Kelp restaking platform exploited, $293M drained in attack

The attack caused a "cross-protocol contagion" that has impacted at least nine crypto protocols, blockchain security firm Cyvers said.

Kelp, a liquid restaking protocol, was the victim of a cyber attack on Saturday, causing the platform to pause smart contracts for its restaking token (rsETH), as it “investigates” the attack amid reports of hundreds of millions of dollars in losses.

“Earlier today, we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several Layer-2s,” the Kelp platform said in an X post.

The attacker exploited the rsETH adapter bridge contract, the software code that manages Kelp’s rsETH token, and drained the platform of about $293 million in funds, according to blockchain security firm Cyvers.

The attacker used a Tornado Cash crypto mixer-funded address and has already converted about $250 million of the stolen funds to Ether (ETH), the native cryptocurrency of the Ethereum layer-1 blockchain network, Cyvers told Cointelegraph.

In response to the attack, decentralized finance (DeFi) platform Aave announced it had frozen rsETH markets on Aave V3 and V4. At least nine crypto protocols had exposure to the token and have frozen activity on their platforms in response, Cyvers said.

“This is exactly the kind of incident that highlights the risks of composability in DeFi,” Deddy Lavid, CEO of Cyvers, told Cointelegraph. Cointelegraph reached out to Kelp but did not obtain a response by the time of publication. 

The incident is the latest in a string of cybersecurity hacks and exploits of crypto platforms over the last several months, as crypto losses from hacks and scams totaled about $482 million in Q1 2026.

Related: Fake Ledger Live app on Apple App Store drained $9.5M from victims: ZachXBT

Decentralized cryptocurrency exchange Drift Protocol also suffered an exploit in April, which drained the platform of about $280 million.

The Drift Protocol team said the attack took “months of deliberate preparation,” in which the team was infiltrated by suspected North Korean state-affiliated hackers.

In a post-mortem update, the Drift team said they met the attackers at a “major” crypto conference and collaborated with them for several months before the attackers deployed malware on developer machines and compromised the platform. 

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks

Source: CoinTelegraph