A Kelp DAO and LayerZero bridge breach that occurred over the weekend has left lending protocol Aave facing potential losses of up to $230 million, depending on how the situation is resolved.
According to a report published on the Aave governance forum by Aave Labs and service provider LlamaRisk, the incident centered on the liquidity re-collateralization token rsETH issued by KelpDAO. In order to move rsETH between blockchains, the protocol relies on a bridging mechanism that locks the tokens on one chain while issuing corresponding copies on the other chain.
An attacker could exploit this setting by forging a transmission message that appears to be valid. Even though the tokens were never taken out of the sending chain, the system approved the transfer, meaning new tokens were effectively created without backing, releasing 116,500 rsETH from the Ethereum side bridge.
According to the report, instead of selling the assets on the open market, the attackers deposited 89,567 rsETH into Aave as collateral and borrowed approximately $190 million in ETH and related assets through Ethereum and Arbitrum. This leaves Aave exposed to collateral risks and its support could be severely compromised.
Aave Labs said it acted quickly to contain the risk. Within hours, the protocol froze the rsETH market in its deployments, setting the loan-to-value ratio to zero and halting new borrowing against the asset.
The outcome now depends largely on how Kelp handles the shortage. If losses were spread across all rsETH holders, the token would face an estimated 15% decoupling (meaning the value of the pledged tokens does not match the value of actual ETH), resulting in Aave incurring approximately $124 million in bad debt. If the losses were limited to Layer 2 networks, the impact would be much more severe, with bad debt rising to about $230 million and concentrated on networks like Arbitrum and Mantle.
The vulnerability stems from a weakness in Kelp’s use of LayerZero to verify cross-chain messages. By manipulating this process, attackers are able to make certain assets appear to be fully supported when they are not, allowing them to extract value from the system. LayerZero itself was not directly hacked, but its messaging layer exposed Kelp’s faulty assumption of validating cross-chain data.
The incident raised concerns that some of Aave’s positions were backed by collateral that was mispriced or no longer fully backed, increasing the risk of undercollateralization.
In response, users began to reduce their exposure. Approximately $6 billion of the total value locked in Aave was withdrawn following the incident, reflecting a broad pullback as participants reacted to uncertainty.
This incident highlights its indirect exposure to external systems. The impact is being felt as users reassess the security of interconnected DeFi infrastructure, with increased collateral risk, pressure on loan positions and a sharp decline in deposits.
The report states that its DAO vault holds approximately $181 million in assets and that discussions are ongoing with ecosystem participants to address potential losses. Kelp has not yet outlined how it plans to allocate losses, and Aave’s ultimate exposure remains uncertain as the situation continues to evolve.
Read more: Kelp DAO claims LayerZero’s “default” settings actually caused a massive $290 million disaster