Key Takeaways
- A flaw in the rsETH adapter bridge allowed attackers to drain approximately $293 million from Kelp protocol.
- The exploit forced at least nine other protocols, including Aave, to freeze markets to prevent further systemic damage.
- The hacker has already moved roughly $250 million into Ether (ETH) using the Tornado Cash mixer to obscure the trail.
The decentralized finance (DeFi) sector is reeling after a massive breach of the Kelp liquid restaking protocol. Early Saturday, a sophisticated attacker exploited the protocol’s rsETH adapter bridge—the critical code managing its native restaking token—resulting in a staggering $293 million loss.
The incident underscores a growing concern in 2026: “composability risk.” Because DeFi protocols are built like LEGO bricks, a crack in one can lead to a collapse in many.
Kelp restaking platform exploited, $293M drained in attack
Following the identification of suspicious cross-chain activity, the Kelp team acted quickly to pause rsETH contracts across the Ethereum mainnet and multiple Layer-2 networks. However, the damage was swift.
According to security firm Cyvers, the attacker utilized an address funded by Tornado Cash to facilitate the drain. The ripple effects were immediate; Aave, the industry’s leading lending platform, froze rsETH markets on its V3 and V4 iterations to protect users.
Security experts noted that this “cross-protocol contagion” highlights the inherent dangers when multiple platforms rely on a single liquid restaking derivative that lacks a robust, battle-tested bridge architecture.
Drift Protocol hacked for $280 million
The Kelp incident arrives on the heels of another catastrophic breach involving the Drift Protocol. In that case, approximately $280 million was siphoned from the decentralized exchange (DEX). The Drift team revealed a chilling post-mortem: the attack was not a simple code bug but a long-con infiltration.
Suspected North Korean state-affiliated hackers reportedly spent months collaborating with the Drift team after meeting them at a major crypto conference. By embedding themselves within the development cycle, the attackers successfully deployed malware on developer machines, proving that human-centric “social engineering” is now as much a threat as flawed smart contracts.
Final Thoughts
As Q1 2026 losses from hacks exceed $482 million, the industry faces a reckoning. Innovation in liquid restaking is currently moving faster than the security protocols designed to protect them, leaving investors to bridge the gap between risk and reward.
Frequently Asked Questions
Is my native ETH at risk from the Kelp hack?
No, native ETH is safe; only the bridged rsETH token and its associated contracts were compromised.
How did the hacker hide the funds?
The attacker used the Tornado Cash mixer to convert and shuffle nearly $250 million into Ether.
Why did Aave freeze rsETH?
To prevent the “contagion” from spreading to its lending pools and causing bad debt across its ecosystem.
