{"id":96298,"date":"2026-04-19T10:51:54","date_gmt":"2026-04-19T07:51:54","guid":{"rendered":"https:\/\/u1f987.com\/en\/?p=96298"},"modified":"2026-04-19T10:55:15","modified_gmt":"2026-04-19T07:55:15","slug":"kelp-protocol-loses-293-million-following-cross-chain-bridge-attack","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/kelp-protocol-loses-293-million-following-cross-chain-bridge-attack\/","title":{"rendered":"Kelp Protocol Loses $293 Million Following Cross-Chain Bridge Attack"},"content":{"rendered":"<p>On April 17, the liquid <span class='old_tooltip' data-descr='restaking'>restaking<\/span> protocol Kelp suffered a hacker attack, resulting in a loss of approximately $293 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 $293M EXPLOIT DETECTED: Cyvers AI systems have identified a massive attack on <a href=\"https:\/\/twitter.com\/KelpDAO?ref_src=twsrc%5Etfw\">@KelpDAO<\/a> .<\/p>\n<p>Our platform flagged the breach in real-time, tracking ~$293.7M drained from the protocol&#8217;s RSETH Adapter. Currently, ~$250M has already been swapped to <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> and is held across two\u2026 <a href=\"https:\/\/t.co\/E2bnoZh0Eu\">pic.twitter.com\/E2bnoZh0Eu<\/a><\/p>\n<p>\u2014 \ud83d\udea8 Cyvers Alerts \ud83d\udea8 (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/2045596550882001142?ref_src=twsrc%5Etfw\">April 18, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to analysts at CyversAlerts, the attacker exploited a vulnerability in the <span class='old_tooltip' data-descr='cross-chain'>cross-chain<\/span> bridge of the rsETH token on the LayerZero platform. At 17:35 UTC, the perpetrator <a href=\"https:\/\/etherscan.io\/tx\/0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222\">invoked<\/a> the lzReceive function in the EndpointV2 contract, initiating the transfer of 116,500 rsETH to a personal address.<\/p>\n<p>The funds for the attacker&#8217;s wallet were obtained through the crypto mixer Tornado Cash.<\/p>\n<p>The Kelp team responded to the incident approximately 46 minutes later. Upon detecting suspicious activity, an emergency pause mechanism in the rsETH token configuration contract was triggered, causing a cascading halt of other protocol components.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate.<\/p>\n<p>We are working with <a href=\"https:\/\/twitter.com\/LayerZero_Core?ref_src=twsrc%5Etfw\">@LayerZero_Core<\/a>, <a href=\"https:\/\/twitter.com\/unichain?ref_src=twsrc%5Etfw\">@unichain<\/a>, our auditors and top security experts on RCA. <\/p>\n<p>We will keep you\u2026<\/p>\n<p>\u2014 Kelp (@KelpDAO) <a href=\"https:\/\/twitter.com\/KelpDAO\/status\/2045595819035046148?ref_src=twsrc%5Etfw\">April 18, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;We have paused rsETH contracts on the mainnet and several L2s while we conduct an investigation. We are working with [LayerZero], [Unichain], our auditors, and leading security experts on root cause analysis,&#8221; project representatives stated.\u00a0<\/p>\n<\/blockquote>\n<p>The DeFi protocol Aave also <a href=\"https:\/\/x.com\/aave\/status\/2045592139577602556?s=20\">froze<\/a> rsETH markets on the V3 and V4 platforms.<\/p>\n<p>After the halt, the attacker made two more attempts to withdraw funds, but the transactions were successfully canceled. In both cases, they attempted to transfer 40,000 rsETH (~$100 million).<\/p>\n<p>This marks the second cybersecurity incident for the Kelp token. In April 2025, the protocol <a href=\"https:\/\/governance.aave.com\/t\/rseth-precautionary-freezing-30-04-2025\/21925\">suspended<\/a> deposits and withdrawals after a fee agreement error led to the excessive creation of rsETH.<\/p>\n<p>According to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/kelp-dao-restaked-eth?chart=type%3Dprice%26mode%3Dline%26timeframe%3Dd7\">CoinGecko<\/a>, the situation did not significantly impact the affected coin&#8217;s prices. However, the stolen 116,500 rsETH represents approximately 18% of the total circulating supply.\u00a0<\/p>\n<p>The attack adversely affected the price of AAVE due to reports of potential issues with non-repayable loans. The asset&#8217;s value <a href=\"https:\/\/www.coingecko.com\/en\/coins\/aave?chart=type%3Dprice%26mode%3Dline%26timeframe%3Dd7\">dropped<\/a> nearly 20% in a day.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/img-e73c169427bced85-2186126553113345.webp\" alt=\"image\" class=\"wp-image-278647\"\/><figcaption class=\"wp-element-caption\">15-minute AAVE\/USDT chart on Binance exchange. Source: <a href=\"https:\/\/www.tradingview.com\/symbols\/AAVEUSDT\/\">TradingView<\/a>.<\/figcaption><\/figure>\n<p>Back on April 1, the DeFi platform Drift Protocol on Solana <span class='old_tooltip' data-descr='was subjected to'>was subjected to<\/span> a hacker attack. The perpetrator withdrew at least $280 million.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On April 17, the liquid restaking protocol Kelp suffered a hacker attack, resulting in a loss of approximately $293 million.<\/p>\n","protected":false},"author":1,"featured_media":96299,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Kelp protocol hacked, losing $293M; attacker exploited cross-chain bridge vulnerability.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1424,1263],"class_list":["post-96298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-protocols","tag-restaking"],"aioseo_notices":[],"amp_enabled":true,"views":"47","promo_type":"1","layout_type":"1","short_excerpt":"Kelp protocol hacked, losing $293M; attacker exploited cross-chain bridge vulnerability.","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/96298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=96298"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/96298\/revisions"}],"predecessor-version":[{"id":96300,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/96298\/revisions\/96300"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/96299"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=96298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=96298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=96298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}