On April 18, liquid restaking protocol Kelp paused all smart contracts after a hacker attacked the rsETH adapter bridge contract. About $293 million was drained from the platform. Blockchain security firm Cyvers, which caught the attack first, described it as "cross-protocol contagion" - at least nine DeFi protocols were hit.
How the Kelp attack worked
Kelp is a liquid restaking protocol built on Ethereum. Its rsETH token lets users earn restaking rewards while keeping their assets liquid. The bridge contract handling cross-chain rsETH transfers turned out to be the weak point.
The attacker set up the exploit address through Tornado Cash, a mixer that obscures transaction origins. Before Kelp could respond, the attacker converted most of the stolen assets into ETH and moved them further down the chain. Cyvers tracked $250 million in ETH before the platform froze contracts.
Nine protocols halted activity
Aave was the first to act, freezing rsETH markets on V3 and V4. The token was widely used as collateral in the protocol, and continuing operations risked further losses for depositors. The freeze decision came within hours of the attack being detected.
- At least 9 DeFi protocols held open positions in rsETH
- Kelp stopped contracts on mainnet and several L2 networks
- Cyvers detected the attack before the team issued any official statement
- Kelp's official statement: "We identified suspicious cross-chain activity and are investigating"
Composability risk: what DeFi pays for being connected
Cyvers CEO Deddy Lavid put it plainly: "This is exactly the kind of incident that highlights the risks of composability in DeFi." Composability means protocols can interact like building blocks. Every bridge, every wrapped token, every new layer adds another potential entry point for attackers.
When one token serves as collateral across nine systems at once, a single exploit cascades through all nine. Restaking, by design, is built on that same interconnected logic. That makes it a top target.
DeFi hacks in 2026: the streak continues
The Kelp attack came weeks after Drift Protocol lost $280 million to hackers who spent months infiltrating the developer team. Per Cyvers data, crypto losses from hacks and scams in Q1 2026 alone reached about $482 million.
Restaking protocols have long been flagged as high-risk due to complex architecture and cross-chain bridge dependencies. Kelp confirmed those concerns were well-placed.
What happens next
Kelp had not responded to media inquiries at the time of publication. The team only confirmed that an investigation was ongoing, with no timeline or details given. Most of the stolen funds have already been converted and moved from identified addresses - tracing them back will be difficult.
Comments
Your email address will not be published. Required fields are marked *