tradingkey.logo
tradingkey.logo
Search

Kelp DAO Suffers $292 Million rsETH Exploit – Details

BitcoinistApr 19, 2026 2:00 PM
facebooktwitterlinkedin
View all comments0

Wu Blockchain reports that Kelp DAO has suffered a massive cross-chain exploit that drained approximately 116,500 rsETH, valued at nearly $292 million. The incident raises fresh concerns about the protocol’s security, coming less than a year after a previous disruption tied to a smart contract bug

Kelp DAO Response Prevents Additional Exploit Attempts 

According to blockchain data, the attack on the Kelp DAO exploited a weakness in cross-chain communication, specifically targeting the bridge mechanism used to transfer assets across networks. The exploit was executed via a call to the “Iz Receive” function on LayerZero’s EndpointV2, which ultimately triggered the release of funds to an attacker-controlled wallet.

On-chain sleuth ZachXBT was among the first to uncover the breach, estimating losses exceeding $280 million across Ethereum and Arbitrum. The blockchain investigator also noted that the attack addresses had been initially funded via Tornado Cash, indicating a deliberate effort to conceal the funding sources for the highly coordinated attack.

In response to this attack, Kelp DAO implemented an immediate halt to all rsETH contracts across its mainnet and connected L2 networks. The protocol also froze activity across its core contracts and systems that cover deposits, withdrawals, and oracle functions. According to Kelp DAO, an ongoing investigation is underway with LayerZero and Unichain. 

Notably, the attacker attempted two additional transactions to drain another 40,000 rsETH, worth close to $100 million. However, Kelp DAO’s swift measures ensured both attempts failed, preventing losses from rising to $391 million.

Aave Freezes rsETH Contracts 

In other news, the fallout has quickly spread beyond Kelp DAO, with lending protocols feeling immediate pressure. Aave, one of the largest DeFi lending platforms, responded by freezing rsETH markets across its V3 and V4 deployments.

However, Aave has clarified that its own smart contracts were not exploited, and the measure is purely precautionary to limit further debt exposure to rsETH as they assess the situation. Aave management is also committed to evaluating potential mitigation strategies if any bad debt emerges from the exploits.

rsETH itself is a liquid restaking token designed to represent staked ETH while enabling users to earn additional yield through restaking strategies. It plays a key role in cross-chain DeFi, allowing capital to move seamlessly across multiple networks, including Arbitrum, Base, and Scroll. The scale of the exploit is particularly damaging as the stolen funds represent roughly 18% of rsETH’s total circulating supply, representing a significant hit to both liquidity and user confidence.

KelpDAO
Disclaimer: The information provided on this website is for educational and informational purposes only and should not be considered financial or investment advice.

Comments (0)

Click the $ button, enter the symbol, and select to link a stock, ETF, or other ticker.

0/500
Commenting Guidelines
Loading...

Recommended Articles

tradingkey.logo
* References, analysis, and trading strategies are provided by the third-party provider, Trading Central, and the point of view is based on the independent assessment and judgement of the analyst, without considering the investment objectives and financial situation of the investors.
Risk Warning: Our Website and Mobile App provides only general information on certain investment products. Finsights does not provide, and the provision of such information must not be construed as Finsights providing, financial advice or recommendation for any investment product.
Investment products are subject to significant investment risks, including the possible loss of the principal amount invested and may not be suitable for everyone. Past performance of investment products is not indicative of their future performance.
Finsights may allow third party advertisers or affiliates to place or deliver advertisements on our Website or Mobile App or any part thereof and may be compensated by them based on your interaction with the advertisements.
© Copyright: FINSIGHTS MEDIA PTE. LTD. All Rights Reserved.