$292 Million Kelp DAO Exploit Sends Shockwaves Through Restaking Market
A major exploit targeting Kelp DAO’s rsETH bridge has rattled decentralized finance markets, draining nearly $300 million and exposing vulnerabilities in cross-chain infrastructure that underpins Ethereum’s rapidly growing restaking ecosystem.
Summary:
- Hacker drains $292 million in rsETH via forged cross-chain message.
- Stolen assets used to borrow ETH, creating ~$280 million in potential bad debt.
- DeFi protocols freeze markets as industry debates LayerZero security risks.
The attack, which unfolded on April 18, centered on the cross-chain messaging system powering Kelp DAO’s rsETH bridge.
According to early findings, the attacker forged a verification message within the LayerZero framework. That manipulation allowed the bridge contract to treat a nonexistent deposit as valid, releasing 116,500 rsETH to the attacker’s wallet.
The amount represented roughly 18% of the token’s circulating supply, instantly destabilizing its market structure.
Unlike typical exploits where assets are quickly sold, the attacker took a more calculated route – one that amplified risk across multiple protocols.
From Theft to Leverage
Rather than dumping the stolen rsETH, the attacker deposited it into lending platforms including Aave, Compound and Euler.
By using the compromised tokens as collateral, they borrowed approximately 74,000 ETH, converting illiquid or potentially devalued assets into liquid capital. The maneuver effectively shifted the risk from the attacker to lending protocols, which now face the possibility of significant bad debt if the collateral loses value.
The strategy highlights an increasingly common pattern in DeFi exploits: attackers exploiting composability to spread risk across interconnected systems.
Emergency Measures Across DeFi
The scale of the breach triggered rapid defensive action across the ecosystem.
Kelp DAO paused all rsETH-related contracts across Ethereum and Layer 2 networks, halting further transfers. Lending platforms followed with precautionary freezes.
Aave suspended rsETH markets to prevent additional borrowing and limit liquidation cascades, while SparkLend and other protocols restricted collateral usage. Platforms including Fluid and Upshift also halted interactions tied to the token.
READ MORE: Crypto Scams in USA Hit $11.4B in 2025 as Global Regulators Crack Down on Crime
These measures were designed to contain systemic risk rather than address vulnerabilities within the lending protocols themselves, which remained technically uncompromised.
Questions Over Cross-Chain Security
The incident has reignited debate over the safety of cross-chain infrastructure.
Investigators are working to determine whether the exploit stems from Kelp DAO’s specific bridge implementation or a broader weakness in LayerZero’s message validation system. The distinction is critical, as LayerZero underpins a growing number of “omnichain” applications.
The breach follows a smaller exploit earlier this year involving CrossCurve, adding to concerns that cross-chain systems remain one of the most fragile components in DeFi.
As capital flows increasingly rely on interoperability, the stakes for secure message verification continue to rise.
Market Impact and Containment
The immediate market reaction reflected uncertainty around rsETH’s value and broader restaking dynamics.
By avoiding large-scale selling, the attacker prevented an immediate price collapse. However, the use of rsETH as collateral introduces delayed risk, particularly if confidence in the asset weakens.
For now, protocol freezes have limited further damage, but the situation remains fluid as developers assess collateral exposure and potential recovery paths.
Unusual Negotiation Attempt
In a rare development, crypto entrepreneur Justin Sun publicly reached out to the attacker, proposing negotiations.
OK — Kelpdao hacker, how much you want? Let’s just talk. With KelpDAO’s help, of course. It’s simply not worth it to sacrifice both Aave and KelpDAO and let them go down over this hack. You can’t spend $300 million anyway.
— H.E. Justin Sun 👨🚀 🌞 (@justinsuntron) April 19, 2026
In a message posted on social media, Sun suggested that liquidating such a large sum would be impractical, urging dialogue instead. The comment reflects a growing trend in DeFi incidents, where negotiation is sometimes viewed as a path to partial fund recovery.
Whether the attacker engages remains unclear.
A Stress Test for Restaking
The exploit represents a critical test for Ethereum’s restaking sector.
As new financial layers emerge on top of base infrastructure, risks become more complex and interconnected. The Kelp DAO incident highlights how vulnerabilities in one component – in this case, a bridge – can cascade across lending markets and liquidity systems.
For the industry, the challenge now lies in reinforcing trust while addressing structural weaknesses.
The outcome of the investigation could shape how cross-chain protocols are designed – and how risk is managed – in the next phase of DeFi growth.
The information presented in this article is intended for informational purposes only and should not be interpreted as financial, investment, or trading advice. Coinspress.com does not promote or advocate for any particular investment strategy, asset, or cryptocurrency project. Cryptocurrency markets are highly volatile and unpredictable – always perform your own research and seek guidance from a qualified financial professional before making any investment decisions.
Alexander Zdravkov
Reporter at CoinsPress
Alexander Zdravkov is a market analyst and crypto journalist with interests in economics, broader financial markets and digital assets. His journey into crypto began more than four years ago, driven by a fascination with the rapid evolution of blockchain technology and the transformative potential of decentralized finance. He began analyzing market cycles and identifying emerging trends before they reach the mainstream. He holds a degree in International Relations - a background that helped shape his broader perspective on global economics, geopolitics, and the interconnected nature of modern financial markets. Whether covering the latest developments in the crypto sector or exploring broader macroeconomic themes, Alexander focuses on giving readers context rather than simply repeating headlines. During his career, he has authored more than 10,000 articles covering cryptocurrencies, traditional finance, and global market developments. His work spans everything from Bitcoin and altcoins to macroeconomic trends influencing risk assets worldwide.
