Kelp DAO restores rsETH, reopens cross-chain after $293M hack

Kelp DAO restored its restaked Ether token rsETH and reopened cross-chain transfers after a five-week recovery following a $293 million exploit on April 18. The protocol posted on X that the final tranche of 20,373.7 rsETH was sent to the LayerZero smart contract that manages rsETH locking, minting, burning and release. The post read: “This closes the operational part of the rsETH recovery plan.”

The April 18 attack removed about 116,500 rsETH from Kelp DAO. Blockchain analysts and law enforcement attribute the exploit to the Lazarus Group, a hacking group linked to North Korea.

Kelp and a coalition of protocols operating under the DeFi United initiative coordinated funds and technical steps to restore backing for rsETH and enable cross-chain transfers to resume. The first tranche of 25,000 rsETH was returned on May 13, allowing bridging between the Ethereum mainnet and layer-2 networks to reopen. Kelp reopened rsETH withdrawals on May 14.

After the final transfer, Kelp reported that rsETH minting, redemptions and reward distributions “have been running normally.” The LayerZero contract that received the last tranche handles the mechanics for rsETH transfers across chains. Kelp added that governance and other follow-up processes remain ongoing.

The attacker used a large portion of the stolen rsETH as collateral on the Aave lending platform to borrow wrapped Ether, generating roughly $190 million in bad debt and triggering mass withdrawals. Aave’s total value locked fell from about $26.4 billion to below $14 billion after the incident.

DeFi tracking data shows net outflows from Aave’s markets have slowed over the past month. Aave’s TVL has remained between roughly $13.9 billion and $15.1 billion since the week after the exploit.

Kelp’s restoration effort involved liquidity contributions from multiple crypto protocols to re-back the rsETH supply and limit contagion across lending and staking markets.

April recorded 25 hacks that together accounted for roughly $630 million in losses. The Kelp DAO exploit was the largest incident that month and marked the biggest month for hacks since February 2025, when an exchange lost $1.5 billion.

Kelp’s public updates focused on the technical steps completed and the status of user-facing operations. The protocol did not provide detailed timelines for remaining governance actions or for recovering funds linked to the attacker.