Justin Sun Urges Kelp DAO Hacker to Negotiate After $293M rsETH Heist

Tron Network founder Justin Sun publicly urged the hacker responsible for the $293 million Kelp DAO exploit to enter negotiations. In a post on X (formerly Twitter) on Sunday, Sun asked,

"Kelp DAO hacker, how much you want? Let’s talk. With Kelp DAO’s help, of course. It’s simply not worth it to sacrifice both Aave and Kelp DAO and let the go down over this hack. You can’t spend $300 million anyway."

The heist involved the theft of rsETH tokens, a liquid staking token that enables users to earn rewards from Ethereum staking and EigenLayer. The exact motive behind Sun’s public appeal remains unclear, and he did not immediately respond to requests for comment.

Onchain data reveals that addresses linked to HTX, the crypto exchange owned by Sun, had deposited hundreds of millions of dollars into Aave, a major decentralized finance (DeFi) lending platform. As of December, HTX held over $1.4 billion in USDT stablecoin reserves on Aave, according to a Protos report.

Contagion Risks and Market Impact

The attack on Kelp DAO’s rsETH tokens poses a systemic risk due to the token’s cross-protocol functionality. While Kelp DAO froze rsETH markets on its platform, the incident threatened to spill over into other DeFi protocols, including Aave.

Investors reacted swiftly, withdrawing nearly 25% of the assets deposited into Aave since the hack. The total value locked (TVL) in the protocol has since dropped to just over $34 billion.

Aave confirmed in its latest update on X that rsETH remains frozen across "Aave V3 and V4". The platform stated,

"Exposure to the incident is capped. WETH reserves also remain frozen across affected markets including Ethereum, Arbitrum, Base, Mantle, and Linea. Aave is actively validating information and assessing potential resolutions."

Kelp DAO’s Silence and Industry Fallout

Since April 18, Kelp DAO has not issued any official statements beyond an initial update confirming "suspicious cross-chain activity involving rsETH." The DAO also did not respond to requests for comment.

The Kelp DAO exploit is the largest crypto heist since hackers stole $1.4 billion from Bybit in February 2025. According to DefiLlama, the total value stolen from industry projects in 2026 has now reached $771 million.

LayerZero, a cross-chain messaging protocol, has attributed the hack to the Lazarus Group, a hacking collective with ties to the Democratic People’s Republic of Korea (DPRK). In a post on X, LayerZero stated,

"Preliminary indicators suggest attribution to a highly-sophisticated state actor, likely DPRK’s Lazarus Group, more specifically TraderTraitor. This incident was isolated to KelpDAO’s rsETH configuration as a direct consequence of their single-DVN setup. There is zero contagion to any other cross-chain assets or applications."