steady and haven’t flipped bearish despite the recent DeFi exploits.
However, spot prices are down around 1% on the day, with Ether falling to a 12-day low of $2,260 in late trading on Tuesday.
Bundan Sonra Ne Olabilir?
Yapay zekâ öngörüsü — kesinlik taşımaz
Kelp will successfully unpause all operations and resume normal service within the next 48 hours.
Muhtemel · Günler içinde
Further details regarding the operational failures that led to the exploit will be disclosed by Kelp or security firms.
Olası · Haftalar içinde
The Lazarus Group will be linked to other DeFi exploits in the near future.
Olası · Aylar içinde
Açık Sorular
- Will the full $293 million be recovered for users?
- What specific operational failures led to the exploit?
- What further measures will be taken to prevent future attacks by Lazarus Group or similar entities?
- How will the migration to Chainlink CCIP affect cross-chain bridging security and efficiency?






