News 
Coin Information 
About us 
Customer Service 
Kelp DAO’s cross-chain infrastructure suffered a major breach on April 18, triggering a fast-moving contagion across DeFi and exposing how deeply interconnected liquidity has become. About 116,500 rsETH—worth roughly $292 million—was drained in what on-chain investigators have described as one of the largest DeFi exploits of 2026 so far.
The suspicious activity was first flagged by on-chain sleuth ZachXBT at around 2:52 p.m. UTC on Friday, with the full impact becoming clear later in the day. The attacker targeted a LayerZero-based cross-chain bridge used by Kelp DAO, extracting a sum equivalent to roughly 18% of rsETH’s circulating supply.
rsETH is a 'liquid restaking token' issued when users deposit Ethereum (ETH) into Kelp DAO. Like other liquid staking-style receipts, rsETH allows holders to maintain staking exposure while deploying the token across DeFi as collateral or within yield strategies. That utility, which makes the asset attractive in normal market conditions, also amplified the blast radius once the token’s integrity was undermined.
Early reconstructions suggest the exploit centered on 'message spoofing'—forging the cross-chain proof that typically signals assets have been locked or sent on one chain so they can be released on another. In simplified terms, the bridge appears to have accepted a fabricated “funds were deposited” message and released rsETH even though no corresponding transfer occurred.
On-chain data also indicates preparation rather than opportunism. The attacker’s wallet was funded roughly 10 hours earlier through Tornado Cash, a mixing tool often used to obscure transaction origins. After obtaining the rsETH, the attacker reportedly escalated damage by depositing the stolen tokens as collateral across major lending protocols, including Aave, Compound, and Euler, then borrowing large amounts of Wrapped Ether (WETH). That secondary step shifted the incident from a single-token theft into a broader credit-risk event for protocols exposed to rsETH.
Kelp DAO moved quickly to contain the situation, freezing rsETH-related contracts within about an hour, according to the timeline shared by market participants monitoring the incident. However, the project had not publicly detailed exactly how the bridge’s verification logic failed, leaving open questions about whether the issue stems from implementation, configuration, or a deeper weakness in cross-chain validation.
The immediate market story was not just the theft, but the speed with which risk propagated. rsETH was widely distributed across more than 20 networks—including Arbitrum, Base, and Linea—and had become embedded as collateral, vault input, and yield-building block across numerous DeFi products. Once confidence in rsETH wavered, protocols that had treated it as a reliable primitive were forced into defensive posture within hours.
Aave V3 froze markets tied to rsETH exposure, while other platforms—including SparkLend, Fluid, Compound, Euler, Pendle, Beefy, and Yearn—paused vaults, tightened caps, or reduced exposure limits. Aave’s governance token, Aave (AAVE), fell about 10% amid the scramble, reflecting broader concern about systemic leverage rather than direct smart contract compromise.
Aave and other platforms emphasized that their core smart contracts were not directly exploited—an important distinction, but not a complete reassurance. In a highly composable ecosystem, protocols can remain technically intact while still absorbing shock through shared collateral and liquidity dependencies. When a widely used collateral asset becomes questionable, the risk is transmitted through liquidation mechanics, lending utilization spikes, and cross-protocol feedback loops.
The incident underscores a structural tension at the heart of DeFi: 'composability' is both its biggest innovation and, in moments like this, its most efficient attack surface. The same Lego-like design that enables users to stack restaking yield, borrow against receipt tokens, and redeploy leverage into further strategies can turn a single weak link into an ecosystem-wide transmission channel.
Market participants are now watching whether rsETH can maintain its effective peg and liquidity. Pricing has been volatile, with rsETH changing hands around the $2,500 level in choppy trade as traders assess redemption pressure and the likelihood of recovering stolen funds. The more aggressively holders seek to exit cross-chain positions back into native ETH redemption routes, the greater the strain on liquidity and market confidence.
Security professionals say the breach will likely intensify calls for a 'structural review' of cross-chain message validation and for deeper audits of protocols using LayerZero’s token standards, including the OFT framework. Even if the root cause proves specific to one integration, the episode reinforces a recurring lesson: bridging is not merely a convenience layer—it is a critical security boundary that can quietly become systemic.
For Kelp DAO, this is also a reputational stress test. The project previously faced an rsETH-related incident in April 2025 involving over-minting due to a fee contract bug, though that episode did not result in user losses. This time, the loss is real, widely distributed, and intertwined with DeFi’s largest lending venues.
The broader implication is stark. DeFi’s promise that “everything connects” remains a powerful engine for capital efficiency, but the Kelp DAO exploit shows how that same connectivity can turn into an accelerant for crisis. In a market built on shared collateral and interoperable liquidity, risks do not just spread—they can cascade.
Comment 0