Back

KelpDAO Hack: $293M Exploit Triggers DeFi Contagion

Severity: High (Score: 66.8)

Sources: Bloomberg, Cryptopotato, Businesstimes.Sg, Theblock.Co, Tipranks

Summary

On April 18, 2026, KelpDAO's cross-chain bridge was exploited, leading to the theft of approximately $293 million worth of rsETH, a token representing restaked Ether. The attacker utilized a vulnerability in the LayerZero-powered bridge, draining 116,500 rsETH and subsequently converting a significant portion into ETH. This incident has been classified as the largest DeFi exploit of 2026, surpassing the previous record held by Drift Protocol. The exploit has caused a cascading effect across at least nine other DeFi platforms, prompting Aave and others to freeze markets related to rsETH to mitigate further losses. KelpDAO has paused all rsETH contracts while investigating the breach in collaboration with security firms. The interconnected nature of DeFi protocols has amplified the impact of this exploit, raising concerns about systemic risks within the ecosystem. As of now, KelpDAO has not provided further updates on recovery plans or the status of affected users. Key Points: • KelpDAO lost approximately $293 million in a cross-chain bridge exploit. • The attack involved draining 116,500 rsETH and converting funds to ETH. • At least nine other DeFi platforms were affected, leading to widespread market freezes.

Key Entities

  • Data Breach (attack_type)
  • Aave (platform)
  • LayerZero (platform)
  • Solana (platform)
  • Unichain (platform)
  • Drift (campaign)
  • Drift Protocol (company)
  • Kelp DAO (company)
  • KelpDAO (company)
  • Arbitrum (company)
  • Ethereum (company)
  • North Korea (country)
  • dlnews.com (domain)
  • Tornado Cash (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed