Bridge breach sends DeFi reeling

Hackers exploited a cross-chain bridge tied to liquid restaking protocol Kelp DAO on Saturday, draining about $290 million in rsETH and sending shockwaves through decentralised finance markets as the losses spread into lending platforms and renewed questions over the security of multichain infrastructure. Bloomberg reported the theft at nearly $300 million, while market and on-chain reports put the value at roughly $292 million to $294 million.

The exploit centred on Kelp DAO’s LayerZero-powered bridge for rsETH, a token used across multiple chains and DeFi applications. Coindesk reported that about 116,500 rsETH, equal to roughly 18% of circulating supply, was drained from the bridge. Other industry reports said Kelp DAO acknowledged unusual cross-chain activity and paused affected rsETH contracts on mainnet and layer-2 networks while it worked with security specialists.

What elevated the incident from a large theft to a broader DeFi shock was the way the stolen or unbacked assets were allegedly used across interconnected protocols. Several reports said the attacker moved rapidly to deploy the compromised rsETH as collateral and extract hard assets such as wrapped ether from lending venues including Aave, with spillover also discussed around Compound and Euler. Forbes reported that the fallout left Aave’s wETH pool facing roughly $177 million to $200 million in bad debt, turning a bridge exploit into a system-wide stress event.

That chain reaction has revived a long-running concern in crypto markets: composability can magnify losses just as efficiently as it amplifies growth. Academic work on bridge design has warned that cross-chain systems often carry weaker security guarantees than the base blockchains they connect. A 2024 study of bridge exploits found that bridging architectures contain multiple recurring design flaws and vulnerability types, while later survey work in 2026 again pointed to bridges among the largest historical sources of DeFi losses.

The early technical explanation emerging from security researchers suggests the breach may not have stemmed from a failure of Kelp DAO’s core restaking contracts, but from the bridge configuration that governed cross-chain message validation. One detailed analysis said a forged cross-chain message was accepted because the bridge relied on a one-of-one validator or verifier setup, allowing the attacker to induce the escrow contract to release tokens that should not have moved. That distinction matters for markets because it means the weakness may have sat in the interoperability layer rather than in the underlying asset pool itself, though users and lenders still bore the market impact.

The event also underscores how quickly risk migrates once a token is widely used as collateral. When a bridged asset loses credibility or backing, lending markets that still price it optimistically can become transmission channels for losses. Similar contagion dynamics were seen in other DeFi incidents this year, where a hacked or depegged asset retained collateral value long enough for attackers to borrow against it, leaving protocols and depositors to absorb the damage.

For the broader digital-asset industry, the timing is awkward. Chainalysis said stolen funds remained a major threat to the ecosystem in 2025, with North Korea-linked hackers alone stealing $2 billion, while Elliptic said more than $21.8 billion in illicit and high-risk crypto had been laundered using cross-chain methods. Those figures do not describe this case directly, but they show how bridges and multichain routes have become central both to theft and to the movement of stolen funds after an exploit.

Saturday’s breach appears set to rank among the biggest crypto hacks of 2026. Before this, major incidents this year had included the attack on Drift Protocol and earlier losses at Step Finance, but the Kelp DAO exploit has overtaken most of them in scale and in the breadth of knock-on effects. That has sharpened scrutiny of bridge operators, auditors and protocols that accept bridged assets as collateral without stronger circuit breakers, oracle controls or emergency pricing mechanisms.