A significant $292 million exploit over the weekend has shaken the cryptocurrency industry, exposing vulnerabilities in decentralized finance (DeFi) infrastructure. The attack, centered on Kelp’s rsETH token, a yield-bearing version of ETH, demonstrates how a single point of failure can cascade across interconnected systems.
Investigators suggest the attacker manipulated a mechanism for moving assets between blockchains, likely a LayerZero bridge component. By exploiting a single-signer setup used by Kelp for verification, the attacker was able to mint large amounts of unbacked rsETH tokens. These were then deposited as collateral in lending markets, primarily Aave, to borrow and drain actual assets. This maneuver left lending protocols holding devalued collateral and facing significant bad debt.
Charles Guillemet, CTO of Ledger, noted that the exploit is a stark reminder of the risks in DeFi, warning that 2026 is shaping up to be a severe year for hacks. The incident follows a $285 million exploit of the Solana-based protocol Drift just weeks prior, further eroding trust in the roughly $90 billion crypto sector. Questions persist about how the validator was compromised and the identity of the sophisticated actor behind the attack.