A significant security breach at Kelp DAO has resulted in the theft of $292 million worth of restaked ether (rsETH), accounting for nearly 18% of its circulating supply. The incident occurred on Saturday at 17:35 UTC when an attacker exploited vulnerabilities in Kelp’s LayerZero-powered cross-chain bridge.
The breach involved the unauthorized transfer of 116,500 rsETH to an address controlled by the attacker, facilitated by misleading instructions sent through LayerZero’s messaging infrastructure. This cross-chain protocol enables different blockchains to communicate, and the attacker successfully tricked it into releasing the funds.
Kelp DAO, a liquid restaking protocol that allows users to earn additional yield on their ETH deposits, immediately responded by pausing its core contracts 46 minutes after the exploit. However, the attacker attempted two additional drains shortly thereafter, each targeting 40,000 rsETH, but these attempts were thwarted.
The exploit has raised concerns among holders of rsETH across various networks, including Base, Arbitrum, and others, as the drained reserve was crucial for backing wrapped versions of the token on these platforms. This situation has led to fears of a liquidity crisis, as users scramble to redeem their tokens, potentially destabilizing the entire ecosystem.
In the wake of the attack, several decentralized finance (DeFi) platforms took precautionary measures. Aave froze its rsETH markets on both its V3 and V4 platforms, with founder Stani Kulechov confirming that Aave’s contracts remained secure. Similarly, SparkLend and Fluid also paused their rsETH markets to mitigate risks.
The market reacted negatively, with AAVE’s value dropping by approximately 10% as investors assessed the potential impact of the exploit. Lido Finance, which has exposure to rsETH through its earnETH product, halted new deposits while clarifying that its core staking operations were unaffected.
Ethena, another platform utilizing LayerZero technology, temporarily paused its bridges from Ethereum mainnet as a precaution, stating it had no rsETH exposure and remained overcollateralized.
Kelp DAO acknowledged the breach in a public statement nearly three hours after the incident, indicating that it was working with LayerZero, its auditors, and external security experts to investigate how the exploit occurred.
The future of rsETH’s value hinges on the response from holders and Kelp’s ability to recover any stolen funds. The incident marks the largest DeFi exploit of 2026, surpassing a previous attack on the Solana-based protocol Drift, which resulted in a $285 million loss earlier this month.
The ongoing security challenges in the DeFi space are underscored by this incident, as multiple protocols have faced similar threats in recent weeks, raising alarms about the overall security of decentralized finance.
Kelp DAO has experienced a major exploit, losing $292 million in a breach of its cross-chain bridge. The incident has triggered emergency actions across various DeFi platforms, raising concerns about liquidity and security in the ecosystem.