On April 17, the liquid restaking protocol Kelp was hit by a hacker attack, resulting in a loss of approximately $293 million.
🚨 $293M EXPLOIT DETECTED: Cyvers AI systems have identified a massive attack on @KelpDAO .
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 18, 2026
Our platform flagged the breach in real-time, tracking ~$293.7M drained from the protocol's RSETH Adapter. Currently, ~$250M has already been swapped to $ETH and is held across two… pic.twitter.com/E2bnoZh0Eu
According to analysts at CyversAlerts, the attacker exploited a vulnerability in the cross-chain bridge of the rsETH token on the LayerZero platform. At 17:35 UTC, the perpetrator triggered the lzReceive function in the EndpointV2 contract, initiating a transfer of 116,500 rsETH to a personal address.
The funds for the attack were obtained through the crypto mixer Tornado Cash.
The Kelp team responded to the incident approximately 46 minutes later. After detecting suspicious activity, an emergency pause mechanism was activated in the rsETH token configuration contract, causing a cascading halt of other protocol components.
Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate.
— Kelp (@KelpDAO) April 18, 2026
We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA.
We will keep you…
"We have paused rsETH contracts on the mainnet and several L2s while we conduct our investigation. We are collaborating with [LayerZero], [Unichain], our auditors, and leading security experts on root cause analysis," the project representatives stated.
The DeFi protocol Aave also froze rsETH markets on V3 and V4 platforms.
After the halt, the attacker made two more attempts to withdraw funds, but the transactions were successfully canceled. In both instances, they attempted to transfer 40,000 rsETH (approximately $100 million).
This marks the second cybersecurity incident for the Kelp token. In April 2025, the protocol paused deposits and withdrawals after a fee agreement error led to excessive creation of rsETH.
According to CoinGecko, the situation has not significantly impacted the price of the affected coin. However, the stolen 116,500 rsETH accounts for about 18% of the total circulating supply.
The attack negatively affected the price of AAVE due to concerns about potential issues with non-repayable loans. Over the course of a day, the asset dropped nearly 20%.
15-minute chart of AAVE/USDT on Binance. Source: TradingView.It is worth noting that on April 1, the DeFi platform Drift Protocol on Solana suffered a hacker attack, with the perpetrator stealing at least $280 million.