Kelp DAO, Aave to resume rsETH operations as recovery from $292 million exploit progresses

Kelp DAO and Aave are moving forward with recovery operations following the April 18 exploit that drained $292 million from Kelp's ecosystem. Security researchers attribute the attack to North Korea's Lazarus Group, marking another major incident traced to the state-sponsored hacking outfit.

The exploit targeted Kelp's rsETH token, a liquid restaking derivative that allows users to stake Ethereum while earning additional yield through Eigenlayer's AVS (Actively Validated Services) network. The attack exposed vulnerabilities in Kelp's smart contract architecture, forcing the protocol into defensive mode and triggering a temporary pause on operations.

Kelp DAO has since initiated recovery procedures, working with Aave to resume rsETH functionality across the ecosystem. Aave, which integrated rsETH as collateral in its lending protocol, faced indirect exposure to the exploit and coordinated with Kelp on remediation steps. The collaboration reflects the interconnected risk landscape in DeFi, where exploits cascade across multiple protocols.

The $292 million theft represents one of 2024's largest DeFi hacks. It underscores persistent vulnerabilities in liquid restaking protocols, a category that has attracted billions in TVL but remains under-tested in live environments. Kelp's architecture allowed attackers to drain funds through a combination of reentrancy vectors and improper validation logic.

Recovery timelines remain fluid. Kelp has committed to a transparent postmortem and smart contract audit before full operations resume. The protocol faces pressure to restore user confidence in rsETH, which traded at a discount to ETH value following the hack.

The Lazarus Group attribution carries geopolitical weight. The outfit has historically targeted cryptocurrency exchanges and protocols, stealing billions since 2014. Attribution comes from on-chain analysis tracking fund movement and known Lazarus patterns, though definitive proof remains elusive.

For Aave and other integrated platforms, the incident reinforces the need for circuit breakers and collateral risk modeling around newer token categories. rsETH integration will likely face heightened scrutiny as