Kelp hack drains $293M, halts rsETH amid DeFi contagion

Kelp’s liquid restaking protocol was exploited on Saturday, draining about $293 million and prompting the team to pause smart contracts for its restaking token, rsETH. Funds moved quickly across multiple protocols and blockchains as investigators traced the transfers.

At least nine decentralized finance platforms were affected, including Aave, Fluid, Compound Finance, SparkLend and Euler. Several platforms froze rsETH markets or put emergency measures in place to limit losses and address sudden liquidity strains.

Michael Egorov, founder of Curve Finance, wrote that non‑isolated lending architectures — where a lending pool accepts many token types as shared collateral — expose all users to a failure of any single accepted token. He also warned that cross‑chain bridging increases the number of potential attack points and recommended careful vetting of tokens before they are approved as collateral. Egorov wrote, “Non‑isolated lending means risk is shared across all collateral types on a platform.” He added, “Cross‑chain is hard and potentially risky. Only use cross‑chain infrastructure when absolutely necessary, and do it really carefully.”

Blockchain security firm Cyvers described the incident as a contagion that moved through integrated protocols rather than a single isolated flaw. Cyvers mapped rapid transfers that passed value through multiple contracts and chains. Deddy Lavid, the firm’s chief executive, said the event underscores the speed at which losses can cascade across connected systems: “The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols.”

The Kelp exploit came after a roughly $280 million breach at another decentralized exchange the prior week and follows several other hacks this month. Reported losses from hacks, code exploits and scams totaled $482 million in the first quarter of 2026.

Kelp’s immediate response included pausing smart contracts and coordinating with affected platforms to trace the flow of stolen funds. Security firms and on‑chain analysts produced transfer maps that showed assets moving through multiple chains, prompting lending platforms to freeze rsETH markets or alter risk parameters for depositors and borrowers.

Some DeFi projects have begun implementing changes intended to reduce similar risks. Those changes include stricter asset review processes before tokens are accepted as collateral, isolating lending markets so a single token’s failure does not affect all users, and limiting reliance on cross‑chain bridges. Several teams have quarantined tokens or set higher collateral requirements when exposure to a single asset is concentrated.

Kelp’s investigation is ongoing. Developers, security firms and platform operators are monitoring for secondary effects as teams continue to assess capital at risk and work to contain the incident.