Aave restored WETH loan-to-value limits across six V3 deployments on May 18, 2026, marking a near-complete recovery from the largest DeFi exploit of 2026. According to Aave's official post on X at 07:05 UTC, 95.4% of unbacked rsETH has been recovered within thirty days. Yet 30,765 ETH, worth roughly $71 million according to Chainalysis data, remain frozen on Arbitrum, caught in a legal dispute that reaches a federal court in Manhattan. DeFi didn't wait for regulators to act. It coordinated its own repair.
Security Incident Report
Protocol
Kelp DAO (rsETH Bridge)
Amount Drained
$292M (116,500 rsETH)
Chains
Ethereum + 20 L2 (Arbitrum, Base, Linea, Unichain, Mantle, Scroll)
Date
April 18, 2026 · 17:35 UTC
Attack Vector
Compromise of RPC nodes feeding the DVN (Decentralized Verifier Network) of LayerZero Labs, combined with a DDoS attack on uncompromised nodes. Infected nodes injected a fake cross-chain message from Unichain, tricking the Ethereum contract into releasing 116,500 rsETH without any backing. 1-of-1 DVN configuration: single point of failure.
Protocol Response
Kelp paused core contracts at 18:21 UTC (46 minutes after the drain), blocking two follow-up attempts worth $100M. Aave, SparkLend and Fluid froze rsETH markets. On April 21, the Arbitrum Security Council froze 30,765 ETH. On April 23, Aave launched DeFi United with Lido, EtherFi and Stani Kulechov.
Source: Chainalysis, Hypernative, CoinDesk · April 18, 2026
The attack vector, according to Chainalysis and CoinDesk reporting from April 18, 2026, was a two-stage infiltration. Infected RPC nodes pushed a fabricated cross-chain message from Unichain into LayerZero's DVN. Uncompromised nodes were simultaneously taken offline via DDoS, leaving the corrupted nodes as the sole data source. The Ethereum contract saw the instruction and executed: 116,500 rsETH released, against an actual Unichain balance of roughly 49 rsETH. The 1-of-1 DVN configuration offered no redundancy to catch the mismatch.
Kelp paused core contracts at 18:21 UTC, 46 minutes after the drain began, blocking two follow-up attempts that would have taken another $100 million. Aave, SparkLend and Fluid froze rsETH markets immediately. On April 21, the Arbitrum Security Council froze 30,765 ETH on-chain.
Recovery Status: May 18, 2026
- Unbacked rsETH created 112,103
- Total rsETH recovered 106,993 (95.4%)
- via Aave liquidations 89,567 rsETH
- via Compound 17,426 rsETH
- Remaining shortfall (DeFi United) ~5,200 rsETH
- DeFi United funds raised $327.95M
Source: Aave Governance Forum · CoinDesk · May 18, 2026
Source: Aave Governance Forum · CoinDesk · May 18, 2026
How DeFi United Rebuilt What Lazarus Destroyed
April 23, 2026. Five days after the exploit, Stani Kulechov announced a personal contribution of 5,000 ETH to a new recovery fund. Lido Finance pledged 2,500 stETH (approximately $5.7 million at the time), and EtherFi committed a plan worth 5,000 ETH. The initiative took the name DeFi United: a coordinated recovery fund assembled in weeks, with no institutional mandate and no government backstop. The goal was to cover the rsETH shortfall and prevent cascading forced liquidations across the ecosystem.
The fund ultimately raised $327.95 million, according to the Aave Governance Forum, roughly four times the amount needed to cover the gap. The coalition formed before regulators had even begun to respond. For a full account of the original hack: Kelp DAO: $292M drained from the rsETH LayerZero bridge. The technical dispute between Kelp and LayerZero is analyzed here: LayerZero, the Lazarus accusation and the DVN config dispute.
On April 18 at 17:35 UTC, an attacker drained 116,500 rsETH (~$292M, ~18% of circulating supply) from Kelp DAO's LayerZero-powered bridge.
— CredShields (@CredShields) April 19, 2026
$292M drained, 2026's largest DeFi hack so far.
Here's how it unfolded and what it means. 👇 https://t.co/D7i53vaj6p
On May 18, Aave restored loan-to-value ratios for WETH across six V3 deployments: Ethereum Core, Ethereum Prime, Arbitrum, Base, Mantle and Linea, returning them to pre-exploit levels. The official announcement landed on X at 07:05 UTC. For anyone active in DeFi lending, the practical meaning is direct: the ecosystem's most important lending market is fully operational again. Borrowing against ETH across six networks is back, liquidity has returned, and leveraged strategies that were locked for a month can resume.
The Kelp DAO Exploit and Who Will Absorb the Losses
Functionally, north Korea's Lazarus Group, per the reconstruction published by LayerZero and Chainalysis, executed a three-stage operation. First, the group compromised two RPC nodes feeding the bridge's verifier. Then it launched a DDoS attack against the remaining uncompromised nodes, forcing them offline so that only the infected nodes remained as active data sources. Finally, it injected a fake cross-chain message from Unichain, instructing the Ethereum contract to release 116,500 rsETH as if a legitimate transaction had occurred on Unichain. Nothing had. Unichain's circulating balance at that moment was around 49 rsETH. The message said 116,500. The contract executed.
The 1-of-1 DVN configuration was the structural weakness. A single verifier, zero redundancy. Kelp maintains it was LayerZero's default configuration at the time of deployment. LayerZero says it recommended multiple verifiers. Per data published at the time of the attack, 40% of protocols active on LayerZero still use the same single-verifier setup today.
The $71M Freeze and the North Korean Victims' Legal Claim
April 21. The Arbitrum Security Council froze 30,765 ETH, worth approximately $71 million at that moment, traced through on-chain movements linked to the attacker. The intent was to return those funds to affected users. Then, on May 5, attorneys representing American victims of North Korean state terrorism filed a motion in the U.S. District Court for the Southern District of New York. Their argument: those funds constitute “North Korean state property” under the Terrorism Risk Insurance Act (TRIA) and are therefore attachable to satisfy existing judgments against Pyongyang.
Aave filed a response with the court: the funds belong to protocol users, not to North Korea. Keeping them frozen would cause “cascading liquidations and irreparable harm” to parties with no connection to Lazarus Group. The claimants pushed back in a second filing on May 6, noting that Aave's own terms of service explicitly state the platform has no “possession, custody or control” over user assets. If Aave doesn't control those assets, the counterargument runs, how can it claim standing before the court? DeFi United has meanwhile raised $327 million, roughly four times the contested amount. Numerically, the $71 million isn't necessary to complete the recovery. The legal precedent it would set is another matter entirely.
Per data published around the time of the attack, 40% of protocols on LayerZero remain configured with a single verifier. SEAL-911, the DeFi security task force, noted that a second attempt blocked by Kelp at 18:26 UTC on April 18 would have drained an additional $200 million. The system held for 46 minutes before the pause activated. One month on, the question the sector hasn't fully answered is the one LayerZero has yet to address completely: how many other live contracts would today accept a forged message like the one sent on April 18, simply because nobody has yet updated their DVN configuration?
