The $292 million Kelp DAO exploit has sparked a wave of backlash across the crypto industry, with developers and traders warning that the incident exposed deeper flaws in the way decentralized finance (DeFi) is built.
Data shared by market participants shows that the immediate fallout spreads far beyond the hacked protocol.
“The rsETH hack triggers withdrawals across all credit protocols, even on solana and unaffected protocols,” 0xngmi said in a post on Sunday, pointing to steep outflows including “Aave: -6,200 million (-23%) net inflows” and smaller but notable declines at Morpho, Sky and JupLend. rsETH is the restocked ether of Kelp DAO and is a Liquid Restaking Token (LRT) that allows users to earn ether staking and redraw rewards while keeping their assets liquid even if they are stuck in staking.
That pressure quickly turned into something more serious. A widely circulated post by Josu San Martin described the cascading liquidity stress within the credit markets: “$ETH savers cannot withdraw the money $ETH so they borrow stables to take out money… This is a complete run-on $AAVE.”
While Aave founder Stani Kulechov said the exploit was external and that the protocol’s contracts had not been compromised, depositors panicked. Total escrow value (or deposits) fell from $26.4 billion on April 18 to nearly $20 billion in the U.S. morning hours on Sunday, DefiLlama said. The $AAVE the token also fell more than 18% as savers rushed to withdraw their money this weekend.
A ‘case study’
The exploit itself has become a point of interest for engineers and developers.
Several developers pushed back on the early assumption that the problem stemmed from the core infrastructure. “The KelpDAO exploit (~$290 million) is NOT a LayerZero protocol bug. It is a configuration issue and a case study that every cross-chain token project needs to look at today,” according to a technical analysis from cryptogoblin.
The thread detailed how a single authentication point enabled the attack. “One signature and 116,500 rsETH came out of nowhere on Ethereum,” said the post, which describes a system where “the [smart] contracts are not broken. The verification layer was,” the post claimed.
Others argued that the problem goes deeper than a single lineup choice.
One critique, called Fishy Catfish on A DVN (Decentralized Verifier Network) in DeFi, specifically within LayerZero V2, is an independent entity responsible for validating and confirming the authenticity of messages sent across various blockchain networks. Essentially, DVNs verify message hashes between a source chain and a destination chain.
To make the point clearer, the author made a real-life comparison: “Imagine if a roller coaster manufacturer let amusement parks decide individually what the minimum safety specifications were.” Essentially, the author is simply saying that flexibility without guardrails can come with hidden risks.
The post even went so far as to claim that the setup was the problem within the design. “Personally, I think this is a flawed design. Modular security is a valuable design space, but the security offering should have its own security layer that is quite strong, and on top of that, enable *additional* layers of security for more high-end use cases.”
‘DeFi is dead’
It’s not just the size and complexity of the exploit that prompted the harsh, panicky criticism. The scale of the exploit has increased concerns.
About 116,500 rsETH, about 18% of the supply, was affected. The attacker tricked LayerZero’s cross-chain messaging layer into believing that a valid instruction had arrived from another network, causing Kelp’s bridge to release 116,500 rsETH to an attacker-controlled address.
Protocols responded by freezing markets and pausing functions. Aave stopped rETH activity. Lido has stopped the deposits linked to the asset. Other projects took similar steps to limit exposure as the situation evolved.
In addition to the technical debate, sentiment about crypto turned sharply negative. One post may have put the mood swing in blunt terms: “DeFi is dead… ‘just use aave’ is dead,” adding that “The era of crypto is over” and asking, “If you’re reading this, why are you still in crypto?”
While the response may sound exaggerated, this type of knee-jerk reaction is not uncommon after major exploits, but the scope of this event is striking.
The attack impacted cross-chain infrastructure, reshaping models and credit markets at the same time. It also follows a series of recent incidents. The hack comes in an unusually hostile trajectory for DeFi, especially this month. Solana-based perpetuals protocol Drift lost about $285 million on April 1 in an attack later linked to North Korea-linked actors, and at least a dozen smaller protocols have been exploited in the weeks since, including CoW Swap, Zerion, Rhea Finance and Silo Finance.
‘Check your configurations’
Despite all the explanations, there are still more questions than answers.
Even LayerZero is still trying to figure out the full details of the exploit. “We are fully aware of the rsETH exploit and have been actively remediation with the @KelpDAO team since the incident and continue to monitor. All other applications remain safe,” reads a post on
KelpDAO echoed this sentiment. “Earlier today, we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts on the mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors, and top security experts at RCA. We will keep you posted as we learn more about this situation.”
Yet some developers see a clearer lesson in the chaos.
The exploit was not based on breaking encryption or bypassing smart contracts. Instead, it exposed how fragile systems can become when they depend on layered assumptions.
In simple terms, the tools worked as designed. The way they were configured didn’t do that.
That distinction could determine what comes next. Builders are now urging projects to review their settings, especially those that rely on cross-chain messaging.
As cryptogoblin bluntly put it: “Check your configurations. Stay safe out there.”
Read more: DeFi returns are falling so much they can’t compete with a traditional savings account