Kelp DAO, Aave to Resume rsETH After $292M Exploit

Kelp DAO and Aave are working to resume rsETH operations following a reported $292 million exploit that disrupted activity across both protocols. The incident, which surfaced in April 2026, prompted immediate operational pauses and has since triggered formal governance responses from both platforms.

What happened in the $292 million rsETH exploit

The exploit targeted rsETH, a liquid restaking token integrated across multiple DeFi protocols including Aave. Kelp DAO, the team behind rsETH, published an incident statement outlining the circumstances of the breach and the steps taken to contain the damage.

Aave’s governance forum published a separate incident report dated April 20, 2026, detailing how the exploit affected rsETH markets on its lending platform. The $292 million figure places this among the larger DeFi exploits in recent memory.

How Kelp DAO and Aave plan to restart rsETH services

The resumption of rsETH operations remains a plan, not a completed action. Aave’s governance community has moved forward with a formal funding update proposal addressing the financial impact and outlining the path toward restoring normal protocol activity.

Kelp DAO’s statement indicated the team is coordinating with affected partners to restore service. For users with rsETH deposits or positions on Aave, the timeline and conditions for resumed access to deposits and withdrawals will depend on the outcome of these governance processes.

The coordinated response between an asset issuer and a lending protocol reflects a pattern seen in previous DeFi security incidents, where multiple teams must align before operations can safely restart. Similar cross-protocol coordination challenges emerged when major financial players restructured operations following earlier disruptions.

Why the rsETH restart matters for DeFi confidence

The incident underscores ongoing risks in liquid restaking, a sector that has grown rapidly over the past year. Liquid restaking tokens like rsETH are integrated across lending, borrowing, and yield protocols, meaning a single exploit can cascade through multiple platforms simultaneously.

Ethereum’s DeFi ecosystem, which hosts both Kelp DAO and Aave, carries total value locked in the tens of billions according to DeFi United tracking data. An exploit of this scale highlights the systemic risk that interconnected protocols face when a widely used asset is compromised.

How Kelp DAO and Aave handle the recovery could set expectations for governance-led incident response across DeFi. The fact that both teams moved quickly to publish formal reports and funding proposals suggests an emphasis on transparency, a factor that may influence whether users return once operations resume.

The broader DeFi ecosystem continues to grapple with balancing composability and security risk. As institutional interest in crypto infrastructure grows, incidents of this scale draw attention from both retail participants and traditional finance observers. Even sectors like NFT marketplaces pivoting their business models reflect how quickly risk appetite shifts after high-profile exploits.

For now, rsETH holders and Aave users should monitor both protocols’ governance forums for updates on the restart timeline and any conditions attached to resumed operations.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.