$293M Vanishes Overnight: Inside the Shocking Kelp Restaking Platform Heist
Ever wonder if the decentralized finance (DeFi) world is really as bulletproof as it claims to be? Well, Kelp, a liquid restaking protocol, just got a brutal wake-up call. On Saturday, their platform had to hit the emergency pause on smart contracts tied to their restaking token, rsETH, after a slick cyber attack siphoned off nearly $293 million. It’s like watching a high-stakes digital heist unfold in real time — and the attacker even masked their moves through Tornado Cash, converting a massive chunk to Ether. What’s wilder? This isn’t an isolated misfortune. DeFi platforms like Aave and several others were quick to freeze activities, proving just how interlinked and vulnerable this space can be. It begs the question: in the tangled web of cross-chain composability, how long before others fall? If you think the crypto kingdom is impregnable, think again — this latest hack reminds us all it’s a digital wild west out there. LEARN MORE.
Kelp, a liquid restaking protocol, was the victim of a cyber attack on Saturday, causing the platform to pause smart contracts for its restaking token (rsETH), as it “investigates” the attack amid reports of hundreds of millions of dollars in losses.
“Earlier today, we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several Layer-2s,” the Kelp platform said in an X post.
The attacker exploited the rsETH adapter bridge contract, the software code that manages Kelp’s rsETH token, and drained the platform of about $293 million in funds, according to blockchain security firm Cyvers.
The attacker used a Tornado Cash crypto mixer-funded address and has already converted about $250 million of the stolen funds to Ether (ETH), the native cryptocurrency of the Ethereum layer-1 blockchain network, Cyvers told Cointelegraph.
In response to the attack, decentralized finance (DeFi) platform Aave announced it had frozen rsETH markets on Aave V3 and V4. At least nine crypto protocols had exposure to the token and have frozen activity on their platforms in response, Cyvers said.
“This is exactly the kind of incident that highlights the risks of composability in DeFi,” Deddy Lavid, CEO of Cyvers, told Cointelegraph. Cointelegraph reached out to Kelp but did not obtain a response by the time of publication.
The incident is the latest in a string of cybersecurity hacks and exploits of crypto platforms over the last several months, as crypto losses from hacks and scams totaled about $482 million in Q1 2026.
Related: Fake Ledger Live app on Apple App Store drained $9.5M from victims: ZachXBT
Drift Protocol hacked for $280 million
Decentralized cryptocurrency exchange Drift Protocol also suffered an exploit in April, which drained the platform of about $280 million.
The Drift Protocol team said the attack took “months of deliberate preparation,” in which the team was infiltrated by suspected North Korean state-affiliated hackers.
In a post-mortem update, the Drift team said they met the attackers at a “major” crypto conference and collaborated with them for several months before the attackers deployed malware on developer machines and compromised the platform.
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks
Post Comment