Lido: EarnETH’s ~9% rsETH Exposure Impacted by the KelpDAO Incident; stETH and wstETH Unaffected

Apr 23, 2026

Lido: EarnETH’s ~9% rsETH Exposure Impacted by the KelpDAO Incident; stETH and wstETH Unaffected

On April 23, 2026, Lido shared a fresh status update on the KelpDAO rsETH security incident, emphasizing that its core liquid staking products remain intact: stETH and wstETH are not affected. The risk is currently isolated to Lido Earn—specifically the EarnETH vault—due to limited rsETH exposure and a broader lending-market liquidity squeeze that followed the incident.

Below is a clear breakdown of what happened, what is (and isn’t) at risk, and what DeFi users should take away from this event.

TL;DR

  • stETH and wstETH are unaffected because Lido’s core staking protocol is not part of the impacted rsETH mechanics.
  • Only EarnETH has direct rsETH exposure, currently estimated at ~9% of EarnETH TVL (reported as roughly $21.6M across coverage).
  • EarnETH deposits/withdrawals have been paused by the vault’s manager while a resolution is finalized.
  • Two key risk points were highlighted:
    1. rsETH exposure (asset-level risk)
    2. tight liquidity / elevated rates in lending markets (market-structure risk)
  • Parts of the stolen funds have reportedly been recovered (~$70M), while recovery and loss allocation discussions continue.

What happened: the KelpDAO rsETH incident in context

The catalyst was a major exploit involving KelpDAO’s rsETH cross-chain setup, which triggered a chain reaction across DeFi venues where rsETH had been used as collateral or integrated into strategies. LayerZero, whose technology was involved, stated the incident was tied to KelpDAO’s configuration choices, including reliance on a single-DVN security model. (Reference: LayerZero’s KelpDAO incident statement)

As the market digested the event, risk controls kicked in across lending markets. Aave governance discussions and incident documentation show that rsETH markets were frozen and risk parameters tightened to contain contagion. (Reference: Aave governance: rsETH Incident Report (Apr 20, 2026))

This matters because many “enhanced yield” products—vaults, leverage loops, and restaking-adjacent strategies—depend on continuous liquidity and stable collateral assumptions. Once those assumptions break, the stress tends to surface in lending utilization, borrowing costs, and the unwind path for leveraged positions.

Lido’s April 23 update: what’s affected and what’s not

1) stETH and wstETH: unaffected (core protocol remains stable)

Lido’s key point is the separation between:

  • Lido core staking (stETH / wstETH), and
  • Lido Earn vaults (curated DeFi strategy products)

The core staking protocol mints stETH based on Ethereum staking flows and validator operations, which are structurally different from the rsETH bridge/restaking incident. For users who only hold stETH or wstETH (and are not routing them into EarnETH strategies), the reported impact is none.

If you want a refresher on how Lido positions its Earn products relative to its core staking foundation, see: Lido Earn expands with EarnETH and EarnUSD

2) EarnETH: ~9% rsETH exposure + lending-market stress

Lido stated that its Earn series vaults are working through the situation with the vault manager, with two major risk dimensions:

  • rsETH exposure inside EarnETH
  • liquidity tightness in lending markets (higher utilization → higher borrow rates → strategy pressure)

EarnETH is designed to allocate assets across “blue-chip DeFi protocols,” and Lido’s own interface highlights that the vault can use leverage, which introduces liquidation/unwind complexity during market shocks. (Reference: EarnETH vault page and risk disclosures)

Current status highlighted across multiple reports:

  • Only EarnETH has direct rsETH exposure (about ~9% of TVL).
  • Deposits and withdrawals are paused by the vault manager while the solution is implemented.
  • Lido has discussed a DAO-funded first-loss buffer (~$3M) designed to absorb losses before users do, if losses ultimately need to be realized (details widely reported alongside Lido’s public communications).

Why this didn’t “spread” to stETH / wstETH

This incident is a useful reminder of a key DeFi distinction:

  • Asset risk: rsETH’s assumptions were challenged due to the incident and downstream market actions (freezes, de-risking).
  • Strategy risk: EarnETH’s yield comes from composable DeFi positions—some of which can be affected when an integrated asset or venue becomes impaired.
  • Protocol risk: Lido’s core staking system is a different layer entirely; it doesn’t rely on rsETH bridge mechanics to function.

In other words, vault products can inherit third-party risks even when the underlying “blue-chip” staking token remains healthy.

What users should do now (practical checklist)

If you hold stETH or wstETH only

  • No special action is implied by the update—just keep practicing normal operational security:
    • Verify URLs, avoid blind signing, and double-check contract interactions.
    • Consider segregating DeFi “hot” wallets from long-term holdings.

If you deposited into EarnETH

  • Expect the pause to remain until the manager finalizes a remediation path.
  • Monitor official channels and product pages for the final resolution path (unwind mechanics, valuation methodology, and whether any first-loss buffer is activated).
  • Treat this as a risk review moment:
    • Understand what collateral types the vault can hold or borrow against.
    • Re-evaluate your comfort with leveraged strategies in a post-incident lending environment.

If you’re evaluating “enhanced ETH yield” products in 2026

Given the 2025–2026 trend toward restaking, liquid restaking tokens (LRTs), and vault-managed yield, users should increasingly ask:

  • What are the vault’s top exposures and worst-case unwind paths?
  • Does the strategy depend on a single lending venue’s liquidity?
  • Are there circuit breakers, caps, and transparent risk reporting?

A helpful starting point is reading primary incident documentation rather than social summaries, such as the Aave governance incident report and the LayerZero incident statement.

Security takeaway: incidents aren’t always “wallet problems,” but wallet security still matters

This event was driven by protocol/configuration and composability risk, not private-key compromise. Still, periods of uncertainty are when phishing and fake “recovery” links spike.

If you’re interacting with DeFi during fast-moving incidents, using a hardware wallet can materially reduce risk from:

  • malicious approvals,
  • clipboard/address hijacking,
  • and social-engineered signature prompts.

OneKey is a strong fit for this workflow because it emphasizes transparent security design (including open-source components) and helps keep private keys offline—particularly valuable when you need to sign transactions carefully across multiple Ethereum DeFi apps during volatile conditions.

Bottom line

  • Lido core staking (stETH / wstETH) remains unaffected per Lido’s April 23, 2026 messaging.
  • EarnETH is the focal point, with ~9% rsETH exposure plus pressure from tight lending-market liquidity.
  • The broader lesson for 2026 is clear: as DeFi yield products become more sophisticated—especially those combining leverage, lending, and restaking-adjacent assets—composability turns isolated incidents into ecosystem-wide stress tests.

Staying safe increasingly means understanding not just what token you hold, but what hidden balance sheet you’re exposed to through vaults and integrated strategies.

Secure Your Crypto Journey with OneKey

View details for Shop OneKeyShop OneKey

Shop OneKey

The world's most advanced hardware wallet.

View details for Download AppDownload App

Download App

Scam alerts. All coins supported.

View details for OneKey SifuOneKey Sifu

OneKey Sifu

Crypto Clarity—One Call Away.