Kelp DAO's rsETH bridge drained for apparent $292M in LayerZero exploit

Key Point

Kelp DAO's rsETH bridge was apparently exploited for about $292 million after an attacker drained 116,500 rsETH on Saturday. Onchain data shows the successful drain happened at 17:35 UTC after an attacker-controlled wallet called lzReceive on LayerZero's EndpointV2 contract. Kelp said it paused rsETH contracts across mainnet and several L2s while it investigates the suspicious cross-chain activity. Two later attack attempts reverted after the pause, and the failed packets sought another 40,000 rsETH worth about $100 million. Aave froze rsETH markets on Aave V3 and V4 and said it was reviewing post-exploit borrows for possible bad debt.

Why it matters: A bridge exploit of this size could spread stress beyond one protocol if collateral values, lending markets, or cross-chain liquidity stay impaired.

Market Sentiment

Bearish, Stress-on, Event-driven, Fear.

Reason: An apparent $292 million drain from Kelp DAO's rsETH bridge raises immediate solvency and contagion concerns for connected DeFi markets.

Similar Past Cases

In February 2022, Wormhole lost more than $321 million in a bridge exploit. Jump Crypto later replenished more than $320 million, and Wormhole's total value locked later rose more than 300% from its post-hack low (Cointelegraph). The key difference is that Wormhole had a rapid capital backstop, while Kelp has so far responded with contract pauses and linked-market freezes.

Ripple Effect

The first spillover channel is collateral quality in DeFi lending. If rsETH remains paused or trades away from its usual value, then lending venues that accepted rsETH may tighten risk settings or realize bad debt. Cross-chain users may also pull liquidity from restaking and bridge products until Kelp publishes a root-cause analysis that shows the issue was contained.

Opportunities & Risks

Opportunities: If Kelp publishes a root-cause report and restores bridge operations without further failed transfers, then that confirmation is a potential entry signal for traders watching restaking and bridge risk reset. If Aave reports limited or no bad debt, then confidence in connected DeFi collateral markets may stabilize.

Risks: If rsETH stays paused across networks or Aave confirms bad debt, then reducing exposure to directly linked restaking or lending venues can limit downside from wider de-risking. If more compromised packets or related addresses appear, then staying defensive around bridge-linked liquidity reduces spillover risk.