Kelp DAO Bridge Attack Drains 116,500 rsETH Across 20 Chains
A major security breach has struck the decentralized finance sector after an attacker drained 116,500 rsETH tokens, valued at roughly $292 million, from Kelp DAO’s cross-chain bridge. The stolen amount represents about 18% of the token’s circulating supply, making it the largest DeFi exploit recorded in 2026 so far.
The attack targeted a LayerZero powered bridge used to move rsETH across more than 20 blockchain networks. Investigators said the attacker manipulated the cross chain messaging system, making the bridge believe it had received a valid transaction request from another network. This triggered the release of funds to an address controlled by the attacker.
Kelp DAO responded by freezing core contracts within 46 minutes of detecting the exploit, successfully blocking two additional attempts that aimed to withdraw another 40,000 rsETH.
DeFi Platforms Freeze Markets as rsETH Backing Concerns Grow
The incident triggered widespread defensive actions across major decentralized platforms. Lending protocols including Aave, SparkLend and Fluid suspended rsETH-related markets to limit exposure and prevent further losses. The freeze followed concerns that the drained bridge held reserves backing wrapped versions of rsETH on multiple layer-2 networks.
Because those reserves supported tokens across chains such as Base, Arbitrum and Scroll, the loss raised uncertainty about whether wrapped assets remain fully backed. Market pressure increased as investors monitored redemption activity and liquidity risks.
The exploit adds to a growing series of decentralized finance attacks in recent weeks, intensifying concerns about cross-chain bridge security and systemic risks across interconnected blockchain ecosystems.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.