Published Sun, Apr 19, 2026 · 05:37 PM
HACKERS exploited a cross-chain bridge on Saturday (Apr 18), draining nearly US$300 million from a key piece of decentralised finance infrastructure and setting off a ripple effect across multiple crypto platforms.
The attacker siphoned about 116,500 rsETH – a token issued by Kelp DAO that represents “restaked” Ether – by targeting a bridge built using LayerZero, a system that allows different blockchains to communicate. The total losses are estimated at roughly US$293 million, making it the largest DeFi exploit of 2026.
“We identified suspicious cross-chain activity involving rsETH,” Kelp DAO said in a post on X.
Kelp DAO is a restaking protocol that lets users deposit popular staking tokens such as stETH or cbETH and receive rsETH in return, which can then be used across other crypto applications while still earning rewards. This flexibility has helped rsETH spread widely across decentralised lending, trading and liquidity platforms.
That same interconnectedness quickly turned the breach into a broader market issue.
“This was not just a protocol exploit, it immediately became a cross-protocol contagion event,” security firm Cyvers said, estimating that at least nine other platforms were affected.
Navigate Asia in
a new global order
Get the insights delivered to your inbox.
In simple terms, DeFi protocols are often stacked on top of each other. Assets such as rsETH are reused across multiple services, for example, as collateral for loans or as liquidity in trading pools. When one piece fails, it can undermine all the places where that asset is used.
“This is exactly the kind of incident that highlights the risks” of interconnected systems in DeFi, said Cyvers chief executive Deddy Lavid. “The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols.”
Aave, the largest DeFi lending protocol with more than US$20 billion in locked assets, froze markets related to rsETH to contain the damage.
SEE ALSO
“Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed,” the platform said. Its token was down 20 per cent during Asian trading hours on Sunday, according to Coingecko.
Cyvers chief technology officer Meir Dolev said the situation could have been worse. The protocol was “just three minutes away from losing an additional US$100 million”, he said, with a rapid blacklist blocking a second attempt by the attacker.
The hack surpasses an earlier breach of Solana-based project Drift as the biggest DeFi exploit this year, and comes at a sensitive moment for the sector. BLOOMBERG
Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.
