Skip to main content

Kelp Restaking Protocol Exploited, $293M Drained



DeFi markets faced another high-profile setback this weekend as Kelp, a liquid restaking protocol, disclosed a cyber attack targeting its rsETH restaking token. The incident prompted an immediate pause of rsETH smart contracts across Kelp’s mainnet and multiple Layer-2 networks as the project investigates potentially hundreds of millions of dollars in losses. Blockchain security firm Cyvers later pegged the damage at about $293 million, signaling a significant hit to users and counterparties tied to the restaking ecosystem.



Kelp stated on X that it detected suspicious cross-chain activity involving rsETH and subsequently halted rsETH contracts on mainnet and several Layer-2s to prevent further damage while the investigation unfolds. Cyvers added that the attacker exploited the rsETH adapter bridge—the software component that manages the rsETH token—allowing the drain of funds from the platform. The firm also noted that the attacker has been actively moving funds, with a substantial portion converted into Ethereum (ETH).



In the wake of the breach, the attacker’s on-chain activity has increasingly relied on a Tornado Cash mixer-funded address. Cyvers reported that roughly $250 million of the stolen funds had already been swapped into ETH, underscoring the challenge of tracing and recovering assets in the DeFi space once they leave the original contract domains.



Key takeaways



  • The Kelp rsETH attack reportedly drained about $293 million, triggering contract pauses across Kelp’s mainnet and several Layer-2 networks as investigators assess the damage.

  • The attacker targeted the rsETH adapter bridge, leveraging cross-chain dynamics that underscore risks inherent to DeFi composability and restaking ecosystems.

  • At least nine protocols with exposure to rsETH reportedly froze activity in response, while Aave moved to suspend rsETH markets on V3 and V4 to contain risk.

  • Approximately $250 million of the stolen funds have been converted to ETH, with the attacker utilizing a Tornado Cash mixer-funded address, complicating on-chain tracing efforts.



Attack details and ecosystem response


According to Kelp, the breach traces to irregular cross-chain activity linked to rsETH, prompting an immediate safety pause to contain potential further loss. The company’s moderation was swift, spanning mainnet and several Layer-2 deployments, as the team works through the incident. While Kelp is conducting its investigation, the broader DeFi community has begun to map the ripple effects beyond a single protocol.



Blockchain security firm Cyvers provided a stark figure for the loss, estimating the total at about $293 million. The firm’s analysis highlights the risk that bridges and adapters—components that enable tokens like rsETH to move across chains—present when vulnerabilities exist in the bridging layer. The incident aligns with a pattern of high-severity exploits aimed at cross-chain and interoperable DeFi primitives, where a single compromised bridge can force widespread disruption across multiple protocols.



In response to the breach, several DeFi platforms publicly paused or limited exposure to rsETH. Notably, Aave—one of the largest DeFi lenders—announced that rsETH markets had been frozen on its V3 and V4 deployments. Cyvers notes that at least nine protocols reportedly had exposure to rsETH and executed precautionary freezes or withdrawal restrictions as a precautionary measure to prevent cascading losses.



Analysts and observers have highlighted a core risk exposed by the incident: the compounding nature of DeFi’s composability. When multiple protocols rely on a shared token or bridge, a vulnerability in one hinge can reverberate across the entire network, forcing sudden risk management actions across an otherwise diversified ecosystem. Cyvers senior leadership emphasized to Cointelegraph that this is precisely the kind of incident that underscores the fragility and complexity of modern DeFi infrastructure when bridges and adapters are compromised.



Contextual backdrop: a string of cybersecurity incidents


The Kelp attack sits within a broader panorama of DeFi hacks observed over the past several months. In late April, Drift Protocol—a decentralized derivatives exchange—suffered a major exploit that drained roughly $280 million from the platform. Drift’s post-mortem described a months-long intrusion, noting the attackers’ alleged infiltration of developer machines and the eventual deployment of malware. The incident traced to a sophisticated operation that reportedly included access gained at a large crypto conference, followed by collaboration with the attackers before the breach unfolded.



Taken together, these events illuminate a persistent security challenge for the nascent DeFi stack: attackers are increasingly targeting the risk-prone layers of cross-chain interoperability and restaking mechanisms, where a single vulnerability can cascade into sizable losses across multiple protocols. Industry participants continue to debate the best path forward—ranging from more stringent bridge audit standards to enhanced multi-party computation (MPC) and formal verification for cross-chain components.



What this means for investors, users, and builders


For users and liquidity providers, the Kelp incident underscores the importance of understanding the specific risk profiles of restaking and cross-chain primitives. Restaking naturally introduces an expanded attack surface: while it offers potential yield enhancements, it also increases reliance on the security of adapter contracts and bridges that connect across layers of the ecosystem. Investors should monitor how protocols respond to such incidents, particularly regarding fund recovery efforts, contingency plans, and the timelines for resuming normal operations.



From a builder’s perspective, the episode highlights several priorities: rigorous security testing of bridge and adapter code, heightened monitoring for cross-chain anomalies, and clearer disclosure frameworks around incident response. The drift toward rapid, publicized pauses—while essential for risk containment—also presses for standardized playbooks so that platforms can coordinate responses without sacrificing user trust.



Regulators and policymakers may also take note of the evolving security landscape, especially as DeFi protocols broaden their engagement with restaking mechanisms and more intricate cross-chain flows. The balance between innovation and resilience will likely shape ongoing discussions around security best practices and capital-adequacy considerations for DeFi incumbents as they scale.



Closing perspective


As the Kelp investigation unfolds, observers will be watching for a clearer accounting of the breach’s root causes, the effectiveness of the emergency pauses, and any progress toward asset recovery. The incident, along with Drift’s earlier breach, reinforces a central theme for the crypto markets: cross-chain and restaking infrastructures demand heightened scrutiny, robust security postures, and coordinated risk management across the ecosystem. Readers should stay tuned for updates on Kelp’s findings, the status of rsETH across major platforms, and any new measures aimed at hardening DeFi’s interconnected layers.



https://www.cryptobreaking.com/kelp-restaking-protocol-exploited-293m/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=Kelp%20Restaking%20Protocol%20Exploited,%20$293M%20Drained%20
Labels:

Comments

Post a Comment

Popular posts from this blog

Coinbase's x402 launches AI agents app store for payments

Coinbase-backed x402 has unveiled Agentic.market, a dedicated marketplace aimed at increasing the usefulness of AI agents by aggregating thousands of apps and services that agents can access without any API keys. The rollout positions the platform as a central hub for agents to discover, evaluate, and deploy capabilities across a standardized payments layer. Coinbase product lead Nick Prince described Agentic.market in a video posted on X as a storefront for discovering, comparing, and using x402 services. The marketplace is designed to give both humans and their AI agents access to a wide range of tools—from data feeds to consumer apps—without the friction of managing API credentials. A storefront for discovering, comparing, and using x402 services. Thousands of services. Zero API keys. Powered by x402. Prince added that the market offers a web interface for humans to browse and assess services, alongside a programming layer that lets AI agents autonomously search, filter, and integra...
Post a Comment
Read more

Top Cryptocurrencies to Watch: BTC, ETH, BNB, XRP, Solana, Dogecoin & More

Market Analysis and Price Predictions for Key Cryptocurrencies Recent market dynamics reveal a cautious sentiment across the cryptocurrency landscape, with Bitcoin struggling to maintain levels above $90,000 and many major altcoins facing downward pressure. Indicators point toward reduced participation from both institutional and retail investors, raising concerns about a potential consolidation phase after notable gains earlier in the year. Bitcoin has fallen below $87,000, reflecting waning demand at higher price points. Institutional fund flows into BTC and ETH ETFs have turned negative, indicating a period of subdued market activity. Active addresses and Binance deposit/withdrawal activities are at annual lows, suggesting market indecision. Most leading altcoins are approaching support levels, with some poised for potential breakdowns. Tickers mentioned: Bitcoin, Ethereum, Binance Coin, XRP, Solana, Dogecoin, Cardano, Bitcoin Cash, Chainlink, Hyperliquid Sentiment: Neutral to Sli...
Post a Comment
Read more

Analyst: Bitcoin can reclaim $100K without a new narrative

Bitcoin has stalled below the $100,000 threshold, marking a run of almost five months without a breakout above that level. As of the latest market close, BTC hovered around $78,250 after a February nadir of about $60,000, underscoring a slow, grinding recovery amid broader market dynamics. In parallel, tech markets—especially AI-focused equities—have captured the spotlight, with investors rotating capital away from crypto in search of different risk-reward profiles. Nvidia (NVDA), the leading AI stock by market cap, has gained about 5.08% since the start of the year, while Bitcoin has faced a roughly 10% dip over the same period, illustrating a diverging performance within risk assets. MN Trading Capital founder Michael van de Poppe suggested that Bitcoin may not require a fresh narrative to push back above $100,000. In a post on X, he asked what narrative would drive BTC to the milestone and concluded that “price moves upwards, and the narrative will create itself.” He continued that ...
Post a Comment
Read more