Kelp exploit highlights problem with non-isolated DeFi lending: Crypto execs

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance.

The exploit of the Kelp liquid restaking protocol shows how non-isolated lending and integrations in decentralized finance (DeFi) can cause broader ecosystem contagion, according to crypto industry executives and blockchain security firms.

Non-isolated lending on DeFi platforms, including earlier versions of the Aave lending protocol, exposes users to risks from all the various tokens used as collateral on the platforms, according to Michael Egorov, founder of the Curve Finance DeFi protocol.

Kelp was the target of a cyber attack on Saturday, causing the platform to pause smart contracts for its restaking token (rsETH) while it moved to investigate the attack that left the platform drained of about $293 million.DeFi teams should also vet prospective digital assets to ensure that tokens do not feature single points of failure or attack surfaces before approving tokens as lending collateral on their platforms, Egorov said in an email.

He also warned against using cross-chain bridging architecture to transfer assets from one blockchain protocol to another, which was the root cause of this weekend’s Kelp exploit.

“Cross-chain is hard and potentially risky. Only use cross-chain infrastructure when absolutely necessary, and do it really carefully,”  Egorov said.

He said the incident is a learning experience for DeFi, which the sector can use to grow and implement better cybersecurity protections as losses from crypto hacks, code exploits and scams reached $482 million in Q1 2026.

Related: DAO behind CoW Swap urges users to stay off platform after ‘hijacking’

“This was not just a protocol exploit. It immediately became a cross-protocol contagion event,” blockchain security firm Cyvers told Cointelegraph.

At least nine DeFi protocols and platforms, including Aave, Fluid, Compound Finance, SparkLend and Euler, were affected in the incident and took action to freeze rsETH markets or mitigate the fallout from the Kelp exploit, Cyvers said.

“The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols,” Cyvers CEO Deddy Lavid told Cointelegraph. 

The exploit on Kelp followed the $280 million Drift Protocol decentralized exchange hack last week and at least 12 other crypto platforms and DeFi hacks earlier this month.

Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time

Source: CoinTelegraph