Particle.news
Get it on Google Play
Download on the App Store
20 ARTICLES
·
3w ago

Kelp DAO Bridge Hack Drains $292 Million and Puts Aave at Risk of Major Bad Debt

A forged LayerZero message turned unbacked rsETH into accepted collateral across lending markets.

Image
Image
2026's biggest crypto exploit: $292 million gets drained from kelp dao with wrapped ether stranded across 20 chains
Zachxbt flags $280m+ kelpdao exploit hitting ethereum defi lending markets

Overview

  • An attacker drained 116,500 rsETH worth about $292 million from Kelp DAO’s LayerZero-powered bridge at 17:35 UTC on Saturday, a hit equal to roughly 18% of the token’s supply; rsETH is Kelp’s liquid restaking token tied to ETH rewards.
  • The bridge held reserves that back wrapped rsETH on more than 20 networks, which now raises questions for holders on those chains about what their tokens are actually redeemable for.
  • Using the stolen rsETH as collateral, the attacker borrowed large amounts of wrapped ether on Aave, Compound, and Euler, leaving Aave reviewing an unresolved bad-debt hole estimated between about $177 million and $236 million.
  • Aave froze rsETH markets on V3 and V4 and said its contracts were not exploited, while Kelp paused rsETH on mainnet and several L2s and other projects, including SparkLend, Fluid, Lido’s earnETH, and Ethena, took precautionary steps.
  • Markets marked down risk with AAVE down about 10%, ETH off roughly 3%, and reports of more than $520 million in stablecoins exiting Ethereum, in what is now 2026’s largest DeFi exploit after a month of high-value hacks.