Lido gives update on KelpDAO fallout, says EarnETH vault has 9% rsETH exposure
Lido said its EarnETH vault has 9% rsETH exposure after last week’s KelpDAO exploit, while core staking products remain unaffected.
Share
Add us on Google by Estefano Gomez Apr. 23, 2026Lido Finance, the largest liquid staking protocol on Ethereum, said its EarnETH vault carries about 9% direct exposure to rsETH, with deposits and withdrawals paused while curators work through fallout from the KelpDAO exploit. The protocol said the core Lido staking system was not affected and that stETH and wstETH remain untouched.
1/ [Update on Lido Earn vaults and the ongoing Kelp incident] Lido Earn contributors are working with the vault curators (Veda and Mellow) to resolve two distinct issues arising from the Kelp incident: direct exposure to rsETH, and an ongoing liquidity crunch on lending markets.…
— Lido (@LidoFinance) April 23, 2026
The update comes after KelpDAO suffered one of the largest DeFi exploits of 2026 on April 18, when an attacker used a forged cross chain message to release 116,500 rsETH from an Ethereum side adapter without a corresponding burn on the source chain.
That haul was valued at roughly $292 million and represented about 18% of circulating rsETH at the time, triggering emergency action across lending markets.
Lido said the problem is not limited to direct rsETH exposure. Contributors are also working through a second issue tied to elevated borrowing costs and a liquidity crunch in lending markets, with Veda and Mellow reducing leverage and cutting wETH debt inside affected strategies.
Lido added that EarnETH still holds other positions independent of rsETH and said fast deleveraging has left the vault in a more favorable position while the cleanup continues.
As part of the remediation, Lido said a $3 million first loss protection mechanism funded by the Lido DAO treasury would be applied if EarnETH ultimately realizes a loss, with the DAO’s vault shares burned to absorb the hit. If the process takes materially longer than expected, curators may also introduce a last resort withdrawal path that would let users exit early by accepting the maximum anticipated haircut.
The broader market stress began after the attacker moved the illicitly obtained rsETH into lending venues and borrowed ETH against it, forcing risk managers to freeze rsETH markets. Aave said its guardian froze rsETH and wrsETH markets across deployments on April 18.
That spillover hit protocols linked to looped staking strategies, including products using rsETH inside lending structures. Lido said its DVV and EarnUSD vaults have no exposure to either Kelp’s rsETH issue or the related lending market crunch, while the GGV subvault has exposure to looped staking strategies and is currently experiencing negative yields because of the jump in borrowing rates.
Users who submitted GGV withdrawal requests before the crunch will be redeemed at pre incident valuation, Lido said.
Recovery efforts are still underway. Arbitrum’s Security Council froze about 30,766 ETH, worth roughly $71 million, tied to the exploit, giving affected protocols some hope that the final losses may end up below the initial headline figure. Lido also said public updates on recovery and loss allocation are still developing.
Disclosure: This article was edited by Estefano Gomez. For more information on how we create and review content, see our Editorial Policy.
