A carefully planned attack on Kelp DAO's cross-chain bridge drained 116,500 rsETH, worth roughly $292 million, from the liquid restaking protocol on Saturday, instantly becoming the largest DeFi exploit of 2026. The fallout spread almost immediately, pulling in Aave, SparkLend, Fluid and Lido before Kelp's own emergency systems could fully catch up.

 

The exploit was first flagged by on-chain investigator ZachXBT at around 2:52 PM ET, with six attacker wallets identified. Those wallets, it turned out, had been pre-funded via Tornado Cash, the coin-mixing service widely used to obscure transaction origins. That kind of preparation doesn't happen overnight, and points to a deliberate, well-resourced operation that had studied Kelp's architecture before making its move.

 

How the Attack Worked

At 17:35 UTC, an attacker-controlled wallet called the lzReceive function on LayerZero's EndpointV2 contract. LayerZero is the cross-chain messaging infrastructure that Kelp relied on to move rsETH between networks. By spoofing a valid instruction from another chain, the attacker tricked the bridge's verification logic into releasing 116,500 rsETH directly to an address they controlled. It was a clean hit. Kelp's emergency multisig paused core contracts 46 minutes later, at 18:21 UTC. Two follow-up attempts at 18:26 and 18:28 UTC were blocked, each carrying the same LayerZero packet aimed at pulling another 40,000 rsETH worth roughly $100 million. The pause held.

 

The bridge that was drained served as the reserve backing wrapped versions of rsETH deployed across more than 20 networks, including Arbitrum, Base, Linea, Blast, Mantle and Scroll. With those reserves gone, holders of rsETH on layer 2s are now left wondering what exactly their tokens are worth. That uncertainty creates a dangerous feedback loop: panic redemptions on layer 2 networks pressure the unaffected Ethereum-side supply, which in turn could force Kelp to unwind underlying EigenLayer restaking positions to honor withdrawals.

 

The Contagion Moves Fast

The stolen rsETH didn't just sit in an attacker's wallet. The second phase of the attack played out on Aave V3, where the attacker deposited the drained rsETH as collateral and borrowed a substantial volume of Wrapped Ether against it. Because the rsETH was no longer backed by anything real at that point, the resulting debt positions are effectively unliquidatable. Aave's WETH reserve is now carrying bad debt it cannot recover through normal liquidation mechanisms. Some estimates put the bad debt exposure on Aave V3 at close to $177 million.

 

Aave moved quickly, freezing rsETH markets on both V3 and V4 within hours. Founder Stani Kulechov clarified on X that Aave's own contracts had not been compromised and that the freeze was precautionary while the situation was assessed. The AAVE token still dropped about 10% on the news, a reflection of how exposed the protocol's broader ecosystem appeared even if its core code was clean. SparkLend and Fluid followed with their own rsETH market freezes.

 

Lido Finance paused additional deposits into its earnETH product, which carries rsETH exposure, while being careful to note that stETH and wstETH remain unaffected. Ethena, the stablecoin issuer, took its own precautionary step, temporarily shutting down its LayerZero OFT bridges from Ethereum mainnet for roughly six hours despite having no direct rsETH exposure and maintaining collateralization above 101%. Upshift, which runs non-custodial yield vaults, paused deposits and withdrawals to its High Growth ETH and Kelp Gain vaults, though its USDC and AUSD products had no rsETH exposure.

 

Kelp's Response, and Its History

Kelp, which operates under the KernelDAO umbrella, posted its first public acknowledgment on X at 20:10 UTC, nearly three hours after the drain. The team said it was investigating the suspicious cross-chain activity with LayerZero, Unichain, its auditors and external security specialists. It has not yet disclosed how the attacker bypassed the bridge's validation logic or what the path to recovery looks like for rsETH holders across layer 2 networks.

 

It isn't Kelp's first serious incident. Back in April 2025, a bug in its fee contract caused excess rsETH minting and triggered a temporary pause, though that event did not result in direct user losses. This time the damage is far more severe and far more public.

 

 

The Kelp DAO exploit overtakes the Drift Protocol hack from April 1, 2026, where attackers drained roughly $295 million from the Solana-based perpetuals exchange in a targeted administrative breach, as 2026's largest DeFi loss. The pattern is hard to ignore. DeFi attacks are getting larger and more sophisticated, and as Ledger CTO Charles Guillemet noted earlier this month, AI tools are now actively lowering the cost and complexity of carrying out these attacks.

 

What the Kelp incident also lays bare is a structural risk baked into DeFi's composability model. Liquid restaking tokens like rsETH were whitelisted as collateral on major lending protocols because they held real value and generated real yield. The assumption underlying all of that was that the token would remain fully backed. When that assumption collapsed on Saturday afternoon, there was no circuit breaker, no committee vote and no grace period. The losses cascaded instantly across protocols that had nothing to do with the original exploit. That's the architecture working exactly as designed, and also its greatest vulnerability.