rsETH Hack Event Protocol Responses Overview: Multi-Party Pause of LayerZero OFT Cross-Chain Bridge, rsETH Still Frozen in Aave

Saturday, April 20 — The LayerZero cross-chain bridge for rsETH (a liquidity re-staking token from Kelp DAO) was hacked, marking the largest DeFi hack of 2026 to date. The attacker forged LayerZero cross-chain messages to withdraw 116,500 rsETH directly from the bridge contract, then deposited the tokens into Aave and other lending platforms to borrow WETH—creating significant uncollateralized bad debt risk. Below is a roundup of responses from major DeFi protocols to the rsETH hack: Aave has shared an update on the rsETH incident: rsETH on the Ethereum mainnet is fully collateralized. The token remains frozen on Aave V3 and V4, while WETH reserves are frozen in affected markets including Ethereum, Arbitrum, Base, Mantle, and Linea. Aave is actively verifying details and evaluating potential resolutions. Ethena has officially extended the suspension period for its LayerZero OFT cross-chain bridge. Additionally, the protocol released updated reserve proofs confirming its USDe stablecoin maintains a collateralization ratio above 100%. LayerZero stated it has fully grasped the rsETH vulnerability and has been collaborating with the Kelp DAO team on fixes since the hack occurred, while continuously monitoring the situation. All other applications remain secure, and the protocol will publish a comprehensive post-incident analysis report alongside Kelp DAO once all relevant information is compiled. Fluid announced the launch of its aWETH redemption protocol, which enables ETH borrowers to: redeem for wstETH or weETH (restoring liquidity immediately and reducing liquidation risk); redeem in full if they only borrowed ETH; or seamlessly convert ETH collateral to wstETH/weETH while keeping other debts intact. The protocol’s initial capacity is capped at $1 billion worth of ETH. Morpho has temporarily suspended its MORPHO LayerZero OFT cross-chain bridge on Arbitrum until the root cause of the rsETH incident is identified. The protocol noted its smart contracts are secure and operating normally; risk exposure is limited (only ~$1 million worth of ETH was borrowed using rsETH as collateral, spread across two isolated markets out of thousands total). Thanks to Morpho’s fully isolated market design, all other vaults remain unaffected. Curve Finance announced it has suspended its LayerZero infrastructure, impacting: CRV bridging from BNB, Sonic, Avalanche, Fantom, Etherlink, and Kava (bridging from other chains still uses native bridges); and crvUSD quick bridging (L2 slow bridging remains operational). Reserve issued an official update: Its DTF holders are unlikely to be affected. RSR stakers in the Reserve Protocol’s USD3 and eUSD may qualify for "first-loss capital" protection, though the impact is minimal and RSR’s overcollateralization is sufficient to cover any potential losses. ETH+ and bsdETH contain no rsETH collateral, making them zero-risk. As a precaution, Reserve has temporarily paused minting, rebalancing, and RSR unstaking for eUSD and USD3—redemption functionality remains operational. Maple Finance stated all USDT provided on Aave Mantle using syrupUSDT has been withdrawn. Its syrupUSDC and syrupUSDT products are not impacted by the rsETH exploit. Polygon has been actively monitoring the rsETH exploit. The Polygon chain, Agglayer, and entire ecosystem (including Katana and Vaultbridge) have not been impacted by the incident. EtherFi announced its protocol’s liquidity pool remains unaffected by the Kelp rsETH exploit, and pool users will not suffer any fund losses. Hyperliquid’s DeFi project Hyperwave announced it has temporarily suspended all LayerZero bridging of Hyperwave assets as a precautionary measure.