Liquid restaking platform Kelp DAO has been hit by a major exploit on its LayerZero‑powered cross‑chain bridge, with an attacker draining approximately 116,500 rsETH in a single transaction. At current market prices, the stolen rsETH is valued at around 292–300 million dollars, making it the largest DeFi hack of 2026 to date.
Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate.
We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA.
We will keep you…
— Kelp (@KelpDAO) April 18, 2026
According to on‑chain analysts and early media reports, the attacker appears to have forged or spoofed a cross‑chain message to trigger illegitimate releases of rsETH from Kelp DAO’s bridge contracts. This allowed them to mint or unlock unbacked rsETH, which was then rapidly moved across multiple DeFi protocols.
In the immediate aftermath, the attacker deposited the compromised rsETH as collateral on leading lending platforms such as Aave V3, taking advantage of the fact that price oracles had not yet reflected the exploit. The protocols initially treated the rsETH as fully backed, enabling the attacker to borrow large amounts of real ETH and WETH against effectively worthless collateral.
The exploit quickly rippled across DeFi. Aave, SparkLend, Fluid and other protocols moved to freeze markets or pause affected assets in an attempt to contain contagion and limit further damage. Commentators have warned that the event could leave significant bad debt across lending platforms, given that around 18% of rsETH’s circulating supply was effectively created “out of thin air.”
Kelp DAO confirmed “suspicious cross‑chain activity involving rsETH” and announced that it had paused rsETH contracts on Ethereum mainnet and several Layer 2 networks while investigations continue. The team says it is working with LayerZero, auditors and external security experts to conduct a full root cause analysis and determine next steps.
The incident has reignited debate over the systemic risk posed by restaked and bridged assets used as collateral across DeFi. Analysts are calling it a “collateral contagion” event, arguing that assets dependent on cross‑chain bridges should not be treated as having the same risk profile as native ETH in primary lending markets.
At the time of writing, Kelp DAO has not yet published a full post‑mortem or formal compensation plan for affected users, and lending protocols are still assessing the scale of potential losses on their platforms. Further updates are expected as security teams complete their investigations and as Kelp DAO coordinates a recovery plan with ecosystem partners.
Disclaimer: The information in this article is provided for informational and editorial purposes only and does not constitute financial, investment, trading, or legal advice. You should not rely on this content as a recommendation to buy, sell, or hold any cryptocurrency or other asset. Always conduct your own research and, if necessary, consult a qualified financial advisor before making investment decisions. CoinToria Media and its authors are not responsible for any loss or damage resulting from the use of this information.
