$292M rsETH Cross-Chain Exploit Triggers DeFi Freeze Wave Across Aave, Curve, and Morpho

rsETHLayerZeroDeFi securityAaveCurveMorphoKYTcross-chain riskliquidity crisis

How a $292M Cross-Chain Attack Triggered Systemic Response

On April 20, Kelp DAO’s rsETH liquid restaking token was exploited via a LayerZero cross-chain bridge attack, marking the largest DeFi security incident of 2026. The attacker forged cross-chain messages, extracted approximately 116,500 rsETH from the bridge contract, and deposited them into lending protocols such as Aave to borrow WETH, creating significant uncollateralized exposure.

Major Protocols Enter Emergency Risk Mode

Aave froze rsETH markets across Ethereum and multiple Layer 2 networks while suspending related WETH reserves. Morpho halted its Arbitrum bridge and confirmed limited exposure. Curve Finance suspended LayerZero infrastructure to prevent further contagion risk.

Cascading Protocol Reactions Reveal Cross-Chain Fragility

Protocols including Ethena, Fluid, Reserve, and Maple Finance rapidly implemented emergency measures such as bridge suspension, minting pauses, and redemption controls. The coordinated response highlights how a single cross-chain exploit can propagate across the entire DeFi ecosystem.

LayerZero and Cross-Chain Infrastructure Under Pressure

LayerZero stated it is actively collaborating with KelpDAO to investigate the incident and confirmed that other applications remain unaffected. However, the event has intensified scrutiny of cross-chain security architecture, particularly around validation mechanisms and RPC dependency layers.

How KYT Detects Cross-Chain Risk Propagation

In this incident, attackers leveraged cross-chain message forgery and multi-protocol borrowing to rapidly spread risk. KYT (Know Your Transaction) continuously monitors transaction flows to detect abnormal cross-chain activity, concentrated collateral usage, and suspicious fund movements. With Trustformer KYT, platforms can identify high-risk inflows before they enter lending systems, preventing systemic contagion.

DeFi Is Entering a Defense-First Era

From Aave’s market freezes to Curve’s infrastructure suspension, DeFi protocols are shifting toward risk-first operational models. Trustformer KYT enables real-time monitoring and risk tagging across chains, helping platforms maintain operational stability even under complex cross-chain attack scenarios.

About Trustformer

Trustformer is a leading blockchain security and compliance technology company specializing in providing professional risk management and compliance solutions for the global cryptocurrency ecosystem. We have developed the cutting-edge Trustformer KYT (Know Your Transaction) platform, which integrates artificial intelligence, blockchain analytics, and regulatory technology to deliver comprehensive, accurate real-time transaction monitoring, risk assessment, and suspicious activity reporting services.

With deep industry expertise and technological innovation, Trustformer is dedicated to helping Virtual Asset Service Providers (VASPs), crypto financial institutions, and investors build a safer and more transparent crypto financial environment. We believe that driving compliance and trust through technology can contribute to the thriving growth of the global digital economy.