Kelp DAO’s $292 million exploit has raised new questions about risk across liquid restaking and DeFi lending markets.
Summary
- Kelp DAO’s $292M exploit raised concerns over hidden risks across liquid restaking and lending markets.
- Aave, SparkLend, Fluid, and Lido took risk-control steps after rsETH markets came under pressure.
- The incident renewed debate over whether yield stacking hides risk across connected DeFi protocols.
The attack reportedly affected the protocol’s rsETH bridge and involved 116,500 rsETH, equal to about 18% of circulating supply.
The incident did not remain limited to Kelp DAO. Aave saw large withdrawals, while SparkLend and Fluid paused rsETH markets. Lido also paused earnETH, which had exposure to rsETH, even though its core stETH product was not affected.
A post by a DeFi-focused account, known as @whatexchange on X, compared the event to the 2008 financial crisis. The account wrote, “Stacking asset layers does not remove risk. It compresses and hides it.”
Layered yield products face scrutiny
The post argued that rsETH moved through several layers before the exploit. Users first staked ETH through Lido and received stETH. That stETH could then move into Kelp DAO and EigenLayer, where rsETH was minted.
The rsETH token was then used as collateral on lending platforms such as Aave, SparkLend, and Fluid. It was also bridged through LayerZero to other chains, creating wrapped versions that depended on the same underlying asset.
The analysis compared this structure to mortgage products before the 2008 crisis. It said both systems repackaged one base asset through several financial layers, while each layer relied on the previous one working as expected.
Market response shows hidden exposure
After the Kelp DAO exploit, several DeFi platforms moved to reduce risk. Aave froze rsETH markets for several hours, while SparkLend and Fluid paused similar markets. Ethena also paused LayerZero OFT bridges as a precaution, despite having no direct rsETH exposure.
According to the post, over $6.2 billion exited Aave within less than 36 hours. The account said the main issue was not only the exploit size but the difficulty of mapping indirect exposure across protocols.
The post stated, “No participant, including protocols themselves, can fully map their exposure network.” It added that when users cannot verify exposure in real time, they often react by withdrawing funds.
DeFi risk debate shifts to system design
The post also focused on bridge security. It claimed Kelp used a 1-of-1 verifier setup, meaning one node verified cross-chain messages before funds moved. The post argued that this design created a single point of failure inside a product marketed as decentralized.
The analysis also questioned yield stacking. It said each layer adds new risks, including validator slashing, restaking risks, bridge bugs, contract failures, and lending liquidations.
The post said users should not judge DeFi products only by APY. It argued that higher returns often reflect hidden risk across several connected systems, not simple passive income.
The Kelp DAO exploit has now become part of a wider debate on DeFi security, leverage, and transparency. The incident showed how one failure can affect users across several platforms, including users who did not directly interact with Kelp DAO.
