- The billionaire Tron founder urged the Kelp DAO hacker to the negotiation table.
- The hack has affected both the liquid Ether issuer and Aave.
- The North Korean hacking collective Lazarus Group has been blamed for the attack.
Justin Sun pleaded with the criminals who stole $293 million from the Kelp DAO on Saturday.
The Tron Network founder took to X to urge the people behind the heist that pulled over $293 million in rsETH tokens, a liquid staking token that allows users to earn Ethereum staking and EigenLayer rewards, to come to the negotiation table.
“Kelp DAO hacker, how much you want? Let’s talk,” Sun said on Sunday. “With Kelp DAO’s help, of course. It’s simply not worth it to sacrifice both Aave and Kelp DAO and let the go down over this hack. You can’t spend $300 million anyway.”
It is unclear what exactly prompted Sun to reach out to the hacker. The crypto billionaire didn’t immediately return a request for comment.
Onchain data shows that addresses linked to HTX, the crypto exchange owned by Sun, have sent hundreds of millions to accounts on Aave, a huge DeFi lender.
Over $1.4 billion in HTX’s reserves held in the USDT stablecoin were lent on Aave as of December, according to a Protos report.
Freeze
Sun’s comment highlights the severity of the attack. The digital thieves targeted rsETH, but because it can be used across other decentralised finance protocols, such as Aave, it risks dragging them down as well.
Despite freezing rsETH markets on its platform, Aave investors have fled the platform en masse.
Investors have pulled out almost 25% of the assets deposited into the protocol since the hack. The total value locked is now sitting at just over $34 billion.
In its latest update, Aave said on its official X account that rsETH remain frozen across “Aave V3 and V4.”
“Exposure to the incident is capped,” Aave said. “WETH reserves also remain frozen across affected markets including Ethereum, Arbitrum, Base, Mantle, and Linea. Aave is actively validating information and assessing potential resolutions.”
Kelp DAO hasn’t issued any official messages since the April 18 update, which said it had “identified suspicious cross-chain activity involving rsETH.”
Kelp DAO didn’t immediately return a request for comment.
Hello! This chart will be available in a few moments
The hack marks the biggest on an industry project since hackers stole $1.4 billion from Bybit in February 2025.
The Kelp DAO exploit brings the total crypto stolen from industry projects so far in 2026 to $771 million, according to DefiLlama data.
LayerZero, a cross-chain messaging protocol, has blamed the hacking collective the Lazarus Group with ties to the Democratic People's Republic of Korea for the heist.
“Preliminary indicators suggest attribution to a highly-sophisticated state actor, likely DPRK’s Lazarus Group, more specifically TraderTraitor,” LayerZero’s official X account said.
“This incident was isolated to KelpDAO’s rsETH configuration as a direct consequence of their single-DVN setup. There is zero contagion to any other cross-chain assets or applications.”
Eric Johansson is DL News’ managing editor. Got a tip? Email him at eric@dlnews.com.
