Tornado Cash-Funded Wallet Steals 116,500 rsETH From KelpDAO

A Tornado Cash-funded wallet drained 116,500 rsETH from KelpDAO in a cross-chain incident that pushed the protocol into emergency pauses and forced DeFi counterparties to contain exposure.

What happened in the KelpDAO rsETH theft

The transaction hash 0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222 shows rsETH moving from KernelDAO: Bridge to 0x8B1b6c9A6DB1304000412dd21Ae6A70a82d60D3b at 05:35:35 PM UTC on April 18, 2026, and the same trace lists LayerZero: EndpointV2 with the lzReceive function.

KelpDAO said it identified suspicious cross-chain activity involving rsETH and paused the token’s contracts across mainnet and several layer-two networks while it investigated. That broad halt matters because Ethereum bridge and scaling routes are now core operating rails for wrapped assets, a point Bitcoin Info News has also explored in its coverage of Ethereum layer-two developer activity.

Aave said it froze rsETH markets on Aave V3 and Aave V4 and added that its own contracts were not exploited. That response shows the spillover was serious enough for a major lending venue to isolate the asset before wider DeFi repricing could develop.

Why the Tornado Cash funding link matters

Etherscan labels the sender as Exploit and shows the wallet receiving 1 ETH from Tornado Cash about 18 hours before the drain. That funding trail matters because it gives investigators a verifiable gas source while still leaving attribution unresolved.

The mixer connection should be treated as wallet history, not identity proof. Based on the address record, the KelpDAO statement, and the Aave freeze notice, the confirmed facts are the seed funding, the bridge outflow, and the defensive response rather than the attacker’s name or jurisdiction.

That setup is different from directly traceable bitcoin transfer stories such as the U.S. government move tied to the $9 billion Bitfinex hack, where the wallet path itself was the main evidence. Here, the key proof is a Tornado-funded seed wallet paired with a bridge message that preceded defensive shutdowns across linked protocols.

What the theft could mean for KelpDAO and rsETH

Crypto Briefing reported the drained balance equaled about 18% of rsETH’s roughly 630,000-token circulating supply, which helps explain why containment moved quickly from the bridge into lending markets. That concentration risk landed in an Ethereum ecosystem whose broader positioning Bitcoin Info News recently discussed in coverage of ether strength versus bitcoin and rising stablecoin liquidity.

A single Crypto Briefing report said the attacker may have spoofed LayerZero verification and later framed the incident at roughly $292 million, but the reviewed source set does not include an official postmortem and the Etherscan transaction page priced the executed transfer at $272,769,334.37. Until KelpDAO or an auditor publishes a technical breakdown, the exact failure mode remains unconfirmed.

CoinGecko showed ETH at $2,345.17 during the same stretch, giving the exploit a softer market backdrop than a momentum week and adding to the caution around DeFi collateral. That caution fits the tone of Bitcoin Info News coverage of recent Ethereum spot ETF outflows, where sentiment was already fragile before this bridge shock.

Outlook for KelpDAO and cross-protocol risk

The next decision points are whether KelpDAO can reopen rsETH contracts and whether Aave lifts its freeze once bridge risk is better bounded. For readers who anchor on bitcoin’s simpler settlement model, the contrast is that this event is documented through Ethereum bridge messaging and protocol pauses, not through any failure of Bitcoin’s base-layer transfer rules.

The broader lesson is that a bridge event can jump from a wrapped asset into lending venues when the on-chain trail already shows mixer-funded preparation and the execution-time valuation is large enough to force an Aave market freeze. That combination of funding obfuscation and protocol contagion is what makes this incident more than a single wallet movement.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.