2 hours ago
1
Kelp, a liquid restaking platform, reported a cyber attack on Saturday that affected its rsETH token operations.
Summary
- Kelp exploit targeted rsETH bridge contract, leading to $293 million loss within a short period.
- Stolen funds moved through Tornado Cash, with large portion converted into Ether across networks.
- DeFi platforms froze rsETH activity after contagion risk spread across at least nine connected protocols.
The team detected unusual cross-chain activity and quickly paused smart contracts across the main network and several Layer-2 systems. The platform stated that it “investigates” the issue while assessing the full scope of the breach.
Meanwhile, the exploit focused on the rsETH adapter bridge contract. This component manages token transfers across chains.
Blockchain security firm Cyvers estimated losses at around $293 million. The attacker gained access to funds by targeting this contract, leading to a large outflow within a short time.
Cyvers reported that the attacker used an address funded through Tornado Cash. This tool is often used to obscure transaction trails. A large portion of the stolen funds, about $250 million, has already been converted into Ether.
The movement of funds has raised concerns among platforms connected to rsETH. Monitoring teams continue to track the assets as they move across networks. No recovery of funds has been confirmed so far. Kelp has not released further technical details about the breach at this stage.
Moreover, the attack caused what Cyvers described as “cross-protocol contagion.” At least nine crypto platforms had exposure to rsETH and took action to limit risk. Many of them paused or restricted activity involving the token.
Aave confirmed that it froze rsETH markets on its V3 and V4 platforms. This step aimed to prevent further losses and contain risk. Cyvers CEO Deddy Lavid stated that the event “highlights the risks of composability in DeFi,” referring to how connected systems can spread risk quickly.
Rising Security Concerns in Crypto Sector
The Kelp incident adds to a growing list of crypto platform breaches. Data shows that losses from hacks and scams reached about $482 million in the first quarter of 2026. These events continue to affect user confidence and platform operations.
Another recent caseinvolved Drift Protocol, which lost about $280 million in an exploit. The platform reported that attackers spent months gaining access before deploying malware. These incidents show ongoing challenges in securing decentralized finance systems.
English (US) · 