What happened in the Kelp rsETH exploit?

Kelp, a liquid restaking platform, suffered a cyber attack targeting its rsETH bridge contract, leading to an estimated $293 million loss. The exploit triggered rapid fund outflows and forced the platform to pause smart contracts. The incident spread risk across multiple DeFi protocols.

How did the attacker exploit Kelp’s system?

The attacker targeted the rsETH adapter bridge contract, which manages cross-chain token transfers. By exploiting this component, they were able to drain funds quickly across networks. Bridge contracts are often high-risk because they connect multiple blockchains.

Where did the stolen funds go after the Kelp hack?

A large portion of the stolen funds, around $250 million, was converted into Ether and moved across networks. The attacker used Tornado Cash to obscure transaction trails. This makes tracking and recovery significantly more difficult.

Why is Tornado Cash relevant in this hack?

Tornado Cash is a privacy tool that mixes crypto transactions to hide their origin. In this case, it was used to fund the attacker’s address and help move stolen assets anonymously. This raises ongoing concerns about its role in illicit activity.

How did the Kelp exploit affect other DeFi platforms?

The attack caused what security firm Cyvers called “cross-protocol contagion,” impacting at least nine connected platforms. Because DeFi protocols are interconnected, risk spread quickly. Many platforms paused or restricted rsETH activity to contain exposure.

What did Aave do in response to the rsETH exploit?

Aave froze rsETH markets on its V3 and V4 platforms to prevent further losses. This was a defensive move to limit contagion risk. It highlights how quickly major protocols react to systemic threats.

Why is this exploit significant for DeFi investors?

The incident highlights the risks of composability in DeFi, where interconnected systems can amplify failures. A single vulnerability can cascade across multiple platforms. For investors, this increases smart contract and counterparty risk.

How risky are liquid restaking platforms like Kelp?

Liquid restaking platforms introduce additional layers of complexity, including bridges and derivative tokens like rsETH. These features can improve capital efficiency but also increase attack surfaces. This makes them higher risk compared to simpler DeFi protocols.

Kelp exploit triggers $293M DeFi contagion risk

Written by BloombergPublished Apr. 19 2026Last Updated Apr. 19 2026

Kelp suffered a major cyber attack impacting its rsETH token, with losses estimated at $293 million after its bridge contract was exploited.

The breach quickly spread risk across decentralised finance, forcing at least nine connected platforms to pause or restrict rsETH-related activity.

Blockchain security firm Cyvers identified the exploit in Kelp’s adapter bridge contract, which enabled rapid outflows across multiple networks.

The attacker moved funds through Tornado Cash, converting roughly $250 million into Ether and obscuring transaction trails.

Cyvers CEO Deddy Lavid said the incident “highlights the risks of composability in DeFi,” pointing to how interconnected protocols can amplify systemic exposure.

DeFi platforms including Aave froze rsETH markets to contain the fallout, while Kelp paused smart contracts across its main network and Layer-2 systems as investigations continue.

The attack adds to mounting security concerns in crypto markets, with total losses from hacks and scams reaching about $482 million in the first quarter of 2026, alongside recent exploits such as the $280 million breach at Drift Protocol.

At the time of reporting, Aave price was $92.31.