The $292 million exploit of Kelp DAO has set off a wave of reactions across the crypto industry, with developers and traders warning that the incident exposed deeper flaws in how decentralized finance (DeFi) is built.

Data shared by market participants shows the immediate fallout spread far beyond the hacked protocol.

“The rsETH hack is leading to withdrawals across all lending protocols, even on solana and unaffected protocols,” 0xngmi said in one post on Sunday, pointing to steep outflows including “Aave: -6,200m (-23%) net inflows” and smaller but notable declines across Morpho, Sky and JupLend. rsETH is liquid restaking protocol Kelp DAO’s restaked ether and is a Liquid Restaking Token (LRT) that allows users to earn ether staking and restaking rewards while keeping their assets liquid, even when they are locked in staking.

That pressure quickly turned into something more severe. One widely circulated post by Josu San Martin described cascading liquidity stress inside lending markets: “ETH depositors cannot withdraw the ETH so they are borrowing stables to ‘withdraw’ funds… This is a full on run on AAVE.”

While Stani Kulechov, Aave’s founder, said the exploit was external and that the protocol’s contracts were not compromised, the depositors panicked. The total value locked (or deposits) dropped from $26.4 billion on April 18 to nearly $20 billion in U.S. morning hours on Sunday, per DefiLlama. The AAVE token also fell more than 18% as depositors scrambled to withdraw their money through the weekend.

A ‘case study’

The exploit itself has become a focal point for engineers and developers.

Several developers pushed back on early assumptions that the issue stemmed from core infrastructure. “The KelpDAO exploit (~$290M, is NOT a LayerZero protocol bug. It’s a configuration issue and a case study every project with a cross-chain token needs to look at today,” one technical breakdown by cryptogoblin read.

The thread detailed how a single verification point enabled the attack. “One signature and 116,500 rsETH materialized out of thin air on Ethereum,” the post said, describing a system where “the [smart] contracts weren’t broken. The verification layer was,” the post claimed.

Others argued the problem runs deeper than a single setup choice.

One critique, who goes by Fishy Catfish on X, framed it as a design flaw, alleging that: “there is no security floor… A configuration can be a 1/1 DVN and the DVN you chose can be a single node ran by a single entity.” A DVN (Decentralized Verifier Network) in DeFi, specifically within LayerZero V2, is an independent entity responsible for validating and attesting to the authenticity of messages sent across different blockchain networks. Essentially, DVNs verify message hashes between a source chain and a destination chain.

To make the point clearer, the author drew a real-world comparison: “imagine if a roller coaster manufacturer allowed amusement parks to individually decide what the minimum safety specs were.” Essentially, the author is simply saying that flexibility without guardrails can create hidden risks.

The post went so far as to claim that the setup was the problem within the design. “I personally think this is a flawed design. Modular security is a worthwhile design space, however, the range of security should have a native security floor that is quite strong, and then allow *additional* layering of security on top of that for more high-value use-cases.”

‘DeFi is dead’

It’s not just the amount and complexity of the exploit that drew the harsh, panicked criticism. The scale of the exploit has heightened concerns.

Roughly 116,500 rsETH, about 18% of supply, was affected. The attacker tricked LayerZero’s cross-chain messaging layer into believing a valid instruction had arrived from another network, which triggered Kelp’s bridge to release 116,500 rsETH to an attacker-controlled address.

Protocols responded by freezing markets and pausing features. Aave halted rsETH activity. Lido paused deposits tied to the asset. Other projects took similar steps to limit exposure as the situation unfolded.

Beyond the technical debate, sentiment across crypto turned sharply negative. One post perhaps captured the mood shift in blunt terms: “DeFi is dead… ‘just use aave’ is dead,” while adding that “The age of crypto is over” and asking, “If you’re reading this – why are you still in crypto?”

While the response may sound like an overreaction, that kind of ‘knee-jerk’ reaction is not unusual after large exploits, but the breadth of this event stands out.

The attack affected cross-chain infrastructure, restaking models and lending markets simultaneously. It also follows a string of recent incidents. The hack lands in an unusually hostile stretch for DeFi, particularly this month. Solana-based perpetuals protocol Drift was drained of about $285 million on April 1 in an attack later linked to North Korea-affiliated actors, and at least a dozen smaller protocols have been exploited in the weeks since, including CoW Swap, Zerion, Rhea Finance and Silo Finance.

‘Check your configs’

Despite all the explanations, there are still more questions than answers.

Even LayerZero is still trying to figure out the full details of the exploit. “We’re fully aware of the rsETH exploit and have been in active remediation with the @KelpDAO team since the incident and continue to monitor. All other applications remain safe,” it said in a post on X. “We are still identifying the root cause alongside @_SEAL_Org and others. We will publish a complete post-mortem with @KelpDAO as soon as we have all information.”

KelpDAO echoed this sentiment. “Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA. We will keep you posted as we learn more about this situation.”

Still, some developers see a clearer lesson in the chaos.

The exploit did not rely on breaking encryption or bypassing smart contracts. Instead, it exposed how fragile systems can become when they depend on layered assumptions.

In simple terms, the tools worked as designed. The way they were configured did not.

That distinction may shape what comes next. Builders are now urging projects to review their setups, especially those relying on cross-chain messaging.

As cryptogoblin put it bluntly: “Check your configs. Stay safe out there.”

Read more: DeFi yields are crashing so hard that they can’t compete with a traditional savings account

TLDR:

• XRP is trading near $1.44 on Binance, recovering modestly but still lacking a confirmed upward trend direction. 
• The CVD indicator reads -7.18 million, showing that sell orders continue to outpace buy orders in the market. 
• XRP’s price recovery appears driven by reduced selling pressure rather than strong and genuine buyer demand. 
• A 30-day price-CVD correlation of 0.61 points to gradual realignment between price action and liquidity flows. 

XRP is trading at approximately $1.44 on Binance, showing a modest recovery from recent lows. However, the Cumulative Volume Delta (CVD) indicator remains negative at around -7.18 million.

This signals that sell orders continue to outpace buy orders in the market. Meanwhile, the 30-day price-CVD correlation stands at 0.61, pointing to a gradual realignment between price action and underlying liquidity flows.

XRP Price Holds Steady Amid Persistent Selling Activity

XRP has recorded a relative recovery after going through a notable period of price decline. The token is currently holding around the $1.44 level on Binance, yet it has not confirmed a fresh upward trend.

Market participants are closely watching whether XRP can sustain this recovery or face renewed selling pressure. The asset has not broken out of its consolidation range, keeping the trend direction unclear.

Despite the price uptick, the CVD reading of approximately -7.18 million paints a different picture for the asset. Sell orders continue to dominate market activity, based on the latest Binance data available.

This divergence between price movement and liquidity flow raises valid questions about the strength of the current recovery.

Source: Cryptoquant 

The price increase may be the result of reduced selling activity rather than genuine buying demand. Without a corresponding rise in buy-side volume, the rally lacks the foundation for a sustained move. Traders are, therefore, cautious about reading too much into the current price behavior.

CVD Correlation Data Points to a Shifting Market Structure

The 30-day price-CVD correlation index sitting at 0.61 reflects a more stable relationship between price and liquidity. Compared to earlier periods of wider divergence, this reading shows a clear improvement in market conditions.

It suggests that price movements are beginning to align more closely with the actual flow of capital. A correlation of 0.61 is considered moderately positive in the context of crypto market analysis.

Historically, wider gaps between price action and CVD have often preceded sharp corrections or unsustainable rallies.

The narrowing of this gap now indicates that the market may be transitioning toward a more balanced state. This is a cautiously constructive reading for those monitoring XRP’s medium-term direction.

Even so, the market has not yet confirmed a clear bullish momentum shift for XRP. Selling pressure remains the dominant force and continues to cap the upside for the token.

A consistent move of CVD from negative to positive territory would serve as the clearest confirmation of improved buyer participation. Analysts note that without this shift, any price recovery will likely remain limited in scope.

TLDR:

• RAVE token crashed 95% from $26 to $1 in 24 hours, erasing roughly $6 billion in market cap value.
• Nine wallet addresses linked to RAVE’s initial distribution collectively control around 95% of its total supply.
• ZachXBT raised his bounty to $25K after flagging on-chain wallet ties to RaveDAO team members on Bitget and Gate.
• Tokens including SIREN, MYX, COAI, M, PIPPIN, and RIVER also show highly questionable price action on major exchanges.
  

On-chain investigator ZachXBT has raised serious allegations of market manipulation surrounding RAVE, a token that collapsed 95% in price within 24 hours.

The token fell from $26 to $1, wiping out approximately $6 billion in market capitalization. ZachXBT publicly called on major exchanges — Binance, Bitget, and Gate — to investigate the suspicious price activity. His findings point to a heavily concentrated token supply controlled by a small group of addresses.

Supply Concentration and Exchange Activity Raise Red Flags

RAVE launched in December 2025 on Binance Alpha with a total supply of one billion tokens. ZachXBT identified nine wallet addresses linked to RAVE’s initial distribution. Together, these addresses control roughly 95% of the entire supply.

On April 18, 2026, ZachXBT posted a call to action at 7:26 am UTC, offering a $10,000 bounty for information. He later raised the bounty to $25,000 by 10:56 am UTC. Bitget, Binance, and Gate each acknowledged the call within hours.

ZachXBT also found suspicious activity on centralized exchanges tied to RaveDAO team addresses on-chain. He linked specific wallet addresses to both Bitget and Gate, which potentially contradicts RaveDAO’s public statement denying involvement. The team had posted that denial at 3:06 pm UTC on the same day.

Prior to the public post, ZachXBT had confronted RaveDAO co-founder Yemu Xu, also known as wildwoomoo, on April 13 and 14. As of the time of reporting, no response had been received. ZachXBT stated he had not taken any position in RAVE and could not predict when exchanges would respond publicly.

Broader Pattern of Suspicious Token Activity Concerns Observers

A key data point from ZachXBT’s analysis involves the liquidation ratio. Around $6 billion in market cap was erased on just $52 million in 24-hour liquidations. That gap between liquidations and market cap loss points to an inflated and unsustainable valuation.

RAVE reached a top-15 market cap ranking within just ten days of its rise before collapsing nearly entirely. ZachXBT noted this made it the most blatant case he had observed recently on major centralized exchanges.

However, RAVE is not an isolated case. ZachXBT flagged several other tokens — SIREN, MYX, COAI, M, PIPPIN, and RIVER — as having similarly questionable price activity in recent months.

Exchanges, according to ZachXBT, need to act faster when manipulation appears. Each day without intervention allows retail traders to absorb losses while platforms continue to earn fees on trading volume.

ZachXBT confirmed his $25,000 bounty remains active, as no verified information with supporting evidence has been submitted yet.

Online gambling is one of the biggest digital industries in the world. Millions of players log in daily to online casinos, sportsbooks and betting platforms across dozens of regulated markets. The operators behind these platforms manage complex businesses spanning technology, compliance, payments, customer service and marketing. Yet when it comes to one of the most fundamental elements of brand building — public relations — most online gambling operators have been left to fend for themselves.

Kooc Media, a PR distribution agency that has worked with gambling and crypto clients since 2017, has announced a dedicated PR support service for online gambling operators. The service covers press release writing, guaranteed publication on established news websites, international newswire distribution and detailed campaign reporting. It is available to online casinos, sportsbooks, betting platforms, poker networks, bingo operators and any other business operating in the online gambling space.

Why Online Gambling Operators Need Dedicated PR

The relationship between the PR industry and online gambling has always been difficult. Most mainstream PR agencies will not take on gambling clients. Their internal policies classify betting and casino companies as restricted categories, regardless of whether the operator holds valid licences and operates in fully regulated markets. The few agencies that do accept gambling business tend to be small outfits with limited media networks and no ability to guarantee results.

This has created a situation where online gambling operators — many of which are substantial, well-funded businesses — operate without any structured PR support at all. They invest in affiliate marketing, paid advertising, social media management and influencer campaigns, but press coverage on independent news and finance publications remains out of reach for most.

The consequences go beyond missed headlines. Without regular media coverage, online gambling brands struggle to build the kind of independent credibility that players, regulators, investors and business partners all look for. An operator can spend millions on marketing and still be viewed with suspicion by a potential player who searches the brand name and finds nothing beyond the company’s own website.

Kooc Media has provided gambling PR alongside crypto PR since the agency was founded. The decision to formalise its online gambling offering into a dedicated service reflects growing demand from operators who have recognised the gap in their marketing and want a reliable way to close it.

“Online gambling operators have been underserved by the PR industry for years,” said Michelle De Gouveia, spokesperson for Kooc Media. “These are licensed, regulated businesses with genuine news to share. They deserve proper PR support and that is exactly what we are providing.”

How the Service Works

Kooc Media has built a PR model that removes the guesswork and unreliability that online gambling operators have experienced with traditional agencies.

The process starts with content. Operators can provide their own press releases or have Kooc Media’s in-house editorial team handle the writing. The agency’s writers specialise in gambling and crypto content and produce press releases that meet the editorial standards of the publications they will appear on. Whether the announcement covers a new market launch, a licensing achievement, a platform upgrade, a major sponsorship or a promotional campaign, the content is crafted to read as credible industry news rather than marketing material.

Publication happens first across Kooc Media’s owned network of news websites. The agency operates several established publications including Blockonomi, CoinCentral, MoneyCheck, Parameter, Beanstalk and Computing. These sites cover finance, technology, cryptocurrency and iGaming and carry strong domain authority accumulated through years of consistent editorial output. Because Kooc Media owns these publications, every placement is guaranteed. There is no pitch process, no editorial rejection risk and no uncertainty about whether the story will run.

Distribution then extends through a partner network that includes hundreds of additional media outlets and thousands of syndication feeds spanning multiple regions and content verticals. Operators selecting premium packages can secure placements on major financial and business platforms including Business Insider, Bloomberg, Benzinga, MarketWatch and USA Today.

The full cycle can be completed in a single day. An operator can brief the agency in the morning and have live coverage across multiple publications by the afternoon. After distribution, a complete report is delivered listing every placement with a direct link to each published article.

The Business Case for PR in Online Gambling

Online gambling operators who invest in consistent PR gain advantages across several areas of their business simultaneously.

Player trust is the most direct benefit. Online gambling depends entirely on players trusting an operator with their money. Before signing up and depositing funds, most players conduct at least a basic search for the brand. What they find shapes their decision. An operator with articles on recognised news and finance publications appears established and legitimate. An operator with no media presence beyond its own site and a handful of affiliate reviews raises questions that many players will not bother to resolve — they will simply choose a competitor instead.

Search engine optimisation is a closely related benefit. Every article placed on a high-authority publication generates a backlink to the operator’s website. These backlinks are among the strongest signals search engines use when determining rankings. Online gambling operators compete fiercely for organic visibility on terms like “best online casino,” “top sportsbook,” “online betting sites,” “casino bonus offers” and “sports betting platform.” Operators who run consistent PR campaigns build a backlink profile that improves their rankings progressively, delivering organic traffic that does not require ongoing ad spend.

Regulatory and corporate credibility strengthens with media visibility. Online gambling is an increasingly regulated industry. Operators applying for licences, renewing existing ones or entering newly regulated markets benefit from demonstrating a visible and transparent public profile. Regulators assess brand reputation as part of their evaluation process. A documented track record of press coverage across credible publications supports that assessment. Similarly, operators pursuing investment, preparing for public listings or negotiating B2B partnerships find that media presence strengthens their position in those conversations.

Competitive differentiation rounds out the picture. The online gambling market is crowded. Thousands of casinos and sportsbooks compete for the same players, often with similar products, similar odds and similar promotional offers. Press coverage creates a layer of brand recognition that product features alone cannot replicate. The operator that a player has actually read about on a trusted website holds an advantage over the one they have never encountered outside of a banner ad.

Packages for Every Type of Operator

Kooc Media recognises that online gambling operators come in all sizes and stages. A newly licensed online casino preparing for launch has very different PR needs than a multinational betting group managing dozens of brands across multiple markets.

Standard packages provide a set number of guaranteed placements across the agency’s owned publications and partner outlets. They include optional content writing and comprehensive reporting. These packages suit operators who want steady, predictable media coverage on a regular basis — monthly announcements, quarterly updates, game launches, promotional campaigns, sponsorship news or regulatory milestones.

Custom campaigns are available for operators with specific strategic goals. A sportsbook launching operations in a newly regulated state or country needs a coordinated press push timed to the market opening. A casino group completing an acquisition needs corporate-level coverage aimed at business and financial media. An online betting platform rebranding after a merger needs press that introduces the new identity to players and industry stakeholders simultaneously. An operator adding cryptocurrency payment options needs coverage that bridges its traditional player base and the growing crypto gambling audience.

Kooc Media handles every element of these campaigns. Strategy, content creation, distribution scheduling and post-campaign reporting are all managed by the agency. Operators without dedicated PR or communications staff can use the service as a complete external press office. Those with existing marketing teams can use it as a specialist distribution channel that extends their reach beyond what internal efforts can achieve alone.

About Kooc Media

Kooc Media is a PR distribution agency founded in 2017, specialising in online gambling, crypto, fintech and technology. The company operates its own network of news publications and works with a broad partner distribution network to deliver guaranteed media coverage for clients. Services include press release writing, sponsored articles, homepage placements, newswire distribution and fully managed PR campaigns.

Kooc Media’s gambling PR packages are available now through the company’s website at https://kooc.co.uk.

Disclaimer: This is a Press Release provided by a third party who is responsible for the content. Please conduct your own research before taking any action based on the content.

TLDR:

• MORPHO broke out of a multi-year symmetrical triangle, clearing upper resistance at the $1.87 level.
  
• The initial price target stands at $2.65, aligning with the August 2025 highs following the breakout.
  
• A retest near $1.70 is considered a standard technical move and may offer a secondary entry point.
  
• Traders are advised to maintain a stop loss at $1.57 to keep the risk-to-reward ratio favorable.
  

MORPHO is drawing attention from technical analysts after breaking out of a multi-year symmetrical triangle pattern.

The token, currently trading around $2.02, cleared a key resistance trendline at $1.87. Analysts see this as a sign that the prolonged accumulation phase has ended.

Price targets of $2.65 and $3.91 are now on the radar for traders watching the chart structure closely.

Breakout Signals a Shift in Market Structure

Crypto analyst Ali Charts flagged the MORPHO breakout in a post on April 19, 2026. According to the analyst, the token cleared the upper resistance trendline of the symmetrical triangle at $1.87. This level now serves as the base from which the new trend is emerging.

The initial price target following the breakout stands at $2.65. That level aligns with the highs recorded in August 2025. A secondary macro target points to the previous all-time high at $3.91, should bullish momentum continue to build.

Symmetrical triangle patterns typically form during periods of price consolidation. A confirmed breakout from such a formation often attracts fresh buying interest.

The multi-year nature of this pattern adds weight to the move, as longer consolidations tend to produce stronger directional moves.

Retest Zone and Risk Management Levels to Watch

Ali Charts noted that multi-year breakouts often include a retest of the breakout zone before the next expansion phase.

A pullback toward $1.70 would fall within that range. The analyst described such a move as a standard technical development rather than a signal of weakness.

For traders who missed the initial entry, a retest near $1.70 could present a second opportunity. The area around the former resistance trendline may act as support on any dip. This is a common behavior seen across different assets following extended consolidation breakouts.

Risk management remains a priority for traders tracking this setup. Ali Charts placed a stop loss level at $1.57 to define the risk on the trade.

With a target of $2.65, the distance between entry and stop offers a favorable reward relative to the downside being risked.

The exploit of the Kelp liquid restaking protocol shows how non-isolated lending and integrations in decentralized finance (DeFi) can cause broader ecosystem contagion, according to crypto industry executives and blockchain security firms.

Non-isolated lending on DeFi platforms, including earlier versions of the Aave lending protocol, exposes users to risks from all the various tokens used as collateral on the platforms, according to Michael Egorov, founder of the Curve Finance DeFi protocol.

Kelp was the target of a cyber attack on Saturday, causing the platform to pause smart contracts for its restaking token (rsETH) while it moved to investigate the attack that left the platform drained of about $293 million.

DeFi teams should also vet prospective digital assets to ensure that tokens do not feature single points of failure or attack surfaces before approving tokens as lending collateral on their platforms, Egorov said in an email.

He also warned against using cross-chain bridging architecture to transfer assets from one blockchain protocol to another, which was the root cause of this weekend’s Kelp exploit.

“Cross-chain is hard and potentially risky. Only use cross-chain infrastructure when absolutely necessary, and do it really carefully,”  Egorov said.

He said the incident is a learning experience for DeFi, which the sector can use to grow and implement better cybersecurity protections as losses from crypto hacks, code exploits and scams reached $482 million in Q1 2026.

Related: DAO behind CoW Swap urges users to stay off platform after ‘hijacking’

Kelp exploit triggers “contagion” across the DeFi ecosystem

“This was not just a protocol exploit. It immediately became a cross-protocol contagion event,” blockchain security firm Cyvers told Cointelegraph.

At least nine DeFi protocols and platforms, including Aave, Fluid, Compound Finance, SparkLend and Euler, were affected in the incident and took action to freeze rsETH markets or mitigate the fallout from the Kelp exploit, Cyvers said.

“The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols,” Cyvers CEO Deddy Lavid told Cointelegraph. 

The exploit on Kelp followed the $280 million Drift Protocol decentralized exchange hack last week and at least 12 other crypto platforms and DeFi hacks earlier this month.

Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time