Close Menu
Crypto Breaking News
    Crypto Breaking News
    • News
      • Press Release
      • Featured
      • Events
      • Exchanges
      • Bitcoin
      • Ethereum
      • Solana
      • Ripple
      • Artificial Intelligence (AI)
      • Real World Assets (RWA)
      • Markets & Finance
      • Regulation & Policy
      • Press Releases by PR Newswire
      • News by CoinPedia
      • News by Coincu
      • News by Blockchain Wire
    • Crypto
      • Companies
      • Events
      • Partners
      • Buy Crypto
      • Timers
    • Advertise
      • Submit a Press Release
      • Logos
      • About
      • Services
    • Offers
      • Marketing Services
      • Wallets & Tools
    • Account
    • Video
    • Contact
    Submit PR
    Crypto Breaking News
    Crypto News Ethereum Exchanges Ripple

    Kelp Restaking Protocol Exploited, $293M Drained

    19 April 2026
    FacebookTwitterLinkedInCopy Link
    News Feed
    Google NewsRSS
    Kelp Restaking Protocol Exploited, $293m Drained
    Kelp Restaking Protocol Exploited, $293m Drained

    DeFi markets faced another high-profile setback this weekend as Kelp, a liquid restaking protocol, disclosed a cyber attack targeting its rsETH restaking token. The incident prompted an immediate pause of rsETH smart contracts across Kelp’s mainnet and multiple Layer-2 networks as the project investigates potentially hundreds of millions of dollars in losses. Blockchain security firm Cyvers later pegged the damage at about $293 million, signaling a significant hit to users and counterparties tied to the restaking ecosystem.

    Kelp stated on X that it detected suspicious cross-chain activity involving rsETH and subsequently halted rsETH contracts on mainnet and several Layer-2s to prevent further damage while the investigation unfolds. Cyvers added that the attacker exploited the rsETH adapter bridge—the software component that manages the rsETH token—allowing the drain of funds from the platform. The firm also noted that the attacker has been actively moving funds, with a substantial portion converted into Ethereum (ETH).

    In the wake of the breach, the attacker’s on-chain activity has increasingly relied on a Tornado Cash mixer-funded address. Cyvers reported that roughly $250 million of the stolen funds had already been swapped into ETH, underscoring the challenge of tracing and recovering assets in the DeFi space once they leave the original contract domains.

    Key takeaways

    • The Kelp rsETH attack reportedly drained about $293 million, triggering contract pauses across Kelp’s mainnet and several Layer-2 networks as investigators assess the damage.
    • The attacker targeted the rsETH adapter bridge, leveraging cross-chain dynamics that underscore risks inherent to DeFi composability and restaking ecosystems.
    • At least nine protocols with exposure to rsETH reportedly froze activity in response, while Aave moved to suspend rsETH markets on V3 and V4 to contain risk.
    • Approximately $250 million of the stolen funds have been converted to ETH, with the attacker utilizing a Tornado Cash mixer-funded address, complicating on-chain tracing efforts.

    Attack details and ecosystem response

    According to Kelp, the breach traces to irregular cross-chain activity linked to rsETH, prompting an immediate safety pause to contain potential further loss. The company’s moderation was swift, spanning mainnet and several Layer-2 deployments, as the team works through the incident. While Kelp is conducting its investigation, the broader DeFi community has begun to map the ripple effects beyond a single protocol.

    Blockchain security firm Cyvers provided a stark figure for the loss, estimating the total at about $293 million. The firm’s analysis highlights the risk that bridges and adapters—components that enable tokens like rsETH to move across chains—present when vulnerabilities exist in the bridging layer. The incident aligns with a pattern of high-severity exploits aimed at cross-chain and interoperable DeFi primitives, where a single compromised bridge can force widespread disruption across multiple protocols.

    In response to the breach, several DeFi platforms publicly paused or limited exposure to rsETH. Notably, Aave—one of the largest DeFi lenders—announced that rsETH markets had been frozen on its V3 and V4 deployments. Cyvers notes that at least nine protocols reportedly had exposure to rsETH and executed precautionary freezes or withdrawal restrictions as a precautionary measure to prevent cascading losses.

    Analysts and observers have highlighted a core risk exposed by the incident: the compounding nature of DeFi’s composability. When multiple protocols rely on a shared token or bridge, a vulnerability in one hinge can reverberate across the entire network, forcing sudden risk management actions across an otherwise diversified ecosystem. Cyvers senior leadership emphasized to Cointelegraph that this is precisely the kind of incident that underscores the fragility and complexity of modern DeFi infrastructure when bridges and adapters are compromised.

    Contextual backdrop: a string of cybersecurity incidents

    The Kelp attack sits within a broader panorama of DeFi hacks observed over the past several months. In late April, Drift Protocol—a decentralized derivatives exchange—suffered a major exploit that drained roughly $280 million from the platform. Drift’s post-mortem described a months-long intrusion, noting the attackers’ alleged infiltration of developer machines and the eventual deployment of malware. The incident traced to a sophisticated operation that reportedly included access gained at a large crypto conference, followed by collaboration with the attackers before the breach unfolded.

    Taken together, these events illuminate a persistent security challenge for the nascent DeFi stack: attackers are increasingly targeting the risk-prone layers of cross-chain interoperability and restaking mechanisms, where a single vulnerability can cascade into sizable losses across multiple protocols. Industry participants continue to debate the best path forward—ranging from more stringent bridge audit standards to enhanced multi-party computation (MPC) and formal verification for cross-chain components.

    What this means for investors, users, and builders

    For users and liquidity providers, the Kelp incident underscores the importance of understanding the specific risk profiles of restaking and cross-chain primitives. Restaking naturally introduces an expanded attack surface: while it offers potential yield enhancements, it also increases reliance on the security of adapter contracts and bridges that connect across layers of the ecosystem. Investors should monitor how protocols respond to such incidents, particularly regarding fund recovery efforts, contingency plans, and the timelines for resuming normal operations.

    From a builder’s perspective, the episode highlights several priorities: rigorous security testing of bridge and adapter code, heightened monitoring for cross-chain anomalies, and clearer disclosure frameworks around incident response. The drift toward rapid, publicized pauses—while essential for risk containment—also presses for standardized playbooks so that platforms can coordinate responses without sacrificing user trust.

    Regulators and policymakers may also take note of the evolving security landscape, especially as DeFi protocols broaden their engagement with restaking mechanisms and more intricate cross-chain flows. The balance between innovation and resilience will likely shape ongoing discussions around security best practices and capital-adequacy considerations for DeFi incumbents as they scale.

    Closing perspective

    As the Kelp investigation unfolds, observers will be watching for a clearer accounting of the breach’s root causes, the effectiveness of the emergency pauses, and any progress toward asset recovery. The incident, along with Drift’s earlier breach, reinforces a central theme for the crypto markets: cross-chain and restaking infrastructures demand heightened scrutiny, robust security postures, and coordinated risk management across the ecosystem. Readers should stay tuned for updates on Kelp’s findings, the status of rsETH across major platforms, and any new measures aimed at hardening DeFi’s interconnected layers.

    Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

    Crypto Breaking News
    • Website
    • Facebook
    • X (Twitter)
    • Pinterest
    • Instagram
    • Tumblr
    • LinkedIn

    The Crypto Breaking News editorial team curates the latest news, updates, and insights from the global cryptocurrency and blockchain industry.

    Related Posts

    Ai Future Forum 2026 To Launch In Dubai With Blockchain Life

    Global Premiere: AI Future Forum 2026 in Dubai!

    10 hours ago
    Kaspersky Flags Malware Framework Targeting Crypto Investors

    Kaspersky Flags Malware Framework Targeting Crypto Investors

    10 hours ago
    Kaspersky Flags Malware Framework Aimed At Crypto Investors

    Kaspersky Flags Malware Framework Aimed at Crypto Investors

    11 hours ago
    France Orders Isps To Geoblock Polymarket Over Gambling Rules

    France Orders ISPs to Geoblock Polymarket Over Gambling Rules

    12 hours ago
    French Gambling Regulator Orders Isps To Block Polymarket Access

    French Gambling Regulator Orders ISPs to Block Polymarket Access

    13 hours ago
    Chip Stocks Enter Bear Market After Moonshot Ai Unveils Kimi K3 Model

    Chip Stocks Enter Bear Market After Moonshot Ai Unveils Kimi K3 Model

    14 hours ago

    Search Crypto News

    Featured Crypto News

    Ai Future Forum 2026 To Launch In Dubai With Blockchain Life

    Global Premiere: AI Future Forum 2026 in Dubai!

    10 hours ago

    Latest News

    • Global Premiere: AI Future Forum 2026 in Dubai!
    • Kaspersky Flags Malware Framework Targeting Crypto Investors
    • Kaspersky Flags Malware Framework Aimed at Crypto Investors
    • France Orders ISPs to Geoblock Polymarket Over Gambling Rules
    • French Gambling Regulator Orders ISPs to Block Polymarket Access
    • Chip Stocks Enter Bear Market After Moonshot Ai Unveils Kimi K3 Model
    • Telegram Session Hijacking Used in macOS Malware to Steal Crypto Wallets
    • MiCA Licensing Faces Delays as ESMA Adds 14 CASPs to Register
    • SBI Completes Coinhako Acquisition After MAS Regulatory Approval
    • Warren Seeks 2026 Reports on Trump Crypto Earnings After $1.4B Disclosure

    Join 20,000+ Crypto Followers

    • Facebook2.4K
    • Twitter4.5K
    • Instagram7.2K
    • LinkedIn4.3K
    • Telegram55
    • Threads1000
    Tangem 300x300
    Ledger

    About Crypto Breaking News

    About Crypto Breaking News

    Crypto Breaking News is a fast-growing digital media platform focused on the latest developments in cryptocurrency, blockchain, and Web3 technologies. Our goal is to provide fast, reliable, and insightful content that helps our readers stay ahead in the ever-evolving digital asset space.

    Web3 Digital L.L.C-FZ
    License Number: 2527596
    📞 +971 50 449 2025
    ✉️ info@cryptobreaking.com
    📍Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates

    FacebookX (Twitter)InstagramPinterestYouTubeTumblrBlueskyLinkedInRedditTikTokTelegramThreadsRSS

    Links

    • Crypto News
    • Submit a Press Release
    • Advertise
    • Contact Us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    • Stocks Breaking News

    advertising

    Tangem 300x300
    © 2026 CryptoBreaking.com | All rights reserved | Powered by Web3 Digital & Osom One

    Type above and press Enter to search. Press Esc to cancel.

    Change Location
    Find awesome listings near you!