What Is Rehypothecation? The Risk Amplifier in DeFi
On April 18, 2026, a forged data packet stole approximately $292 million worth of rsETH from Kelp DAO's cross-chain bridge. Logically, this was just a bridge attack, and the loss shouldn't have far exceeded the stolen amount. But over the next 48 hours, Aave incurred nearly $200 million in bad debt, and the total TVL of the entire DeFi ecosystem evaporated by about $6.6 billion.
The loss was magnified more than twenty times.
Where did the problem lie? In rehypothecation—the same ETH was simultaneously backing Ethereum staking, EigenLayer restaking, an Aave lending position, and was also bridged across over twenty Layer 2s. When the bridge fell, all leveraged positions relying on that chain collapsed together.
This isn't an isolated case. The core cause of the 2022 chain bankruptcies of Celsius, Voyager, and BlockFi was the same: customer assets were repeatedly used as collateral, forming a debt chain that no one could see in its entirety.
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!
What Does Rehypothecation Actually Mean?
Simply put, it's quite straightforward.
You borrow some money from a platform, pledging 1 BTC as collateral. Under normal custodial models, that 1 BTC should sit quietly in a wallet, waiting for you to repay and get it back.
But some platforms will use it again—lending it to others, staking it, or using it as collateral to borrow more money. Your BTC is still somewhere on the chain, but its "owner" is no longer you, or rather, one BTC now owes debts to multiple people.
Traditional finance does this too, but it's regulated. Brokers rehypothecating client assets have limits (in the US, typically 140% of the loan balance) and must disclose it.
In the crypto world, these constraints are basically non-existent.
What Does Rehypothecation Look Like in DeFi?
The "lend the platform 1 BTC, platform lends it out to earn the spread" model mentioned earlier is a CeFi model, and that's how Celsius died.
Rehypothecation in DeFi is more subtle and more complex.
A typical play looks like this:
You stake your ETH on Lido, getting stETH. Then you deposit that stETH into a restaking protocol like Ether.fi or Kelp DAO, getting weETH or rsETH. Then you deposit this LRT (Liquid Restaking Token) into Aave as collateral to borrow ETH. You use the borrowed ETH to buy more stETH, and repeat the cycle from the start.
In one loop, the same original ETH is doing four things simultaneously:
- Staking on the Ethereum Beacon Chain (earning consensus layer rewards)
- Delegated to EigenLayer operators running AVS (earning restaking rewards)
- Serving as collateral in Aave (backing loans)
- The borrowed ETH becomes the principal for the next cycle
Each layer adds a new liability on top of the same underlying asset. The account balance you see belies an ETH that has been "used" countless times.
Why Is This Dangerous?
Rehypothecation essentially creates hidden leverage.
The asset exists, but the actual asset corresponding to the "receipt" in your hand may have already been borrowed by someone else. If any link in the chain fails—borrower defaults, protocol gets hacked, price crash triggers liquidation—all creditors in the chain scramble for the same thing, and those at the back likely get nothing.
Take the Kelp incident in April 2026:
After stealing rsETH from the bridge, the attacker immediately deposited it into Aave to borrow WETH. Aave used Chainlink's exchange rate oracle—which reads the redemption price officially set by the Kelp protocol, not the market price.
This design was originally meant to prevent manipulation—hackers dumping tokens couldn't affect the price. But the bridge was compromised; the actual backing for rsETH was gone, yet the exchange rate oracle didn't detect it. Throughout the attack, rsETH's price feed on Aave remained unchanged, so the liquidation engine never triggered. The hacker borrowed real assets using worthless collateral.
Aave's WETH pool was drained to only about $1.5 million in liquidity within hours. By the time the market reacted, bad debt had reached nearly $200 million.
Kelp lost $292 million, Aave lost nearly $200 million, and the entire market evaporated $6.6 billion. The 1:22 amplification ratio came from the chain reaction within the rehypothecation chain.
Rehypothecation and Restaking Are Not the Same
Many beginners confuse these terms, so it's worth clarifying.
Restaking refers to taking already staked ETH and using it to provide security for other networks (AVS) to earn additional rewards. A typical example is EigenLayer.
Rehypothecation refers to taking assets that someone else has pledged to you and using them again to create new debt claims.
The two can be combined. You restake your ETH on EigenLayer to get an LRT, then use that LRT as collateral on Aave to borrow ETH—this is rehypothecating the product of restaking.
EigenLayer's slashing mechanism itself amplifies risk. If an operator gets slashed by 2%, the loss on our ETH is 2%. But if you've rehypothecated the LRT into a leveraged loop with 5x leverage, that 2% slash becomes roughly a 10% effective capital loss.
How to Tell If You're Exposed
Just ask the platform a few questions:
Is your collateral held in segregated custody or commingled?
Segregated custody means your assets only serve your loan. Commingled means the platform can use them for other purposes.
Does the protocol's terms of service include words like "rehypothecation," "restaking," or "right to dispose of collateral"?
If the platform has the right to use your collateral for other purposes, you need to understand the risks you're taking. Many platforms hide these clauses in their user agreements, which you agree to by default when depositing.
Are the yields abnormally high?
If deposit rates are significantly higher than the market average, the platform is likely using your money for higher-risk rehypothecation operations, sharing a portion of the spread with you. High yields are buying your risk exposure.
How much would you get back if something goes wrong?
If the platform goes bankrupt, are you a secured creditor or an unsecured creditor? Most crypto platform terms of service classify depositors as unsecured creditors—last in line, likely getting little to nothing.
A Simple Judgment Framework
Not all rehypothecation is inherently bad. It does improve capital efficiency, provides more liquidity to the market, and can allow for lower lending rates.
The key is: do you know, and do you have a choice?
If a platform clearly states, "We will use your collateral for purpose X, with risk Y and return Z," and you choose to accept, that's informed trading.
If the platform only shows you a pretty interest rate, hides clauses in the fine print, and you can't trace where your collateral goes, that's a black box.
The latter killed Celsius, Voyager, and BlockFi in 2022, and tore a nearly $200 million hole in Aave in 2026.
Ask more questions, lose less money. This statement will always hold true in the crypto world.
If this article taught you something, feel free to use my referral link to register on a trading platform and support continued creation:
The world's largest cryptocurrency exchange by trading volume,leading in security and liquidity.
New user benefit: Enjoy 20% off trading fees upon registration!
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!
FAQ
Q: Is rehypothecation the same as "repledging" by brokers in traditional finance?
The mechanism is similar—both use client collateral for other purposes. The difference is that traditional finance is regulated, with limits (in the US, generally not exceeding 140% of the loan balance), disclosure requirements, and insurance protections. In the crypto world, these protections are almost entirely absent; if something goes wrong, you're an unsecured creditor.
Q: Can over-collateralization prevent rehypothecation risk?
No. Over-collateralization protects the lender—there's a buffer if the collateral drops before liquidation. But it doesn't protect your assets from being reused by the platform. A platform can require you to pledge 150% collateral and then rehypothecate that entire 150% to someone else.
Q: Is rehypothecation risk lower in DeFi protocols than in CeFi?
Each has its own risks. DeFi rehypothecation is on-chain and theoretically more transparent—you can trace asset flows. But DeFi also adds risk dimensions like smart contract vulnerabilities, cross-chain bridge attacks, and oracle failures. The Kelp incident shows that even if a protocol itself is transparent, the rehypothecation chain formed by assets strung across different protocols is nearly impossible for any single party to fully monitor.
Q: How can I check if a platform is rehypothecating my assets?
Look at three things: Does the user agreement contain authorization clauses like "rehypothecation," "restaking," or "right to dispose"? Is the custody model segregated or commingled? Does the proof of reserves explain whether assets are "unencumbered"? Proof of reserves only proves assets exist; it doesn't prove they haven't been pledged to someone else.
