James Ding
Apr 18, 2026 22:32
Kelp’s rsETH bridge drained of $293M as attacker converts stolen funds to ETH. Aave freezes markets, 9 protocols impacted in cascading DeFi disaster.
Kelp DAO’s rsETH adapter bridge was exploited Saturday for about $293 million, marking the most important single protocol hack of 2026 and triggering emergency freezes throughout no less than 9 DeFi platforms with publicity to the liquid restaking token.
The attacker funded their pockets by means of Twister Money and has already transformed roughly $250 million of the stolen belongings to ETH, in response to blockchain safety agency Cyvers. Kelp has paused rsETH contracts on Ethereum mainnet and a number of Layer-2 networks whereas investigating.
Contagion Spreads Throughout DeFi
Aave moved shortly to freeze rsETH markets on each V3 and V4 deployments. The lending protocol’s AAVE token dropped 10% following the information, whereas ETH fell 3.74% to $2,401.60 amid broader market jitters.
“That is precisely the type of incident that highlights the dangers of composability in DeFi,” Cyvers CEO Deddy Lavid instructed Cointelegraph. When one protocol’s token is built-in throughout a number of platforms, a single exploit can cascade by means of your complete ecosystem.
Kelp DAO, based by Stader Labs co-founders Amitej Gajjala and Dheeraj Borra, lets customers deposit liquid staking tokens like stETH to obtain rsETH—a token that earns yields from each Ethereum staking and EigenLayer providers. That deep integration made rsETH enticing for yield methods but additionally created systemic threat.
Second Main Exploit This Month
The Kelp hack follows Drift Protocol’s $280 million exploit earlier in April. Drift’s autopsy revealed attackers spent months infiltrating the group after assembly builders at a crypto convention—a complicated social engineering marketing campaign linked to suspected North Korean state hackers.
Mixed with different incidents, Q1 2026 noticed $482 million misplaced to hacks and scams. The Kelp exploit alone exceeds 60% of that quarterly whole.
What Occurs Subsequent
Kelp hasn’t responded to press inquiries. For rsETH holders, choices are restricted whereas contracts stay paused. Customers with rsETH collateral on frozen lending markets face potential liquidation dangers if freezes elevate earlier than the scenario stabilizes.
The assault vector—focusing on a bridge adapter slightly than core protocol logic—echoes earlier high-profile exploits. Bridge contracts stay DeFi’s most susceptible assault floor, dealing with cross-chain worth transfers with complicated safety necessities.
Merchants ought to monitor bulletins from affected protocols and keep away from interacting with rsETH-related contracts till Kelp gives readability on the exploit’s scope and any potential restoration plans.
Picture supply: Shutterstock
