DeFi contagion dangers are increasing after a $300 million exploit targeting KelpDAO exposed structural risks tied to Layer 2 integrations.
Early findings indicate the incident did not compromise Ethereum mainnet reserves but instead exploited cross-chain mechanisms linked to rsETH.
Market participants reacted quickly as liquidity tightened and multiple protocols imposed emergency restrictions.
Layer 2 exploit triggers cross-chain concerns
The attack originated from a wallet funded through Tornado Cash, which remained inactive for nearly ten hours before initiating a transaction through LayerZero’s EndpointV2 contract.
This call activated KelpDAO’s bridge logic and released 116,500 rsETH to the attacker, representing roughly 18% of the token’s circulating supply.
The stolen assets were valued at approximately $292 million at the time.
Two additional attempts aimed to extract another 80,000 rsETH were blocked after KelpDAO executed an emergency pause.
Source: ZachXBT/X
If successful, total losses could have approached $391 million. Investigators now point to a weak validation setup involving a 1-of-1 decentralized verifier network configuration, which allowed unbacked tokens to be minted without a corresponding burn event on the source chain.
Sources familiar with the situation maintain that core Layer 1 reserves remain intact and fully collateralized.
The issue appears isolated to Layer 2 routes, although uncertainty persists as teams continue to verify exposure across interconnected systems.
Lending protocols freeze activity amid rising risks
Following the exploit, the attacker deposited stolen rsETH into Aave V3 and used it as collateral to borrow ETH and WETH.
This raised concerns about potential bad debt, with exposure estimates reaching as high as $177 million.
Aave responded by freezing the rsETH markets across its platforms and stated that the vulnerability originated from the token rather than its own infrastructure.
Other protocols took similar precautions. SparkLend suspended its rsETH market, while Fluid halted related activity.
Vault platforms, including Upshift, paused key products tied to ETH strategies. Additional exposure extended to systems connected with Pendle, Compound, Euler, Beefy, and Yearn, amplifying fears of broader contagion.
Despite the disruption, some stakeholders insist that certain markets remain solvent and that risks are contained.
Still, borrowing costs surged sharply, and liquidity conditions tightened as users attempted to unwind positions.
Liquidity strain complicates recovery efforts
Efforts to stabilize the ecosystem have been hindered by congestion in Ethereum’s exit queue and elevated swap premiums.
These conditions have made it difficult for participants to deleverage positions or process withdrawals efficiently.
Several teams delayed Oracle updates due to uncertainty around rsETH pricing, further complicating operations.
Withdrawals have not been formally halted, but limited clarity around losses has slowed execution.
Estimates suggest potential losses could reach around 9,000 ETH in a severe scenario. Some projections indicate that top-level depositors could face modest impacts if losses extend beyond Layer 2 environments.
Source: Vercel
Market participants are now awaiting fresh liquidity injections expected within days, which could ease withdrawal pressures. Until then, caution remains high as protocols assess the full extent of the incident and its implications for cross-chain DeFi infrastructure.
