The DeFi landscape has faced another major blow as Kelp DAO’s LayerZero-powered bridge was attacked on Saturday, resulting in the loss of 116,500 rsETH, valued at approximately $292 million. The incident, which unfolded at 17:35 UTC, has already sparked widespread concerns and responses across the decentralized finance community.
According to initial reports, the attacker successfully manipulated LayerZero’s messaging protocol, which led to the transfer of funds to a wallet controlled by them. By minting the rsETH tokens and subsequently selling them to acquire Ethereum (ETH), the assailant amassed a staggering 106,467 ETH, equivalent to $250 million. This exploit represents an alarming 18% of the total circulating supply of rsETH, which stands at roughly 630,000 tokens.
Kelp DAO, primarily a liquid restaking protocol, utilizes user deposits of ETH to route through EigenLayer for additional yield, issuing rsETH as a receipt in the process. However, Saturday’s incident has raised serious questions about the security measures in place, particularly how attackers can exploit such sophisticated protocols.
Quickly reacting to the breach, Kelp DAO’s emergency multisig paused key contracts a mere 46 minutes after the initial drain, at 18:21 UTC. Despite that, the decisiveness of the response was tested when two further attempts to siphon additional funds — amounting to approximately 40,000 rsETH — were thwarted. Furthermore, the funds were swiftly transferred through a Tornado Cash-linked address, further complicating recovery efforts.
DeFi Ecosystem Shaken
The aftermath of the exploit reverberated throughout the DeFi ecosystem. The bridge, which had facilitated transactions for wrapped rsETH across more than 20 blockchain networks including Base, Arbitrum, and Scroll, left users uncertain about the backing of their tokens post-exploit.
In response, various protocols moved quickly to freeze rsETH markets. Prominent services like Aave paused their V3 and V4 markets shortly after the attack, resulting in an approximately 10% drop in Aave’s token price as the market reacted to the heightened risk of bad debt. Other protocols, such as SparkLend and Fluid, also halted trading, while Lido clarified that although it halted deposits in its earnETH product due to palatable exposure to rsETH, its core staking protocol remained unaffected. Ethena took precautionary steps as well, pausing its LayerZero OFT bridges from the Ethereum mainnet.
Kelp DAO released its first public statement around 20:10 UTC, nearly three hours following the breach, indicating collaboration efforts with LayerZero, Unichain, and external security experts to investigate the incident thoroughly.
The Broader Impact
Industry experts believe the Kelp DAO exploit underscores the critical vulnerabilities stemming from the interconnected nature of DeFi platforms, with Cyvers CEO Deddy Lavid pointing out the significant risks associated with composability. Notably, this incident has now surpassed the Drift Protocol breach, which took place in early April and involved the theft of $285 million, further amplifying concerns regarding the security measures and protocols within the DeFi sector.
In Q1 2026 alone, losses from hacks and scams in the cryptocurrency space reportedly reached $482 million. With the Kelp DAO hack now solidified as the largest DeFi breach of the year, calls for more stringent security measures have intensified. As the team behind Kelp DAO continues to investigate how the validation logic was bypassed, the lessons from this incident will likely shape the future landscape of decentralized finance.
