Crypto Hack Exposes $290 Million Vulnerability, Raises Concerns Over DeFi Stability
Crypto Hackers Drain Nearly $300 Million from Decentralized Finance Infrastructure
A devastating cyber attack on a cross-chain bridge has left the decentralized finance (DeFi) sector reeling, with hackers draining nearly $300 million from a key piece of infrastructure. The attack, which occurred on Saturday, targeted a bridge built using LayerZero, a system that enables different blockchains to communicate.
The attacker exploited the bridge by siphoning approximately 116,500 rsETH, a token issued by Kelp DAO that represents "restaked" Ether. The total losses are estimated at roughly $293 million, making it the largest DeFi exploit of 2026.
Kelp DAO, a restaking protocol that allows users to deposit popular staking tokens like stETH or cbETH and receive rsETH in return, quickly responded to the breach by pausing rsETH contracts across mainnet and several L2s while it investigates. The protocol's flexibility has helped rsETH spread widely across decentralized lending, trading, and liquidity platforms.
Read also: Bitcoin Price Sinks 6% Below $66,500 Amid ETF Outflows and Institutional Selling
The interconnectedness of DeFi protocols has turned the breach into a broader market issue, with at least nine other platforms affected, according to security firm Cyvers. This is because DeFi protocols are often stacked on top of each other, with assets like rsETH reused across multiple services, such as collateral for loans or liquidity in trading pools.
| Protocol | Locked Assets | Affected Markets |
|---|---|---|
| Kelp DAO | - | rsETH contracts paused |
| Aave | $20 billion | rsETH markets frozen |
| Other platforms (at least 9) | - | Various |
Aave, the largest DeFi lending protocol, froze markets related to rsETH to contain the damage. "Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed," the platform said. Its token was down 20% during Asian trading hours on Sunday, according to Coingecko.
Cyvers Chief Technology Officer Meir Dolev said the situation could have been worse, with the protocol just three minutes away from losing an additional $100 million. A rapid blacklist blocked a second attempt by the attacker.
Read also: Bitcoin's Inflation-Hedging Potential Erodes as Price Falls Below $70,000
The hack surpasses an earlier breach of Solana-based project Drift as the biggest DeFi exploit this year, and comes at a sensitive moment for the sector.
Investor Takeaway
Investors should exercise caution and closely monitor DeFi stability in the wake of this significant hack.
More in General
Bitcoin Price Sinks 6% Below $66,500 Amid ETF Outflows and Institutional Selling
Bitcoin's Inflation-Hedging Potential Erodes as Price Falls Below $70,000
Bitcoin Falls Below $71,000 as Market Sees Widespread Liquidation and Heightened Geopolitical Risk
