# DeFi Bank Run?

*Author: Bankless*
*Published: Apr 20, 2026*
*Source: https://www.bankless.com/de/read/defi-shaken*

---

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/Group-738.png)](https://link.metamask.io/perps?sig=ZEapBaui3fjBr-UtJT-pJNHNwgKBNPGBrrsP4dtJMVdqJzXLP2YIP_o94axxzT9x5m6D2xqGcPbZyXEMrFLvdQ&utm_source=bankless&utm_medium=partner&utm_campaign=cmp-161019518-afbf08)

  
DeFi Bank Run?

  
  Published on Apr 20, 2026

[
  
  View in Browser

](https://bankless.com/read/briefs)
 

---
[**Sponsor: MetaMask**](https://link.metamask.io/perps?sig=ZEapBaui3fjBr-UtJT-pJNHNwgKBNPGBrrsP4dtJMVdqJzXLP2YIP_o94axxzT9x5m6D2xqGcPbZyXEMrFLvdQ&utm_source=bankless&utm_medium=partner&utm_campaign=cmp-161019518-afbf08) - Trade perps with 50x leverage on mobile, powered by Hyperliquid.[](https://bankless.ghost.io/ghost/#/editor/post/69580059dbc84d000120d568)[](https://www.bankless.com/portal/content/posts/view?id=8502)[](https://bankless.ghost.io/ghost/#/editor/post/69580059dbc84d000120d568)

[Trade perps on MetaMask](https://link.metamask.io/perps?sig=ZEapBaui3fjBr-UtJT-pJNHNwgKBNPGBrrsP4dtJMVdqJzXLP2YIP_o94axxzT9x5m6D2xqGcPbZyXEMrFLvdQ&utm_source=bankless&utm_medium=partner&utm_campaign=cmp-161019518-afbf08)[](https://www.bankless.com/portal/content/posts/view?id=8502)

[](https://bankless.ghost.io/ghost/#/editor/post/69580059dbc84d000120d568)[](https://www.bankless.com/portal/content/posts/view?id=8502)[](https://bankless.ghost.io/ghost/#/editor/post/69580059dbc84d000120d568)[](https://www.bankless.com/portal/content/posts/view?id=8502)

[](javascript:;)

.  .  .

 
  
    
      
      NEED TO KNOW
    
    
  
  
Kelp DAO Exploit Strikes DeFi

  

 

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/Group-22--11-.png)](https://bankless.com/)- 😳 **Kelp DAO Bridge Drained for $292M in rsETH.** The cross-chain exploit [struck](https://www.bankless.com/read/news/kelp-dao-bridge-drained-for-292m-in-rseth) a LayerZero integration, now Aave is scrambling to contain fallout.
- 💸 **Strategy Buys 34K BTC, Bitmine Crosses 4% of ETH Supply. **Strategy [spent](https://www.bankless.com/read/news/strategy-buys-34k-btc-bitmine-crosses-4-of-eth-supply) $2.54B on Bitcoin last week. Bitmine added 101,627 ETH to their stash in largest purchase yet this year.
- 🤖 **x402 Foundation Launches Storefront for Agentic Commerce. **Agentic.Market lets humans and AI agents [discover and connect](https://www.bankless.com/read/news/x402-foundation-launches-storefront-for-agentic-commerce) to x402 services.
📸**Daily Market Snapshot: **Despite Trump's Strait opening celebration being premature, U.S. stock indices and crypto markets held largely steady Monday.

Prices as of 6pm ET
24hr
7d

 

       ![](https://banklesspublic.b-cdn.net/cmc.png)
    

  **Crypto**
   
          $2.56T
       

  
    
    ↗ 2.2%
  

   
    
    ↗ 3.5%

  

       ![](https://banklesspublic.b-cdn.net/btc.png)
    

  **BTC**
   
          $76,071
       

  
    
    ↗ 2.6%
  

   
    
    ↗ 3.6%
 
  

       ![](https://banklesspublic.b-cdn.net/eth.png)
    

  **ETH**
   
          $2,325
       

  
    
    ↗ 2.5%
  

   
    
    ↗ 2.4%
    

 

[](javascript:;)

.  .  .

 
  
    

ANALYSIS

  
  
DeFi Shaken by rsETH Attack
  
   
     
     Bankless Author: 
     
       [ 
        Jack Inabinet](https://www.bankless.com/author/jack)
     
    
 

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/image---2026-04-20T172914.584.png)](https://www.bankless.com/trapped-liquidity-7b-bank-run-freezes-cryptos-leadin-lenders-locked-in)As crypto continues to grapple with the latest DeFi exploit, the space is reckoning with an existential question:*** Is any DeFi application truly safe?***

Over the weekend, crypto’s premier lending marketplaces were hit by this year’s largest DeFi exploit, involving a sophisticated attacker who compromised Kelp DAO’s LayerZero-powered bridge to illicitly mint 116.5k rsETH.

The newly minted (and unbacked) tokens worth approximately $290M were then deposited into Aave and other leading lending protocols, where they were used as collateral to borrow *hundreds of millions of dollars in ETH*, producing bad debt and triggering an industry-wide liquidity crisis.

## What Went Wrong?
The attack unfolded rapidly in two phases, successfully exploiting weaknesses in Kelp DAO’s LayerZero-powered bridge before draining hundreds of millions of dollars from Aave via unbacked rsETH loans.

### Phase 1: LayerZero Breach
Kelp DAO’s rsETH cross-chain bridge relied on LayerZero’s messaging infrastructure.

Critically, Kelp DAO configured its integration with the weakest possible security model, a 1-of-1 Decentralized Verifier Network (DVN) setup. This granted a single validator node, operated by LayerZero Labs, full authority to approve cross-chain messages.

While LayerZero’s incident [post-mortem](https://x.com/LayerZero_Core/status/2046081551574983137?s=20) claims it cautioned against minimal security setups and recommended multi-verifier configurations for high-value bridges, its protocol still permits 1-of-1 deployments.

Further, an [estimated](https://x.com/Dune/status/2046257791321670098?s=20) 47% of protocols on LayerZero use the same configuration.

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/Xnapper-2026-04-20-17.30.56.png)](https://x.com/banteg/status/2045804597407617079?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2045804597407617079%7Ctwgr%5Edb6785ec395e01a7d47ee6a8561ae4aebd81070b%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fbankless.ghost.io%2Fp%2F15a30899-5bb9-40b9-ab56-05c1337d9ac2%2F%3Fmember_status%3Dfree)The attacker exploited this single point of failure, spoofing a valid cross-chain message to [trick](https://www.coindesk.com/business/2026/04/19/the-usd292-million-kelp-exploit-how-it-happened-and-what-it-means-for-defi) the LayerZero-operated bridge into minting 116.5k unbacked rsETH directly to attacker-controlled addresses.

While Kelp DAO’s multisig froze core contracts shortly afterward, it was already too late to reverse the damage that would follow…

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/Xnapper-2026-04-20-17.30.46.png)](https://x.com/officer_secret/status/2046294895313252611?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2046294895313252611%7Ctwgr%5Edb6785ec395e01a7d47ee6a8561ae4aebd81070b%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fbankless.ghost.io%2Fp%2F15a30899-5bb9-40b9-ab56-05c1337d9ac2%2F%3Fmember_status%3Dfree)
### Phase 2: Aave Drain
Armed with their misappropriated tokens, the attacker then immediately deposited their rsETH to Aave V3 (and to a lesser extent, other platforms like SparkLend and Fluid).

This fictitious collateral position then allowed the exploiter to borrow large amounts of WETH against their unbacked tokens, producing an [estimated](https://x.com/0xWismerhill/status/2045799453588586614?s=20) $262M+ of bad debt for Aave lenders in the transactions' wake.

Instead of waiting for this bad debt to accrue against their positions, savvy DeFi lenders made a fear-motivated [rush](https://x.com/Marczeller/status/2045583631184282047?s=20) for the exits over the weekend, [draining](https://x.com/0xngmi/status/2045830559683768711?s=20) over $7B in assets from leading protocols in the exploit’s aftermath, including $6.2B from Aave, or roughly 23% of the lending market's total value locked.

The panic has been so severe that utilization rates across many Aave V3 ETH, USDC, and USDT markets have spiked to 100%, effectively locking in liquidity and preventing users from making further withdrawals.

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/Xnapper-2026-04-20-17.30.34.png)](https://x.com/0xngmi/status/2045830559683768711?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2045830559683768711%7Ctwgr%5Edb6785ec395e01a7d47ee6a8561ae4aebd81070b%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fbankless.ghost.io%2Fp%2F15a30899-5bb9-40b9-ab56-05c1337d9ac2%2F%3Fmember_status%3Dfree)
## **Current State of Affairs**
With billions in assets now effectively trapped across crypto lending markets, risk is compounding.

Depositors are unable to actively manage positions as their collateral is already on loan, meanwhile, utilization-determined interest rates are spiking, placing additional pressure on borrower positions. As liquidity evaporates and panic spreads, fears are mounting around further bad debt accumulation and broader DeFi contagion.

In an effort to contain the damage, Aave governance has [disabled](https://governance.aave.com/t/rseth-incident-2026-04-18/24481) rsETH markets across V3 and V4 deployments. Still, the move comes after the fact, and the protocol must contend with its hundreds of millions in outstanding bad debt before it can leave this ugly exploit saga behind.

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/Xnapper-2026-04-20-17.30.23.png)](https://x.com/duonine/status/2045903869688135815?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2045903869688135815%7Ctwgr%5Edb6785ec395e01a7d47ee6a8561ae4aebd81070b%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fbankless.ghost.io%2Fp%2F15a30899-5bb9-40b9-ab56-05c1337d9ac2%2F%3Fmember_status%3Dfree)
## **Where to Next?**
Aave’s V3 [staking module](https://app.aave.com/staking/?marketName=proto_mainnet_v3) holds $201M in stablecoins and $56M in WETH, capital that could be slashed to help absorb the rsETH-driven deficit. Beyond that, the protocol’s legacy [safety module](https://app.aave.com/safety-module/) contains an additional $266M in AAVE tokens, which could be sold to cover any remaining shortfalls.

While the size of these backstops suggests Aave will be able to absorb this specific loss without going insolvent, the rsETH exploit episode raises deeper concerns about the resilience of decentralized lending markets.

A shock of this magnitude could deter users from lending capital – and even more so from backstopping risk via staking/safety modules – potentially undermining confidence in the unified liquidity strategy that underlies Aave V3.

Crypto economic systems were always intended to be built on resilient, trust-minimized foundations. Unfortunately, in the race toward a smoother UX or flashier feature set, some teams have taken shortcuts, introducing fragile points of failure, as clearly evidenced by the breakdown of Kelp DAO’s 1-of-1 LayerZero bridge verifier.

Episodes like this underscore the risks of poorly designed, quasi-centralized systems and demonstrate the immense consequences of shortcut-driven design.

If crypto is to fulfill its promise, builders must abandon fragile architectures and return to security-first principles rather than relying on brittle multisigs or single-signer architectures.

[![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/Xnapper-2026-04-20-17.30.07.png)](https://x.com/RyanSAdams/status/2046306759631950214?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E2046306759631950214%7Ctwgr%5Edb6785ec395e01a7d47ee6a8561ae4aebd81070b%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fbankless.ghost.io%2Fp%2F15a30899-5bb9-40b9-ab56-05c1337d9ac2%2F%3Fmember_status%3Dfree)[Share this Article](https://www.bankless.com/trapped-liquidity-7b-bank-run-freezes-cryptos-leadin-lenders-locked-in)
---
---

*This article is brought to you by [MetaMask](https://www.bankless.com/de/sponsor/metamask-1776260643?ref=read/defi-shaken)*