KelpDAO Suffers $292M Exploit, Triggering $13B DeFi Meltdown

A $292 million exploit just hit KelpDAO’s LayerZero bridge. It’s triggered a liquidity crisis across DeFi. The sector’s total value locked dropped $13 billion. Cross-chain security is now under intense scrutiny.

An attacker minted 116,500 unbacked rsETH tokens. That’s roughly 18% of the token’s total supply. They used those tokens to drain real assets from major lending protocols. Aave got hit hardest. It’s now sitting on approximately $196 million in bad debt.

The exploit fooled KelpDAO’s cross-chain bridge with a single malicious message. Blockchain data confirms it. The attacker deposited the fraudulent rsETH into Aave V3 and V4. They borrowed real WETH against that collateral. Then they disappeared with the funds.

rsETH had been widely accepted as “near-ETH” collateral across DeFi lending markets. The synthetic token collapsed. Cascading losses hit the entire ecosystem.

Aave’s total value locked plummeted from $26.4 billion to around $20 billion. One day. Panic spread fast. The protocol froze rsETH markets quickly. Too late. The damage had materialized.

ETH depositors suddenly couldn’t withdraw their funds. They started borrowing stablecoins against their positions to exit. Classic bank run dynamics.

The contagion spread rapidly. SparkLend froze rsETH exposure. So did Fluid. Upshift. Lido. All of them locked it down.

Holders of rsETH across more than 20 blockchain networks faced immediate uncertainty. Did their tokens maintain any backing at all? Nobody knew. The broader DeFi sector saw $13 billion evaporate from its total value locked.

“This exploit underscores deep structural risk in using liquid restaking tokens like rsETH as ‘near-ETH’ collateral across lending protocols,” an unnamed industry analyst said.

Here’s the thing: Aave’s smart contracts weren’t compromised. The protocol functioned exactly as designed. The vulnerability lay in treating derivative tokens as equivalent to their underlying assets. The derivative lost its peg catastrophically. Protocols that had integrated it as trusted collateral absorbed massive losses.

This is the latest in a troubling pattern. DeFi exploits have drained approximately $600 million from the sector over the past three weeks alone. Scrutiny on cross-chain bridge security is intensifying. Collateral practices too. The KelpDAO breach specifically highlights risks in liquid restaking ecosystems. Layered derivatives create complex webs of interdependence.

Protocols are reassessing their collateral frameworks now. Risk parameters are getting rewritten. The exploit may force a fundamental reckoning. Do DeFi yields justify the smart contract and bridge risks inherent in today’s cross-chain infrastructure?

Users and developers are questioning the sustainability of treating derivative tokens as equivalent to base assets. That practice enabled DeFi’s rapid growth. It’s proven catastrophically fragile under attack.


Posted

in

by

Tags: