Kelp, a liquid restaking protocol, was hit by a cyberattack on Saturday, forcing the project to pause smart contracts tied to its restaking token rsETH while investigators work to assess the damage.
“Kelp identified suspicious cross-chain activity involving rsETH earlier today. We have paused rsETH contracts across mainnet and several Layer-2s,” the project said in a post on X.
Blockchain security firm Cyvers reported the attacker exploited the rsETH adapter bridge contract—the component that manages Kelp’s rsETH token—and removed approximately $293 million from the platform. Cyvers added the attacker used an address funded through the Tornado Cash mixer and has converted roughly $250 million of the stolen assets into Ether (ETH).
In response to the incident, decentralized finance platform Aave froze rsETH markets on both Aave V3 and V4. Cyvers said at least nine crypto protocols had exposure to rsETH and that several paused activity to reduce the risk of contagion.
“This is exactly the kind of incident that highlights the risks of composability in DeFi,” Deddy Lavid, CEO of Cyvers, told Cointelegraph. Cointelegraph contacted Kelp for comment but had not received a response by the time of publication.
The Kelp breach follows a spate of attacks on crypto platforms. Industry tallies put losses from hacks and scams at about $482 million in Q1 2026. One high-profile case in April saw decentralized exchange Drift Protocol lose roughly $280 million in an exploit that, according to Drift’s post-mortem, involved months of deliberate preparation. Drift said attackers reportedly gained insider access by cultivating relationships with team members at a major crypto conference, deployed malware on developer machines and ultimately compromised the platform.
Readers are encouraged to verify details independently. Cointelegraph states this article was produced according to its Editorial Policy, aiming for transparent and independent reporting.