A major security breach has hit Kelp DAO, where an attacker exploited a cross-chain bridge system to drain approximately $292 million worth of rsETH, making it the largest DeFi exploit recorded in 2026 so far. The incident has triggered widespread panic across decentralized finance platforms and raised serious concerns about cross-chain security infrastructure.
The exploit targeted Kelp DAO’s LayerZero-powered bridge system, which connects assets across multiple blockchains.
The attacker was able to manipulate the messaging system used by LayerZero, tricking it into approving unauthorized withdrawals. This allowed the attacker to drain over 116,000 rsETH, a token representing restaked Ethereum positions. The stolen amount represents a significant portion of the rsETH supply and was spread across multiple blockchain networks before detection.
Shortly after the incident, Kelp DAO activated emergency controls and paused its core smart contracts in an attempt to stop further damage.
The impact quickly spread across the DeFi ecosystem. Several major protocols, including lending and trading platforms, suspended rsETH-related markets to reduce exposure. Some platforms also temporarily froze deposits and withdrawals involving the asset.
Market sentiment shifted sharply as traders began pricing in potential liquidity issues, with concerns growing over whether rsETH could maintain its peg across different networks.
This exploit highlights a deeper structural issue in DeFi cross-chain complexity risk. As assets move across multiple blockchains, security becomes harder to verify across systems; one bridge vulnerability can affect multiple networks, and token backing becomes harder to trust in real time. In simple terms, the more interconnected DeFi becomes, the more damage a single exploit can cause.
This incident is not just about one protocol. It shows that cross-chain bridges are now one of the most critical and vulnerable parts of the entire DeFi ecosystem. It also reinforces a growing trend: in 2026, DeFi exploits are becoming larger, faster, and more systemic.
The Kelp DAO exploit marks a major moment for decentralized finance security in 2026. While investigations are ongoing, the event has already reshaped how protocols view cross-chain infrastructure risk.
How the ecosystem responds in the coming days will likely determine whether confidence in multichain DeFi systems strengthens or weakens
