A major exploit has struck the cross-chain bridge managed by Kelp DAO, resulting in the theft of 116,500 rsETH tokens valued at approximately $292 million. This incident added to a surge of attacks targeting decentralized finance (DeFi) protocols in recent weeks.
Exploit targets Kelp DAO’s LayerZero bridge
The attacker singled out the LayerZero-powered rsETH bridge within Kelp DAO’s infrastructure. In a coordinated move, the stolen rsETH was funneled to major lending protocols, including Aave, Compound, and Euler. Once on these platforms, the tokens were used as collateral to borrow ETH, leading to considerable bad debt across those services.
Kelp DAO promptly confirmed the breach on its X (formerly Twitter) account. It notified users that suspicious activity had been identified and immediate action was underway. All rsETH contracts were paused on Ethereum mainnet and multiple Layer 2 chains to contain further risk.
The project’s team indicated close collaboration with security experts, LayerZero, Unichain, and external auditors to investigate and understand the root cause. Efforts focused on limiting ripple effects through the interconnected DeFi ecosystem.
In response to the exploit, Aave and several other protocols suspended trading or paused markets related to rsETH in an attempt to stem further losses and prevent additional market instability. News of the incident contributed to a drop in AAVE’s token value, which slipped to $99.60 as reports of mounting bad debt circulated across the sector.
Kelp DAO, founded in 2023, manages liquid staking tokens and promotes decentralized liquidity strategies using Ethereum and other networks. The protocol has become known for its cross-chain staking solutions and partnerships with integrated security providers.
DeFi sector reels from coordinated attacks
The incident at Kelp DAO comes amid an unprecedented string of attacks throughout April 2026 on DeFi infrastructure and protocols. In just two weeks, hackers drained more than $600 million from over 10 different projects, highlighting increasingly sophisticated tactics.
According to blockchain analyst Jeremy, artificial intelligence is now playing a significant role in enabling attackers to identify and exploit vulnerabilities more efficiently. The Kelp DAO breach stands as the largest DeFi hack of the year to date.
Drift Protocol experienced a similar fate, losing $285 million in an operation orchestrated by North Korean actors using AI-assisted social engineering. Attackers spent months cultivating insider access before initiating a rapid theft sequence that lasted just 12 minutes.
Other protocols, such as Rhea Finance, Grinex, Hyperbridge, Aethir, Dango, and Silo Finance, also fell victim to recent incidents. Grinex, a sanctioned Russian exchange, suspended all operations after a $15 million loss. In the case of Hyperbridge, forged DOT tokens totaling a nominal $1 billion were minted, though liquidity constraints limited actual losses to around $237,000.
Front-end and oracle vulnerabilities have also been targeted. CoW Swap’s frontend was hijacked through a domain system exploit, redirecting users to a phishing portal. Zerion, another DeFi platform, faced incidents involving credential theft tied to social engineering methods linked to North Korean groups.
Security firms continue to work alongside affected projects, but the cumulative impact of these coordinated attacks has raised urgent concerns about the resilience of complex DeFi ecosystems.
