Kelp DAO’s rsETH Recovery Closes a Critical Chapter for DeFi
The recovery of Kelp DAO’s rsETH token, five weeks after a devastating $293 million exploit linked to North Korea’s Lazarus Group, marks one of the most important stabilization efforts in decentralized finance this year. What initially appeared to be another isolated protocol hack quickly evolved into a broader stress test for the interconnected architecture of modern DeFi.
Kelp DAO confirmed that the final tranche of 20,373.7 rsETH had been transferred back into the LayerZero smart contract infrastructure responsible for cross-chain operations. According to the protocol, this effectively concludes the operational phase of its recovery strategy and restores the collateral backing behind rsETH.
The exploit, which occurred on April 18, exposed more than just vulnerabilities in one liquid staking protocol. It highlighted how deeply intertwined today’s DeFi ecosystem has become. Once the attacker deposited a substantial portion of the stolen 116,500 rsETH into lending markets as collateral, the damage rapidly spread outward.
One of the biggest casualties was Aave, which reportedly accumulated around $190 million in bad debt after the attacker borrowed wrapped Ether against the compromised assets. The incident triggered widespread panic withdrawals and caused Aave’s total value locked to collapse from roughly $26.4 billion to below $14 billion.
While recent data suggests the bleeding has slowed, investor confidence has not fully returned. Aave’s TVL continues to stagnate near post-hack lows, underscoring a growing reality within DeFi: liquidity is highly mobile, and trust is even more fragile.
The broader crypto industry has now become accustomed to large-scale exploits, but the Kelp DAO incident stands out because of the systemic risks it revealed. Unlike traditional finance, where institutions often operate behind regulatory firewalls and liquidity safeguards, DeFi protocols remain heavily composable. That composability fuels innovation, but it also creates channels for contagion.
The recovery itself was made possible through cooperation across several crypto projects under the “DeFi United” initiative. That collective response may become one of the more important long-term developments from the crisis. In a decentralized ecosystem lacking central banks or formal bailouts, coordinated industry action increasingly appears to be the only viable emergency mechanism.
Kelp DAO says rsETH minting, redemptions, rewards, and withdrawals are now operating normally again. Operationally, the protocol may be stabilizing. Reputationally, however, recovery takes much longer.
The incident also reinforces a troubling trend surrounding North Korean cyber operations. Lazarus Group-linked attacks continue to target crypto infrastructure with alarming effectiveness, exploiting both technical weaknesses and governance gaps across decentralized systems. The scale and sophistication of these operations suggest that cybersecurity in DeFi is no longer merely a technical issue — it is becoming a geopolitical and financial stability concern.
April’s combined crypto hack losses reportedly reached $630 million across 25 separate incidents, making it one of the worst months for digital asset security since the record-breaking Bybit breach in early 2025.
For DeFi advocates, the Kelp DAO recovery demonstrates resilience. For critics, it demonstrates structural vulnerability. Both interpretations can be true simultaneously.
The real question now is whether the sector learns from the event fast enough to prevent the next liquidity shock before it spreads across the ecosystem again.