Stay connected with BizTech Community—follow us on Instagram and Facebook for the latest news and reviews delivered straight to you.
There has been a huge structural breakdown in the decentralised finance (DeFi) ecosystem. Kelp DAO, a well-known liquid restaking system, has been hacked in what is now the biggest cryptocurrency exploit of 2026. The attack has caused losses of about $292 million and sent shockwaves through the interconnected web of DeFi. It has also caused emergency market freezes and wiped out billions in total value locked (TVL) across major lending platforms.
Cybersecurity specialists are already blaming state-sponsored hackers from North Korea for the complex intrusion that happened on Sunday, April 19, 2026. The attackers were able to go beyond the protocol’s security architecture and steal an incredible 116,500 rsETH from Kelp DAO’s cross-chain bridge.
To get a sense of how big this heist was, you need to look at how the supply works: the stolen assets make up around 18% of the total circulating supply of rsETH. The size of the theft has shown how weak cross-chain infrastructure is and how quickly contagion may spread through modern crypto marketplaces.
The Weak Point: Taking Advantage of the Cross-Chain Bridge
It is important to understand how liquid restaking and cross-chain communication work in order to completely appreciate how $292 million disappeared. Kelp DAO lets people deposit Ethereum to receive compounded staking yields. It then gives them “rsETH,” a liquid receipt token that represents those assets. Kelp DAO uses bridging infrastructure backed by LayerZero technology to let users trade and use rsETH on other blockchain networks.
Bridges have always been the weak point in the cryptocurrency market, and Sunday’s attack showed that this is still true. The hackers were able to deceive the protocol into accepting a huge, fake withdrawal request by changing the bridge’s message mechanism, according to reports after the fact.
So, 116,500 rsETH were made and sent straight to wallets that the attackers controlled.
The exploit puts the asset’s peg in an instant, life-or-death situation. Cross-chain bridges work by keeping a reserve of the underlying asset to back the tokens that are moving around on other networks. Since Kelp DAO’s bridge reserves are basically gone, people are really worried about whether the other Layer-2 networks that still have rsETH tokens are truly backed by something.
LayerZero has also made it clear that the vulnerability was caused by Kelp DAO’s specific design choices. According to reports, the protocol’s setup only used one way to verify cross-chain messages. LayerZero says that this made a clear “single point of failure,” which is a major security concern that they had already warned about.
The Domino Effect in DeFi
The most important thing about modern DeFi is how well everything works together. People often put assets on various platforms at the same time, wrap them, and use them as collateral. A $292 million hole in a major restaking mechanism like Kelp DAO does not develop in a vacuum; it spreads quickly and affects the whole system.
Within hours of the exploit, the whole ecosystem went into lockdown to stop the bad debt from spreading to other protocols. Blue-chip lending platforms including Aave, SparkLend, and Fluid started emergency governance measures to entirely freeze their rsETH markets. This stopped customers from borrowing against the compromised asset.
Stani Kulechov, the founder of Aave, promptly took to social media to calm the growing concern. He made it clear that Aave’s basic smart contracts had not been hacked. The market freeze was only a way to protect liquidity providers from the shockwave of unbacked rsETH.
At the same time, Lido Finance temporarily stopped its earnETH product, which was directly linked to the hacked token. The team told customers that its main asset, stETH, was still safe and unaffected.
Even though they moved quickly to defend themselves, the market reaction was harsh. The native AAVE coin dropped by about 10% just after that, as investors became more worried. Even worse, the fear of spreading the disease caused a huge capital flight. People raced to take out their collateral because they were scared and unsure, which caused Aave’s Total Value Locked (TVL) to drop by about $10 billion in just a few hours.
Freezes on Arbitrum and Privacy Mixers
As the DeFi ecosystem works hard to fix the harm to its finances, on-chain analysts are carefully following the stolen money’s movements. Arkham, a blockchain intelligence company, said that the attackers didn’t waste any time starting the money laundering portion of the operation.
Within days after the first attack, over 75,700 ETH, worth about $175 million, had already been sent to a maze of new wallet addresses.
The attackers are using decentralised, non-KYC (Know Your Customer) liquidity networks to hide their digital trail. A lot of the stolen money has gone through THORChain, a decentralised cross-chain trade, and Umbra, a privacy protocol that hides your address. By breaking up the money across these channels, the hackers are making it much harder for police and centralised stablecoin issuers to find and freeze the assets.
But the answer hasn’t been completely passive. The Arbitrum network took emergency centralised action, which was unusual and quite controversial. This has sparked new concerns over whether blockchain is immutable. Network administrators were able to freeze more than 30,000 ETH that were directly linked to the hackers’ addresses. This effectively trapped a large part of the stolen treasure and stopped it from being sent to privacy mixers.
A Dark Macro Setting for the Crypto Industry
The destruction of Kelp DAO is not a unique event; it is a worrying sign of how quickly cyber warfare is moving into the cryptocurrency space.
April 2026 is going to be one of the deadliest months in the history of DeFi. This attack happens just weeks after the Drift Protocol, which is built on Solana, was hacked and lost an estimated $285 million.
The fact that these huge infrastructure breaches all have the same thing in common indicates strongly to state-sponsored attackers. The heavily sanctioned North Korean state has made the DeFi ecosystem a major source of income for its cyber-syndicates, especially the Lazarus Group. Recent intelligence estimates say that these gangs were able to steal more over $2 billion from the bitcoin business in 2025 alone. When you look at the bigger picture, these state-sponsored hacking groups have caused more than $6 billion in harm since 2017.
The Kelp DAO hack is a harsh reminder that the architecture of decentralised finance is still experimental and highly targeted, even though the yields are quite appealing. As protocols add more and more complicated levels of restaking and cross-chain communication, they are unintentionally making it easier for the world’s most advanced cybercriminals to attack.
Read Also: US Bitcoin ETFs Record $471 Million Inflow, Largest Single-Day Gain Since Late February
