Picture yourself holding a receipt that says you own 10 ETH locked in a vault on the other side of a bridge. Now imagine someone walks into that vault, convinces the guard they have permission, and walks out with 18% of everything stored inside. Your receipt still exists. The vault, for your purposes, does not.
That thought experiment became reality on Saturday afternoon for holders of rsETH, the liquid restaking token issued by Kelp DAO. At 17:35 UTC, an attacker drained 116,500 rsETH from the protocol’s LayerZero-powered bridge, a haul worth approximately $292 million at the time of the exploit. The stolen tokens represent roughly 18% of rsETH’s 630,000-token circulating supply tracked by CoinGecko, and the breach now stands as 2026’s largest DeFi exploit, surpassing the Drift Protocol attack from earlier this month.
The fallout didn’t stay contained to Kelp. Within hours, Aave froze rsETH markets. SparkLend and Fluid followed. Lido paused new deposits into a product with rsETH exposure. Ethereum itself wasn’t compromised, but the infrastructure built on top of it cracked wide open.
The 46-Minute Window and What Got Through
Cross-chain bridges have always been DeFi’s weakest structural joint. They hold concentrated value (the reserves backing wrapped tokens on other networks), they depend on messaging layers to verify instructions across chains, and when either of those components fails, the damage spreads everywhere those tokens live.
Kelp DAO’s bridge architecture relied on LayerZero’s Omnichain Fungible Token (OFT) standard to move rsETH across more than 20 networks: Base, Arbitrum, Linea, Blast, Mantle, Scroll, and others. The bridge held the actual rsETH on Ethereum mainnet, with wrapped representations circulating on each layer 2. When someone wanted to redeem L2 rsETH for the underlying asset, the bridge would receive a message, verify it, and release tokens.
The attacker found a way to forge that verification. According to on-chain data reviewed in the aftermath, the exploit convinced LayerZero’s messaging layer that a valid instruction had arrived from another network. That instruction told Kelp’s bridge to release 116,500 rsETH to an address the attacker controlled. The bridge complied.
Kelp’s emergency pauser multisig, a security mechanism designed for exactly this scenario, froze the protocol’s core contracts 46 minutes after the drain at 18:21 UTC. That pause came fast enough to matter. Two follow-up attempts hit the bridge at 18:26 UTC and 18:28 UTC, each carrying the same LayerZero packet format and attempting to drain another 40,000 rsETH (roughly $100 million). Both transactions reverted against the frozen contracts.
So the pause worked, in the sense that it prevented a $400 million loss from becoming the headline instead of a $292 million one. But 46 minutes is also an eternity when you’re watching a live exploit. The attacker had enough runway to extract nearly a fifth of the token’s supply before anyone could flip the switch.
Stranded Tokens and the Backing Question Nobody Wants to Answer
Here’s where the engineering gets uncomfortable. RsETH exists as a liquid restaking token. Users deposit ETH with Kelp DAO, which routes those deposits through EigenLayer to earn additional yield on top of standard Ethereum staking rewards. In exchange, users receive rsETH, a tradeable receipt representing their staked position.
Kelp then extended this to other networks. Want to hold rsETH on Arbitrum? The bridge would lock your rsETH on Ethereum mainnet and mint a wrapped version on Arbitrum. Want to move it to Base? Same process, different destination. The bridge held the reserves backing every wrapped rsETH on every L2.
With 116,500 rsETH drained from that bridge, holders on non-Ethereum deployments now face an uncomfortable question: what exactly backs their tokens?
The remaining rsETH on Ethereum mainnet isn’t directly affected by the bridge drain, at least mechanically. Those tokens still represent claims on restaked ETH in EigenLayer. But the cross-chain float creates a feedback loop. If L2 holders panic and try to redeem their wrapped rsETH for actual rsETH on Ethereum, they’ll find the bridge reserve depleted. That pressure could force Kelp to unwind restaking positions early to honor withdrawals, which creates cascading sell pressure on the underlying assets.
It’s a stress test the protocol wasn’t designed to pass. As of Sunday morning, Kelp DAO hasn’t published any communication about how it plans to address the backing shortfall for L2 holders. The protocol’s first public X post about the incident came at 20:10 UTC on Saturday, nearly three hours after the drain, and stated only that the team was investigating with LayerZero, Unichain, auditors, and outside security specialists.
For anyone tracking the intersection of DeFi and bridge security, this pattern should look familiar. The 2022 Wormhole exploit, the Ronin bridge attack, the Nomad drain: each one exploited the gap between what a bridge thought it was verifying and what it actually verified. Kelp’s breach fits the same template, just with a newer messaging layer and a more sophisticated underlying asset.
Protocol Contagion: Aave, Lido, Ethena, and the AAVE Token Drop
When a liquid staking token loses 18% of its supply to an exploit, every protocol that holds that token has to ask itself the same question: how much of our TVL just became a liability?
Aave moved first. The lending protocol froze rsETH markets on both V3 and V4 within hours of the breach. Founder Stani Kulechov posted that the exploit was external to Aave’s contracts, which is accurate (Aave’s lending logic wasn’t compromised), but also beside the point for users who deposited rsETH as collateral. If rsETH’s value collapses because the backing pool got drained, Aave still has to figure out how to handle underwater positions.
SparkLend and Fluid froze their rsETH markets through the same logic. Better to halt trading than to let potentially unbacked collateral circulate through the lending system.
AAVE, the governance token, dropped about 10% as the market priced potential bad debt. That’s the secondary effect of holding LRT collateral: even if your protocol’s code is fine, your exposure isn’t.
Lido Finance paused further deposits into its earnETH product, which carries rsETH exposure. The protocol clarified that stETH and wstETH are unaffected, and that the core Lido staking protocol has no involvement in the incident. That distinction matters: stETH is Lido’s native liquid staking token, and it’s backed directly by ETH staked in Lido’s validators, not by a bridge reserve that could be drained.
Ethena took a precautionary approach that extended beyond rsETH. The stablecoin issuer temporarily paused its LayerZero OFT bridges from Ethereum mainnet, even though it says it has no rsETH exposure and remains more than 101% overcollateralized. The pause was expected to last about six hours while the root cause was identified. The logic: if LayerZero’s messaging layer has a vulnerability, every protocol using OFT bridges might be at risk, not just Kelp.
That’s the contagion model in action. One protocol’s exploit becomes a stress test for every protocol that touches the same infrastructure.
2026’s Hostile Stretch for DeFi Security
Kelp DAO’s $292 million loss doesn’t exist in isolation. April 2026 has been unusually brutal for DeFi protocols.
The Drift Protocol exploit on April 1 drained approximately $285 million from the Solana-based perpetuals platform, an attack later linked to North Korea-affiliated actors. That breach held the “largest DeFi hack of 2026” title for less than three weeks.
At least a dozen smaller protocols have been exploited in the weeks since, including CoW Swap, Zerion, Rhea Finance, and Silo Finance. The attack patterns vary (flash loan attacks, oracle manipulation, access control failures), but the aggregate trend is clear: attackers are more active, more sophisticated, and extracting more value per incident than in previous years.
For context on how this stacks against recent DeFi events, we covered the Drift breach as it unfolded in Kelp DAO Bridge Drained for $292M in Year’s Largest DeFi Hack, which broke down the on-chain forensics before the North Korea attribution emerged.
The Kelp exploit also arrives during a week when broader crypto markets have been volatile. Bitcoin and Ethereum have led recent price action while smaller altcoins largely watched from the sidelines, a dynamic we explored in Bitcoin, Ether Lead Market While Altcoins Watch From Sidelines. That concentration of capital in major assets may partially explain why DeFi protocols built on more exotic collateral types (like liquid restaking tokens) face heightened scrutiny when something goes wrong.
Bridge exploits specifically have a long history of extracting more value per incident than other attack vectors. The shared reserves, the reliance on external messaging infrastructure, the complexity of validating cross-chain state: all of it creates a larger attack surface than a single-chain lending protocol. Kelp’s architecture made it a target of unusual value, holding nearly a fifth of rsETH’s supply in one contract.
The Trail Goes Cold: Tornado Cash and Recovery Odds
On-chain investigators tracking the stolen funds have identified movement toward mixers, specifically Tornado Cash. Once funds enter the sanctioned mixing protocol, tracing becomes exponentially harder, and recovery odds drop toward zero without law enforcement cooperation or attacker error.
Kelp DAO hasn’t disclosed whether it has contacted law enforcement, whether it has a plan to compensate L2 holders, or whether the exploit bypassed known security measures. The protocol’s audit history includes reviews from multiple firms, but audits catch static vulnerabilities in deployed code, not necessarily flaws in how cross-chain messaging layers interact with bridge logic.
The rsETH peg itself is under pressure. If holders don’t trust the backing, they sell. If they sell faster than the market can absorb, the peg breaks. Whether rsETH holds through the weekend depends on two variables: how much of the cross-chain float tries to redeem into ETH on Ethereum mainnet, and whether Kelp can recover any portion of the stolen funds before the Tornado Cash trail goes cold.
Neither variable looks favorable right now.
What Happens Next: Monday’s Open and Kelp’s Next Move
The next 48 hours will likely determine whether Kelp DAO survives as a going concern or joins the list of protocols that couldn’t recover from a catastrophic breach.
Several things need to happen for confidence to stabilize. Kelp needs to publish a clear post-mortem explaining exactly how the exploit bypassed bridge validation. They need to disclose whether any insurance coverage or treasury reserves can partially cover the loss. They need to communicate a plan for L2 holders whose backing has evaporated.
LayerZero, as the messaging layer whose verification was spoofed, also faces questions. The OFT standard is used by multiple protocols beyond Kelp. If the vulnerability exists in LayerZero’s code rather than Kelp’s implementation, every OFT bridge is potentially exposed. Ethena’s precautionary pause suggests at least some protocols aren’t waiting for confirmation before assuming the worst.
Monday’s market open will bring the first full trading session since the exploit. You can track how DeFi tokens respond through our sectors dashboard, which breaks out performance by category. AAVE’s 10% drop may extend or reverse depending on what Kelp discloses over the weekend.
For holders of rsETH on any chain, the immediate advice is unpleasant but straightforward: watch for Kelp’s official communications, assess your personal exposure, and don’t assume the peg will hold. Bridge exploits of this magnitude don’t resolve cleanly, and the protocols affected tend to bleed users long after the attacker has moved on.
The broader lesson, if you’re looking for one, is that DeFi’s composability works in both directions. When everything connects, everything shares risk. A liquid restaking token on EigenLayer, bridged through LayerZero, held as collateral on Aave, wrapped on 20 layer 2 networks: that’s not just innovative architecture. It’s a blast radius waiting for a trigger.
Saturday provided the trigger. The blast is still spreading.
Related Reading
Sources
Not financial advice. This article exists to inform, not to instruct. Every investment decision you make should be backed by your own research.
