Kelp, a liquid restaking protocol, has become the target of a cyber attack that resulted in the loss of around $293 million. In response, the platform has paused its smart contracts for the restaking token, rsETH, while it investigates the breach.
On Saturday, Kelp identified suspicious cross-chain activity involving rsETH and announced via an X post that it had halted rsETH contracts across both mainnet and several Layer-2 networks. The exploit targeted the rsETH adapter bridge contract, which manages the token’s operations, leading to substantial financial losses.
Details of the Attack
According to blockchain security firm Cyvers, the attacker utilized a Tornado Cash crypto mixer-funded address to facilitate the theft. It is reported that approximately $250 million of the stolen funds have already been converted to Ether (ETH), the native cryptocurrency of the Ethereum network.
Impact on the Crypto Ecosystem
In the aftermath of the attack, decentralized finance (DeFi) platform Aave took immediate action by freezing rsETH markets on both Aave V3 and V4. Cyvers indicated that at least nine crypto protocols had exposure to rsETH and have since frozen their activities as a precautionary measure.
Broader Implications for DeFi
Deddy Lavid, CEO of Cyvers, commented on the incident, stating, “This is exactly the kind of incident that highlights the risks of composability in DeFi.” This attack underscores the vulnerabilities inherent in interconnected DeFi systems, raising concerns about security protocols and risk management across the sector.
This incident is part of a troubling trend in the crypto space, with significant cybersecurity breaches becoming increasingly common. In the first quarter of 2026 alone, losses from hacks and scams in the crypto industry totaled around $482 million.
Context of Recent Exploits
The Kelp exploit follows other notable incidents, such as the Drift Protocol hack in April, which resulted in a loss of approximately $280 million. Reports suggest that the Drift attack involved months of preparation by suspected North Korean state-affiliated hackers, highlighting the sophisticated nature of recent cyber threats in the crypto landscape.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
