Kelp rsETH Bridge Exploit Drains $293M, Contracts Paused
A vulnerability in Kelp’s rsETH adapter bridge allowed an attacker to drain about $293 million on Saturday, prompting Kelp and multiple DeFi platforms to pause rsETH contracts.
Kelp, a liquid restaking protocol, was hit by an exploit on Saturday after a vulnerability in its rsETH adapter bridge contract allowed an attacker to drain about $293 million. Kelp paused rsETH contracts across Ethereum mainnet and several Layer-2 networks and opened an investigation.
Blockchain security firm Cyvers traced the breach to the rsETH adapter bridge contract, the code that connects Kelp’s rsETH token to other networks. Cyvers reported roughly $293 million in losses and said the attacker routed funds through an address funded by the Tornado Cash mixer and converted an estimated $250 million of the stolen assets into Ether.
DeFi platforms moved quickly after the breach. Aave froze rsETH markets on its V3 and V4 deployments. Cyvers reported that at least nine protocols had exposure to rsETH and suspended activity tied to the token. On-chain transaction traces show rapid movement of funds after the breach, complicating recovery efforts.
Kelp has not provided details beyond the contract pause while it investigates. Security teams and other protocol operators are monitoring wallets linked to the exploit for further fund movements or laundering attempts.
Deddy Lavid, CEO of Cyvers, described the incident as ‘exactly the kind of incident that highlights the risks of composability in DeFi’ and said the rsETH adapter bridge connects the restaking token to other parts of the Ethereum ecosystem, so a flaw there can affect multiple networks and integrated platforms.
The Kelp exploit follows several recent high-value breaches. In April, Drift Protocol reported an exploit that drained about $280 million. Industry tallies show hacks and scams led to roughly $482 million in losses in the first quarter of 2026.
On-chain forensic teams are mapping the flow of stolen assets and looking for smart contract or exchange interactions that could help trace or freeze the funds. Protocol teams exposed to rsETH have paused relevant markets and are coordinating on countermeasures. The DeFi community is awaiting further disclosures from Kelp and security firms about the vulnerability and any possibility of recovery.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
