Kelp DAO Loses $292M in Largest 2026 DeFi Exploit
An attacker drained 116,500 rsETH ($292M) from Kelp DAO's cross-chain bridge by exploiting LayerZero messaging, triggering DeFi contagion. Aave, SparkLend, and Fluid froze rsETH markets, and AAVE dropped 10% as panic redemptions loom across 20+ chains.
Quick Take
Attacker drained 116,500 rsETH (18% of supply) from Kelp bridge.
Over 20 chains affected; DeFi protocols froze rsETH markets.
Kelp paused contracts 46 minutes after exploit.
AAVE fell 10%, panic redemptions threaten further contagion.
Market Impact Analysis
BearishMajor exploit draining 18% of token supply and causing cross-protocol contagion will likely drive short-term price declines and uncertainty across affected assets.
Speculation Analysis
Key Takeaways
- Kelp DAO's bridge lost 116,500 rsETH โ $292 million โ after an attacker manipulated LayerZero messaging.
- Over 20 chains affected; Aave, SparkLend, Fluid froze rsETH markets within hours.
- Kelp paused contracts 46 minutes after the exploit; two $100M follow-up attempts were blocked.
- AAVE price dropped 10% as the market priced in potential bad debt from frozen markets.
- Panic redemptions could force unwinding of EigenLayer restaking positions, pressuring ETH.
What Happened
An attacker drained Kelp DAO's cross-chain bridge of 116,500 rsETH โ worth approximately $292 million โ in one of the largest DeFi exploits of 2026. The incident began at 17:35 UTC on Saturday when the attacker manipulated LayerZero's messaging layer to fool Kelp's bridge into releasing tokens to an attacker-controlled wallet. With 18% of rsETH's 630,000 token circulating supply stolen, the reserve backing wrapped rsETH on more than 20 layer-2 networks was emptied. Kelp's emergency pauser multisig froze core contracts at 18:21 UTC, 46 minutes after the initial drain. Two follow-up attempts targeting another 40,000 rsETH each were reverted. By then, multiple DeFi protocols had already moved to freeze rsETH markets to limit contagion.
The Numbers
The exploit drained 18% of rsETH's supply โ 116,500 tokens from a 630,000 circulating supply. At current prices, that's $292 million. Wrapped versions exist on chains like Base, Arbitrum, Linea, Blast, Mantle, and Scroll. Kelp paused contracts 46 minutes after the initial attack, but not before AAVE fell 10% as the market priced in potential bad debt. Two subsequent drain attempts of 40,000 rsETH each (around $100 million) were blocked by the pause. The attack impacted protocols across the DeFi spectrum, with Aave, SparkLend, and Fluid freezing rsETH pools, while Ethena temporarily paused its LayerZero bridges.
Why It Happened
The root cause was a failure in Kelp's integration with LayerZero's cross-chain messaging. The attacker spoofed a message to the bridge, making it appear as a valid instruction from another network. The bridge, designed to release tokens upon receipt of such messages, had no additional validation layer to verify the instruction's legitimacy. This single point of failure was compounded by rsETH's architecture: the bridge held the entire reserve backing wrapped tokens across 20+ chains, so one exploit compromised all chains at once. The incident underscores the dangers of monolithic cross-chain liquidity pools and the need for robust verification in messaging protocols.
Broader Impact
The hack triggered a cascade of defensive measures across DeFi. Lending protocols โ Aave, SparkLend, Fluid โ froze rsETH markets, protecting against bad debt but locking user funds. Lido paused deposits into its earnETH product, which carries rsETH exposure. Ethena temporarily halted LayerZero bridging out of caution, though it has no direct rsETH exposure. The most severe risk is a cross-chain depeg: if wrapped rsETH on L2s trades at a discount, panic redemptions could force Kelp to unwind restaking positions on EigenLayer, potentially flooding the market with ETH and destabilizing staking derivatives. AAVE's 10% drop reflects this systemic risk.
What to Watch Next
- rsETH peg on L2s: A widening discount would signal forced redemptions and potential ETH sell pressure.
- Fund recovery: If the attacker moves funds through Tornado Cash, recovery odds plummet; any freezes or returns before then could restore confidence.
- AAVE bad debt: Monitor Aave's risk parameters; if rsETH collateral defaults spike, further governance actions may be needed.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
ยฉ 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
