- The Kelp liquid restaking protocol was exploited on Saturday, draining $293 million and triggering widespread contagion across the DeFi ecosystem.
- Industry experts warn that non-isolated lending models and cross-chain bridging infrastructure create significant systemic risks that can cascade between integrated protocols.
- At least nine other major DeFi platforms, including Aave and Compound Finance, were forced to take action to mitigate fallout from the exploit.
- The incident underscores the urgent need for stricter vetting of collateral tokens and enhanced security as crypto hack losses hit $482 million in Q1 2026.
A major cyber attack on the Kelp DAO liquid restaking protocol this weekend led to a catastrophic loss of $293 million and immediately spread contagion throughout the decentralized finance landscape. The platform was compelled to pause all smart contracts for its restaking token (rsETH) as security analysts began tracking the fund transfers.
According to Michael Egorov, founder of Curve Finance, the exploit highlights the inherent dangers of non-isolated lending. Consequently, this model exposes users to risks from all tokens used as collateral on a platform, similar to earlier versions of the Aave protocol. He emphasized in an email that DeFi teams must thoroughly vet prospective digital assets to prevent single points of failure before approving them as collateral.
The attack’s root cause was the use of cross-chain bridging architecture to transfer assets between blockchains. “Cross-chain is hard and potentially risky. Only use cross-chain infrastructure when absolutely necessary, and do it really carefully,” Egorov warned. However, the damage was already widespread, with blockchain security firm Cyvers confirming the incident was a cross-protocol contagion event.
At least nine other protocols, including Fluid, SparkLend, and Euler, were affected and took defensive action. Cyvers CEO Deddy Lavid stated, “The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols.” Meanwhile, this exploit follows the $280 million Drift Protocol hack from last week and over a dozen other platform breaches this month.
Egorov framed the incident as a critical learning experience for the DeFi sector to implement stronger protections. The need for growth is urgent, as losses from crypto hacks, exploits, and scams reached $482 million in the first quarter of 2026.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
