Kelp DAO rsETH Bridge Hack Drains $292M as DeFi Losses Top $600M in Two Weeks

TLDR:

• An attacker drained 116,500 rsETH worth $292M from Kelp DAO’s LayerZero-powered bridge in one attack.
  
• Stolen rsETH was deposited on Aave, Compound, and Euler as collateral to borrow ETH, creating bad debt.
  
• Kelp DAO paused rsETH contracts on Ethereum mainnet and multiple L2s while coordinating with security experts.
  
• Over $600M was stolen from more than 10 DeFi protocols in two weeks, with AI accelerating hacker capabilities.

Kelp DAO suffered a major security breach involving its LayerZero-powered rsETH cross-chain bridge. The attacker drained 116,500 rsETH tokens worth approximately $292 million from the protocol.

The stolen assets were then used as collateral on major lending platforms to borrow ETH. Kelp DAO paused rsETH contracts across the Ethereum mainnet and several Layer 2 networks amid the crisis.

Security experts from multiple organizations quickly joined the investigation as it got underway.

How the Kelp DAO rsETH Bridge Exploit Unfolded

The attacker targeted the LayerZero bridge within Kelp DAO’s cross-chain system. Some 116,500 rsETH tokens were drained during the attack.

The stolen funds were transferred to lending platforms including Aave, Compound, and Euler. There, the attacker used rsETH as collateral to borrow ETH, creating bad debt across those protocols.

Kelp DAO confirmed the breach through its official X account that day. The protocol stated it had identified suspicious cross-chain activity involving rsETH.

Contracts were paused across mainnet and several Layer 2 networks accordingly. The team coordinated with LayerZero, Unichain, auditors, and security experts on root cause analysis.

Aave and several protocols froze or paused rsETH-related markets in response. This step aimed to limit further losses across affected platforms.

The AAVE token fell to $99.60 amid reports of growing bad debt from the exploit. Activity in impacted markets slowed as users closely tracked the situation.

Kelp DAO advised users to rely solely on its official handle for accurate updates. No attacker was publicly identified while investigations remained active.

Multiple security firms assisted Kelp DAO’s internal team throughout the analysis process. The full breach scope had not been confirmed at the time of reporting.

$600 Million Stolen From DeFi Protocols in Two Weeks

The Kelp DAO breach came amid a broader wave of DeFi attacks in April 2026. Over $600 million was stolen from more than 10 protocols in two weeks.

Analyst Jeremy noted that AI is helping hackers execute attacks more efficiently. He identified the Kelp DAO incident as the year’s biggest DeFi hack.

Drift Protocol also lost $285 million to North Korean hackers using AI-powered social engineering. Those hackers spent months building insider trust before striking.

Once positioned, the full attack unfolded in just 12 minutes. Rhea Finance separately lost $18 million through fake token pools that misled its oracle into approving withdrawals.

Further incidents targeted Grinex, Hyperbridge, Aethir, Dango, and Silo Finance. Grinex, a sanctioned Russian exchange, lost $15 million before suspending all operations.

An attacker on Hyperbridge minted one billion fake bridged DOT tokens notionally worth over $1 billion. However, thin liquidity meant only around $237,000 was actually extracted.

CoW Swap and Zerion were also hit in the same two-week stretch. CoW Swap’s frontend was hijacked through a DNS attack that led users to a phishing page.

Zerion suffered credential theft through North Korean social engineering. The pattern across all these attacks reflects an expanding threat to the broader DeFi sector.