Kelp, a liquid restaking protocol, was attacked on Saturday, halting its smart contracts. The attacker exploited its bridge contract, draining an estimated $293 million. Other DeFi protocols, including Aave, froze activity involving Kelp’s token.
Kelp, a liquid restaking protocol, was the victim of a cyber attack on Saturday. The platform has paused smart contracts for its restaking token, rsETH, as it investigates the incident.
“Earlier today, we identified suspicious cross-chain activity involving rsETH,” the Kelp platform stated in an X post. The attacker exploited the rsETH adapter bridge contract, which manages the token, to drain funds.
Blockchain security firm Cyvers estimates the attacker drained about $293 million. The attacker used a Tornado Cash-funded address and has converted about $250 million of the stolen funds to Ether.
In response, decentralized finance platform Aave announced it had frozen rsETH markets. Cyvers said at least nine crypto protocols had exposure to the token and have frozen their platforms.
“This is exactly the kind of incident that highlights the risks of composability in DeFi,” Cyvers CEO Deddy Lavid stated. This incident follows other major crypto platform hacks in recent months.
Cryptocurrency losses from hacks and scams totaled about $482 million in the first quarter of 2026. In April, decentralized exchange Drift Protocol was exploited for about $280 million.
The Drift Protocol team said that attack took “months of deliberate preparation.” Suspected North Korean state-affiliated hackers infiltrated the team, according to a post-mortem update.
