What Happened? The KelpDAO / Aave Exploit (April 18, 2026)

A roughly $292 million exploit rattled the crypto industry, exposing vulnerabilities in DeFi infrastructure and raising concerns about knock-on effects across lending protocols. (CoinDesk)

The incident centers on rsETH, a liquid restaking token issued by KelpDAO. To move rsETH between blockchains, the protocol relies on a bridge mechanism that locks tokens on one chain while issuing corresponding copies on another. (CoinDesk)

An attacker exploited that setup by forging a transfer message that appeared valid the system approved the transfer even though tokens were never taken out of the sending chain, meaning new tokens were effectively created without any backing releasing 116,500 rsETH from the Ethereum-side bridge. (CoinDesk)

#CanTheDeFiIndustryRecoverQuicklyFromAaveExploit?