Breaking: Kelp DAO hit by massive cross-chain exploit that drained ~116,500 rsETH (~$292M)
Kelp DAO has suffered a major cross-chain breach that drained roughly 116,500 rsETH — about $292 million at current prices — renewing fears about bridge security less than a year after the protocol’s last disruption tied to a smart-contract bug.
What happened
- On-chain data show the attacker exploited a weakness in cross-chain messaging, targeting the bridge mechanism used to move rsETH across networks. The exploit was carried out via a call to the “Iz Receive” function on LayerZero’s EndpointV2, which ultimately released funds to an attacker-controlled wallet.
- Blockchain investigator ZachXBT was among the first to flag the incident, estimating losses north of $280 million across Ethereum and Arbitrum. He also noted that the attacker addresses were initially funded through Tornado Cash, suggesting efforts to obscure the funds’ origin.
Kelp DAO’s response
- Kelp immediately paused rsETH contracts on mainnet and several L2s, and froze core systems handling deposits, withdrawals and oracle feeds.
- The team says it is working with LayerZero, Unichain, its auditors and top security experts on a root-cause analysis and an ongoing investigation.
- The attacker attempted two additional transactions to siphon another ~40,000 rsETH (nearly $100 million), but Kelp’s rapid pause prevented those attempts from succeeding — keeping total losses from potentially ballooning to around $391 million.
Contagion and market reaction
- The fallout spread quickly into lending markets. Aave froze rsETH markets on both V3 and V4 deployments as a precautionary measure to limit new exposure and borrowing against rsETH. Aave clarified its own contracts were not compromised and said the freeze is to prevent further debt accumulation while it assesses mitigation options should bad debt materialize.
Why this matters
- rsETH is a liquid restaking token that represents staked ETH while enabling additional yield via restaking strategies. It’s a backbone asset in cross-chain DeFi, used on networks such as Arbitrum, Base and Scroll.
- The stolen amount equals roughly 18% of rsETH’s circulating supply — a severe hit to liquidity and user confidence in both the token and the cross-chain systems that support it.
What’s next
- Investigations are ongoing and Kelp has signaled it will keep the community updated as results come in. Given the involvement of LayerZero’s Endpoint function, this incident will likely trigger heightened scrutiny across other bridge implementations and restaking primitives that rely on similar cross-chain messaging patterns.
We’ll update as more technical findings and recovery details become available.
Read more AI-generated news on: undefined/news
