Kelp DAO’s rsETH Bridge Hacked: $293M Drained in Largest DeFi Attack of 2026

James Ding
Apr 18, 2026 22:32

Kelp’s rsETH bridge drained of $293M as attacker converts stolen funds to ETH. Aave freezes markets, nine protocols impacted in cascading DeFi crisis.

Kelp DAO’s rsETH adapter bridge fell victim to a devastating hack over the weekend, resulting in a staggering loss of approximately $293 million. This incident stands out as the most significant single protocol breach in the DeFi space for the year 2026. The attack sent shockwaves across the ecosystem, prompting emergency measures such as market freezes on at least nine DeFi platforms linked to the vulnerable liquid restaking token.

The perpetrator of the hack utilized Tornado Cash to funnel funds into their wallet, converting around $250 million of the stolen assets into ETH, as confirmed by blockchain security firm Cyvers. In response, Kelp has taken the proactive step of halting rsETH contracts on the Ethereum mainnet and various Layer-2 networks pending a thorough investigation.

DeFi Crisis Escalates: Aave and Other Platforms Impacted

Following the breach, Aave swiftly moved to freeze rsETH markets across both V3 and V4 deployments. The repercussions of the attack were felt beyond Kelp, with Aave’s native AAVE token experiencing a 10% decline in value. Additionally, ETH itself saw a 3.74% drop, trading at $2,401.60, reflecting broader concerns within the crypto market.

Cyvers CEO Deddy Lavid emphasized the risks associated with composability in DeFi, noting that the integration of a token across multiple platforms can amplify the impact of a single exploit, leading to systemic vulnerabilities.

Kelp DAO, founded by Amitej Gajjala and Dheeraj Borra of Stader Labs, offered users the ability to deposit liquid staking tokens like stETH to receive rsETH. This unique token not only generated yields from Ethereum staking but also from EigenLayer services. While this integration attracted users seeking enhanced yield strategies, it inadvertently exposed the ecosystem to systemic risk.

Second Major Breach in April Adds to DeFi Woes

The Kelp hack comes on the heels of Drift Protocol’s $280 million exploit earlier in the month. The post-mortem of the Drift incident revealed a sophisticated social engineering campaign by attackers who infiltrated the team over several months, allegedly linked to North Korean state hackers.

With a total of $482 million lost to hacks and scams in the first quarter of 2026, the Kelp breach alone accounts for over 60% of the aggregate losses recorded during that period.

What Lies Ahead for rsETH Holders and DeFi Participants

As Kelp remains unresponsive to media inquiries, rsETH holders are left with limited options while contracts remain suspended. Users with rsETH collateral on frozen lending markets face potential liquidation risks should the freezes be lifted before the situation stabilizes.

The attack vector employed in this breach, targeting a bridge adapter rather than core protocol logic, mirrors previous high-profile exploits. Bridge contracts, crucial for cross-chain value transfers in DeFi, represent a vulnerable attack surface necessitating stringent security measures.

Traders are advised to stay vigilant and await updates from affected protocols. Interactions with rsETH-related contracts should be avoided until Kelp provides clarity on the extent of the exploit and any potential recovery plans.

Image source: Shutterstock