(Bloomberg) — Hackers exploited a cross-chain bridge on Saturday, draining nearly $300 million from a key piece of decentralized finance infrastructure and setting off a ripple effect across multiple crypto platforms.
The attacker siphoned about 116,500 rsETH — a token issued by Kelp DAO that represents “restaked” Ether — by targeting a bridge built using LayerZero, a system that allows different blockchains to communicate. The total losses are estimated at roughly $293 million, making it the largest DeFi exploit of 2026.
“We identified suspicious cross-chain activity involving rsETH,” Kelp DAO said in a post on X. “We have paused rsETH contracts across mainnet and several L2s while we investigate.”
Kelp DAO is a restaking protocol that lets users deposit popular staking tokens like stETH or cbETH and receive rsETH in return, which can then be used across other crypto applications while still earning rewards. This flexibility has helped rsETH spread widely across decentralized lending, trading and liquidity platforms.
That same interconnectedness quickly turned the breach into a broader market issue.
“This was not just a protocol exploit, it immediately became a cross-protocol contagion event,” security firm Cyvers said, estimating that at least nine other platforms were affected.
In simple terms, DeFi protocols are often stacked on top of each other. Assets like rsETH are reused across multiple services, for example, as collateral for loans or as liquidity in trading pools. When one piece fails, it can undermine all the places where that asset is used.
“This is exactly the kind of incident that highlights the risks” of interconnected systems in DeFi, said Cyvers Chief Executive Deddy Lavid. “The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols.”
Aave, the largest DeFi lending protocol with more than $20 billion in locked assets, froze markets related to rsETH to contain the damage.
“Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed,” the platform said. Its token was down 20% during Asian trading hours on Sunday, according to Coingecko.
Cyvers Chief Technology Officer Meir Dolev said the situation could have been worse. The protocol was “just three minutes away from losing an additional $100 million,” he said, with a rapid blacklist blocking a second attempt by the attacker.
The hack surpasses an earlier breach of Solana-based project Drift as the biggest DeFi exploit this year, and comes at a sensitive moment for the sector.
More stories like this are available on bloomberg.com
