Kelp DAO Hack Exposes Cross-Chain Risks as $292M DeFi Exploit Shakes Market

The biggest DeFi hack of 2026 so far has put cross-chain infrastructure back under pressure. Kelp DAO’s rsETH bridge was exploited for about $292 million, triggering freezes across lending markets and raising new questions about whether DeFi’s most connected protocols are also its weakest points.

The attack hit Kelp DAO’s rsETH, a liquid restaking token connected to Ethereum restaking through EigenLayer. Reports say the attacker drained around 116,500 rsETH, worth about $292 million, from a LayerZero-powered cross-chain bridge.

That amount represented roughly 18% of rsETH’s circulating supply, which is why the shock spread so quickly. In DeFi, one asset is rarely isolated. Once rsETH was used as collateral elsewhere, the incident moved from a single-protocol exploit into a wider market-structure problem.

The core issue was not only the size of the theft. It was where the exploit happened. Cross-chain bridges connect liquidity across networks, but when that bridge logic fails, the damage can move faster than teams can pause contracts.

The main pressure points were clear:

• 116,500 rsETH was drained from Kelp-linked infrastructure,

• the value was around $292 million at the time of the exploit,

• rsETH markets were frozen on Aave after the incident,

• multiple DeFi platforms had exposure to the same asset,

• Kelp DAO paused rsETH contracts while teams investigated suspicious cross-chain activity.

This is exactly why risk management matters in crypto. Even if a trader is not using the hacked protocol directly, contagion can hit collateral markets, token prices, and liquidity conditions fast.

Aave said its own protocol was not exploited, but its Guardian froze rsETH and wrsETH markets across deployments after being alerted to the incident. According to Aave’s governance forum, the problem was scoped to the rsETH asset and did not come from an Aave vulnerability.

This was not “Aave got hacked.” It was a Kelp-linked rsETH exploit that created risk for lending markets where rsETH had been accepted as collateral. Coindesk also reported that Aave’s total value locked dropped by about $6.6 billion after the incident.

The Kelp DAO hack shows why DeFi security is no longer only a developer concern. When a liquid restaking asset is integrated across lending platforms, bridges, and chains, one weak link can create a chain reaction.

For traders, this changes how DeFi risk should be viewed:

• protocol risk can spread into lending markets,

• collateral can become dangerous faster than expected,

• bridge exploits can affect assets across multiple chains,

• liquidity can disappear before users react,

• DeFi contagion risk can pressure unrelated tokens.

That is also where crypto hedging becomes practical. In a market where smart-contract or bridge risk can trigger sudden price moves, downside protection is not just a theory.

The immediate lesson is simple: composability cuts both ways. It makes DeFi powerful because assets can be used across protocols, but it also means bad collateral can travel quickly through the system. The rsETH exploit showed how fast that can happen.

Execution also matters during moments like this. When panic spreads across DeFi, spreads can widen, liquidity can thin, and exits may be worse than expected. Traders dealing with fast-moving markets should understand slippage in crypto before assuming that quoted prices will hold during stress.

The Kelp DAO hack was not just another large exploit. It exposed how cross-chain bridges, restaking tokens, and lending markets can turn one security failure into a wider DeFi stress event.

The key takeaway is not that DeFi is dead. It is that DeFi is becoming more interconnected, and that makes security failures more dangerous. In our opinion, the safest response is not panic, but better process: understand collateral risk, watch liquidity, and treat crypto derivatives and hedging tools as part of a broader risk framework.