--- title: "Kelp DAO Fully Restores rsETH After $293M Lazarus Exploit" date: 2026-05-26 author: "Kelvin Scott" featured_image: "https://coinlaw.io/wp-content/uploads/2026/05/kelp-dao-fully-restores-rseth-after-exploit.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "News" url: "/tag/news.md" --- # Kelp DAO Fully Restores rsETH After $293M Lazarus Exploit Kelp DAO has officially completed the recovery of its rsETH token system following a massive $293 million exploit linked to North Korea’s Lazarus Group that disrupted parts of the DeFi lending market in April. ## Key Takeaways - Kelp DAO completed the final phase of its rsETH recovery plan after a $293 million exploit. - The final batch of 20,373.7 rsETH was transferred to LayerZero’s OFT smart contract. - The exploit created major problems for Aave after stolen rsETH was used as collateral to borrow WETH. - Minting, redemptions, staking rewards, and cross-chain transfers are now functioning normally again. ## What Happened? Kelp DAO announced that its rsETH restoration process is now fully complete after spending five weeks recovering from a major exploit that occurred on April 18. The attack reportedly involved North Korea’s Lazarus Group and led to the theft of approximately $293 million worth of assets. According to the protocol, the final transfer of 20,373.7 rsETH tokens was successfully sent to the LayerZero smart contract that handles cross chain transfers, officially closing the operational phase of the recovery effort. > The final tranche of 20,373.72 rsETH has been sent to the rsETH OFT adapter earlier today. This closes the operational part of the rsETH recovery plan. > > Tx: > > — Kelp (@KelpDAO) [May 25, 2026](https://twitter.com/KelpDAO/status/2058969965072654673?ref_src=twsrc%5Etfw) ## Kelp DAO Completes Recovery Process The [exploit targeted Kelp DAO’s Ethereum bridge infrastructure](https://coinlaw.io/kelp-dao-292m-exploit-lazarus-layerzero/) through a forged LayerZero packet. This allowed attackers to unlock and move rsETH tokens across chains before using them inside [decentralized lending protocols](https://coinlaw.io/defi-lending-protocols-statistics/). Kelp DAO confirmed that all major functions tied to rsETH have now resumed normal activity. This includes: - **Minting operations** - **Token redemptions** - **Staking rewards distribution** - **Cross chain transfers** The protocol previously reopened withdrawals on May 14, shortly after the first recovery tranche of 25,000 rsETH was transferred on May 13. Kelp DAO also stated that several crypto protocols participated in the recovery through the **DeFi United initiative**, helping restore backing for the rsETH token. The team added that the protocol is continuing to monitor system activity and provide transparency through a public dashboard tracking the recovery status. ## Aave Suffered Heavy Fallout From the Exploit The attack quickly spread beyond Kelp DAO and caused significant disruption across the broader decentralized finance market. A large portion of the stolen rsETH, estimated at around 116,500 tokens, was reportedly deposited into [Aave](https://coinlaw.io/aave-statistics/) as collateral. The attackers then borrowed wrapped Ether against those assets, creating severe stress inside Aave’s lending markets. Reports from the incident showed that Aave accumulated roughly $190 million in bad debt after the exploit. The situation triggered heavy withdrawals from the platform as users rushed to reduce exposure. As a result, Aave’s total value locked dropped sharply from around $26.4 billion to below $14 billion during the crisis. On chain data now shows the platform’s TVL has stabilized somewhat, though it continues fluctuating between approximately $13.9 billion and $15.1 billion. The exploit once again raised concerns about how deeply interconnected DeFi protocols have become and how vulnerabilities in one system can rapidly affect liquidity across multiple platforms. ## April Became One of the Worst Months for Crypto Hacks The Kelp DAO exploit was one of 25 separate crypto hacks recorded in April. Combined losses across the industry reportedly reached around $630 million during the month. The scale of the incident also renewed attention on the growing threat posed by state backed hacking groups such as Lazarus, which has previously been linked to several high profile [attacks targeting the cryptocurrency sector](https://coinlaw.io/cryptocurrency-security-fraud-statistics/). The Kelp DAO exploit followed only months after the record breaking Bybit hack earlier in 2025, where attackers stole approximately $1.5 billion. ## CoinLaw’s Takeaway In my experience, this recovery shows that DeFi protocols are becoming much better at crisis management, but the industry still has a serious infrastructure problem when major exploits can spread damage across multiple platforms within hours. I found the speed of Kelp DAO’s operational recovery impressive, especially considering the scale of the losses and the impact on Aave’s liquidity markets. At the same time, this incident is another reminder that cross chain systems and lending protocols remain some of the most sensitive parts of crypto infrastructure today. Definition of Smart Contract. Link to full glossary entry follows the description.**Smart Contract**A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries. [Read more](https://coinlaw.io/glossary/smart-contract/) Definition of Staking. Link to full glossary entry follows the description.**Staking**Staking is the process of locking cryptocurrency in a proof-of-stake network to help validate transactions and earn rewards, replacing energy-intensive mining. [Read more](https://coinlaw.io/glossary/staking/) Definition of DeFi. Link to full glossary entry follows the description.**DeFi**Decentralized finance leverages blockchain protocols and [smart contracts](https://coinlaw.io/glossary/smart-contract/) to enable lending, trading, and borrowing without banks or traditional intermediaries. [Read more](https://coinlaw.io/glossary/defi/) Definition of Cross-Chain. Link to full glossary entry follows the description.**Cross-Chain**Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks. [Read more](https://coinlaw.io/glossary/cross-chain/)