$292 Million Kelp DAO Hack Sparks DeFi Liquidity Crisis and Raises Security Concerns

A major security breach involving Kelp DAO has shaken the decentralized finance sector after hackers exploited vulnerabilities tied to its rsETH token, draining approximately $292 million in assets. The incident affected nearly 116,500 rsETH tokens, representing about 18% of the asset’s total supply, and quickly triggered a wave of withdrawals across multiple lending platforms.

The fallout spread rapidly to protocols including Aave, where total value locked dropped sharply from about $26.4 billion on April 18 to nearly $20 billion within hours. Panic withdrawals also pushed the AAVE token price lower by more than 18% as users rushed to secure funds amid rising uncertainty.

Developers investigating the incident identified the root cause as a misconfigured verification system connected to LayerZero. Experts noted that the attack did not break core smart contracts but instead exploited weaknesses in cross-chain message validation settings.

Growing Concerns Over Modular Security and DeFi Stability

The exploit has intensified debate about the safety of modular security frameworks used in cross-chain protocols. Critics argue that allowing flexible verification settings without strong minimum safeguards creates systemic risks capable of spreading across multiple platforms.

Following the attack, several protocols froze related markets or paused deposits to limit further losses. The incident is being viewed as a major stress test for the decentralized finance ecosystem, raising broader questions about risk management, cross-chain design standards and the long-term resilience of DeFi infrastructure.

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.