GM, and happy Monday!

DeFi experienced another exploit over the weekend. What began as a $292 million exploit on Kelp DAO's cross-chain bridge quickly mutated into a systemic crisis. Meanwhile, the broader market remains sensitive to geopolitical headlines. BTC pulled back to the $74,000 level as Middle East ceasefire controversies resurfaced, even as US spot crypto ETFs provided a bullish counterbalance by recording nearly $1.4 billion in weekly institutional inflows.

In today's edition, we unpack the mechanics of the Kelp-Aave contagion. We detail how a single vulnerable bridge configuration led to a massive liquidity freeze and explore the tough resolution scenarios now facing the DAO.

Over the past week, risk assets saw a strong bid with all four major benchmarks closing in positive territory. The Nasdaq and BTC led the move, up 6.4% and 4.8%, respectively, followed by the S&P 500 and gold, which gained 4.5% and 1.1%.

Much of the upside came on Friday after Iran announced that the Strait of Hormuz would remain open for the duration of the ceasefire. The current two-week ceasefire is set to expire on April 22, though Trump signaled willingness to extend it given early signs of progress. That optimism proved short-lived. Over the weekend, Iran reversed course, targeting vessels attempting to pass through the strait in response to continued US pressure on Iranian ports. As a result, markets have given back part of those gains in Monday’s pre-market session.

The risk-on backdrop lifted crypto as well, with 74% of tracked sectors closing the week in the green. Modular was the standout performer, up 26%, largely driven by TIA, which also gained 26% and accounts for 63% of the index. Other names like SEDA also posted strong returns, up 23% on the week.

The move in TIA appears to be driven by positioning rather than fundamentals. Both funding rates and long-short ratios had skewed heavily negative heading into the rally, setting up conditions for a sharp short squeeze. Friday’s broad market strength likely forced liquidations on the short side, accelerating the move higher.

Over the weekend, attention shifted to a major DeFi exploit involving rsETH, which sent shockwaves across the ecosystem, with majors like AAVE down 20% over the weekend. The attack stemmed from a vulnerability in KelpDAO’s bridge, where a forged cross-chain message allowed an attacker to mint 116.5K unbacked rsETH worth roughly $292M. Instead of dumping the tokens, the attacker used them as collateral to borrow over $200M in WETH and related assets before protocols could react.

The fallout was immediate. Lending platforms like Aave were left with significant bad debt, estimated at $177M, while multiple protocols moved quickly to freeze rsETH markets and limit further exposure. The impact spread across chains where rsETH had been integrated, leaving holders with impaired positions.

While the core restaking infrastructure remained intact, the incident once again highlights a familiar weakness in DeFi. The biggest risks often sit at the edges, particularly in bridges and cross-chain messaging, where a single point of failure can cascade into system-wide losses.

— Kunal

The Kelp-Aave Crisis

Kelp had deployed its LayerZero bridge using a "1-of-1" Decentralized Verifier Network setup, meaning only a single validator node was required to verify cross-chain transactions. An attacker managed to compromise the private key of this isolated node and forged a cross-chain message claiming that rsETH had been burned on an L2 network. Because only one signature was needed, the bridge accepted the forged instruction and minted 116,500 unbacked rsETH, worth approximately $292M, directly into the attacker's wallet on the Ethereum mainnet.

Instead of immediately selling the unbacked tokens on decentralized exchanges, which would have crashed the spot price, the attacker used them to exploit Aave's lending mechanics. At the time, Aave V3 allowed users to borrow WETH against rsETH at an aggressive 93% LTV ratio under its E-Mode framework. 

The attacker deposited the impaired rsETH collateral into Aave and borrowed massive amounts of WETH, eventually leaving Aave with approximately $196M in real bad debt. As news of the exploit and the bad debt spread, users rushed to withdraw their assets, pulling over $8B from the protocol within 24 hours and causing Aave's WETH utilization rate to spike to 100%, effectively freezing liquidity for the remaining depositors.

Before diving into the recovery plan, I believe this is an excellent example of the risks of Aave's looping strategies enabled by the risk teams. For reference, we previously outlined the strategy via USDe looping and how it enables almost "risk-free” (relative to holding the underlying without looping) returns. The process works as follows:

1. Loopers deposit high-yield-bearing assets (e.g., rsETH) on Aave.

2. Loopers use E-Mode to borrow related assets (ETH) against rsETH and earn the difference between the staking yield plus points and the borrow cost.

However, the risk assumptions come from Aave lenders, as their ETH is being taken out of the protocol and used by the borrowers to accumulate more rsETH (or whatever correlated asset they are borrowing). Through this, Aave depositors effectively become the third tranche for this strategy (the first tranche is loopers, the second is Umbrella, and the third are the Aave lenders, as their ETH has been borrowed). In return, ETH depositors earn slightly higher rates, as demand for ETH increases utilization of ETH reserves and increases borrowing costs. However, a large amount of ETH reserves are at stake. 

This is precisely what happened here: ETH depositors were impaired despite having no direct exposure to rsETH because their ETH was the asset lent out against rsETH collateral and recycled into the loop. That is the core risk embedded in Aave’s pooled model. While modular lending has often been criticized for enabling highly leveraged and potentially unsafe strategies, this is actually one of the areas where modularity offers a better solution, as lenders can choose which collateral types they are willing to fund and demand compensation accordingly. 

That is also why Aave supported far more looping than Morpho. On Morpho, lenders typically required materially higher APRs to fund these trades, which naturally limited their scale. On Aave, by contrast, the risk framework was set centrally by curators, so all ETH suppliers were effectively opted into financing the strategy whether or not they would have chosen that exposure themselves. 

Blockworks Advisory’s Silvio Busonero lays out two paths forward:

Scenario 1: Kelp Socializes Losses. The actual value of rsETH would drop ~18% relative to ETH, distributed across all holders. On Aave mainnet, where rsETH backs roughly 17% of ETH collateral, aETH would fall ~3%, creating a direct loss for aETH depositors. On Arbitrum, the situation is worse: 27% of aETH is backed by rsETH, implying a ~5% devaluation of aETH there. In addition, the hacker borrowed ~$113M on mainnet that would accrue as bad debt to the protocol, with ~$50M of that covered by the Umbrella safety module. On Arbitrum, where no Umbrella coverage exists, an additional $70M in hacker loans would be left fully uncovered. The second-order effect of the aETH haircut is estimated to trigger $100M in cascading liquidations, according to Chaos Labs' simulator.

Scenario 2: Kelp Does Not Socialize Losses. Aave solely absorbs the bad debt left by the hacker, and ETH depositors face no haircut. This path relies on Aave and Kelp coordinating a bailout, recognizing it as less costly in aggregate than socialization, and acting together to prevent wider ecosystem damage.

Ultimately, this could be the end of Aave's aggressive leverage era, accelerating the push toward Aave V4's hub-and-spoke architecture with per-spoke circuit breakers specifically designed to isolate collateral risk and prevent an infected liquid restaking token from draining core liquidity ever again.

— Shaunda

1. From Betting to Trading: How Kalshi is Reshaping Sports Markets

The report finds that Kalshi has rapidly scaled into a leading prediction market exchange, driven primarily by sports, with volumes growing 80x and sports now accounting for the majority of activity. Pricing is generally efficient and closely tracks traditional sportsbooks, but higher fees and thinner in-game liquidity limit execution, especially for larger participants and arbitrage strategies. The key dynamic is that Kalshi is being valued more like an exchange than a sportsbook due to its peer-to-peer structure, regulatory positioning, and broader market potential, though sustaining this premium depends on improving liquidity, lowering costs, and defending its position as competition intensifies. 

2. Kelp DAO rsETH Exploit (Who is impacted and what is next?)

On April 18, Kelp DAO’s rsETH bridge was exploited through a single-verifier LayerZero setup, allowing an attacker to mint 116,500 unbacked rsETH, worth about $290 million, and use it across DeFi as if it were valid collateral. The attacker extracted roughly $244 million in ETH-related assets, with Aave bearing the bulk of the damage across Ethereum and Arbitrum, while Compound, Euler, Fluid, and Uniswap pools were also hit. Beyond the direct losses, the exploit triggered a broader confidence shock: DeFi TVL fell sharply, Aave saw massive deposit outflows, borrowing costs spiked across lending markets, and some liquid restaking tokens came under peg pressure. Protocols responded by freezing affected markets, but the core unresolved issue is how losses will ultimately be allocated, with the main debate centering on whether Kelp socializes the damage across all rsETH holders or effectively pushes the losses onto bridged L2 holders.