James Ding
Apr 18, 2026 22:32
Kelp’s rsETH bridge drained of $293M as attacker converts stolen funds to ETH. Aave freezes markets, 9 protocols impacted in cascading DeFi disaster.
Kelp DAO’s rsETH adapter bridge was exploited Saturday for roughly $293 million, marking the biggest single protocol hack of 2026 and triggering emergency freezes throughout a minimum of 9 DeFi platforms with publicity to the liquid restaking token.
The attacker funded their pockets via Twister Money and has already transformed roughly $250 million of the stolen belongings to ETH, in keeping with blockchain safety agency Cyvers. Kelp has paused rsETH contracts on Ethereum mainnet and a number of Layer-2 networks whereas investigating.
Contagion Spreads Throughout DeFi
Aave moved shortly to freeze rsETH markets on each V3 and V4 deployments. The lending protocol’s AAVE token dropped 10% following the information, whereas ETH fell 3.74% to $2,401.60 amid broader market jitters.
“That is precisely the form of incident that highlights the dangers of composability in DeFi,” Cyvers CEO Deddy Lavid advised Cointelegraph. When one protocol’s token is built-in throughout a number of platforms, a single exploit can cascade via your complete ecosystem.
Kelp DAO, based by Stader Labs co-founders Amitej Gajjala and Dheeraj Borra, lets customers deposit liquid staking tokens like stETH to obtain rsETH—a token that earns yields from each Ethereum staking and EigenLayer providers. That deep integration made rsETH engaging for yield methods but in addition created systemic danger.
Second Main Exploit This Month
The Kelp hack follows Drift Protocol’s $280 million exploit earlier in April. Drift’s autopsy revealed attackers spent months infiltrating the group after assembly builders at a crypto convention—a classy social engineering marketing campaign linked to suspected North Korean state hackers.
Mixed with different incidents, Q1 2026 noticed $482 million misplaced to hacks and scams. The Kelp exploit alone exceeds 60% of that quarterly whole.
What Occurs Subsequent
Kelp hasn’t responded to press inquiries. For rsETH holders, choices are restricted whereas contracts stay paused. Customers with rsETH collateral on frozen lending markets face potential liquidation dangers if freezes carry earlier than the state of affairs stabilizes.
The assault vector—concentrating on a bridge adapter quite than core protocol logic—echoes earlier high-profile exploits. Bridge contracts stay DeFi’s most susceptible assault floor, dealing with cross-chain worth transfers with advanced safety necessities.
Merchants ought to monitor bulletins from affected protocols and keep away from interacting with rsETH-related contracts till Kelp gives readability on the exploit’s scope and any potential restoration plans.
Picture supply: Shutterstock