Kelp Restaking Platform Loses $293M in Bridge Exploit
A Tornado Cash-funded attacker exploited Kelp's rsETH adapter bridge, draining $293 million and converting $250 million to ETH. Aave and at least nine other protocols froze rsETH markets, highlighting DeFi composability risks and drawing parallels to Drift's recent $280M hack.
Quick Take
Attacker drained $293M from Kelp's rsETH bridge contract.
$250M converted to ETH via Tornado Cash-funded address.
Aave and nine other protocols froze rsETH markets.
Drift Protocol lost $280M earlier in April 2026.
Market Impact Analysis
BearishAnother massive DeFi exploit with immediate contagion effects will reinforce bearish sentiment and selling pressure on affected assets.
Speculation Analysis
Key Takeaways
- Attacker drained $293 million from Kelp’s rsETH adapter bridge contract.
- $250 million converted to ETH via Tornado Cash-funded address.
- Aave and nine other protocols froze rsETH markets to prevent contagion.
- Adds to $482M in Q1 2026 DeFi losses, following Drift's $280M exploit.
What Happened
Kelp, a liquid restaking protocol, suspended rsETH smart contracts across mainnet and Layer-2s after detecting suspicious cross-chain activity on Saturday. Blockchain security firm Cyvers identified an exploit of the rsETH adapter bridge contract, which allowed an attacker to drain approximately $293 million in funds. The attacker used a cryptocurrency mixer, Tornado Cash, to obfuscate the origin of the attack and quickly converted roughly $250 million of the stolen assets to Ether. As the breach unfolded, DeFi platforms raced to contain the damage. Aave froze rsETH markets on V3 and V4, and at least nine other protocols with exposure to the token followed suit, effectively quarantining the asset to prevent further losses.
The Numbers
The $293 million theft ranks among the largest DeFi exploits in recent memory. The conversion of $250 million to ETH complicates recovery efforts, as mixing services hinder tracing. Immediate contagion hit at least ten platforms, with Aave leading the freeze response. This incident amplifies a grim tally: crypto hacks and scams totaled $482 million in the first quarter of 2026. That includes the $280 million Drift Protocol exploit in April, which like this attack involved sophisticated techniques and persistent infiltration.
Why It Happened
Bridge contracts remain a prime target for attackers due to their complexity and high-value asset flows. Kelp’s rsETH adapter bridge had a validation flaw that the exploiter leveraged, though full technical details are still under investigation. The use of Tornado Cash for funding points to a premeditated operation, consistent with state-sponsored groups like those suspected in the Drift incident. Drift’s team later revealed that hackers spent months infiltrating their development process, suggesting a rising trend of patient, insider-focused attacks. In DeFi, interconnected protocol dependencies mean that one compromised bridge can freeze liquidity across multiple ecosystems instantly.
Broader Impact
The Kelp breach showcases the systemic risks of composability. When a single token is compromised, automated lending and trading pools across protocols can seize up, as seen with rsETH. This may accelerate development of circuit breakers and emergency pause mechanisms across DeFi. Regulators are likely to seize on this event, coupled with the Drift hack, to advocate for stricter cybersecurity mandates for digital asset platforms. For the restaking sector, this could dampen user confidence and prompt a flight to more audited, battle-tested protocols.
What to Watch Next
- Kelp's investigation: A post-mortem revealing the exact vulnerability and potential fund recovery chances will set the tone for market recovery.
- Protocol decisions: Whether Aave and others permanently delist rsETH or eventually resume markets will indicate the token's future viability.
- Regulatory spotlight: Expect renewed calls for bridge audits and anti-money laundering controls on mixers, which could reshape DeFi's operational landscape.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
