Well, well, well… looks like someone just pulled off the heist of the century in the wacky world of DeFi! Kelp DAO, the big fish in the EigenLayer pond, just got taken for a swim-to the tune of $292 million! That’s right, folks, 116,500 rsETH vanished faster than a Mel Brooks punchline. And you thought Blazing Saddles was wild!
So, here’s the scoop: Some clever attacker exploited Kelp’s LayerZero bridge, which is basically the DeFi equivalent of leaving your front door unlocked with a sign that says, “Free Money Inside!” The funds? Redeployed as collateral on Aave, Compound, and Euler. Because why stop at one heist when you can hit three? The attacker borrowed 74,000 ETH, leaving behind a trail of bad debt that makes the Great Depression look like a garage sale.
Kelp’s emergency multisig finally hit the pause button 46 minutes later-just in time to stop another $200 million from disappearing. Talk about cutting it close! But hey, at least they tried, right? It’s like trying to stop a runaway train with a wet noodle. Spoiler alert: it doesn’t work.
Blockchain sleuth ZachXBT was the first to sound the alarm, because of course he was. The guy’s like the Sherlock Holmes of crypto, minus the deerstalker hat. Within minutes, every DeFi security account on X was piling on, confirming the worst. Cyvers even revealed the attacker was pre-funded via Tornado Cash-because nothing says “I’m a criminal mastermind” like using a mixer to launder your prep money.
Kelp DAO’s response? A tweet that basically said, “Oops, we’re looking into it.” Meanwhile, the attacker was already on to phase two of the heist, borrowing ETH like it was going out of style. Solidity auditor 0xQuit summed it up perfectly: “If you have WETH on Aave V3 Core, withdraw now.” Thanks, Captain Obvious!
Here’s the kicker: the attacker didn’t just steal the rsETH-they used it as collateral to borrow more ETH. It’s like stealing a car, then using it as collateral to buy a yacht. Genius? Yes. Ethical? Not so much. But hey, in DeFi, the only rule is “don’t get caught.”
The contagion spread faster than a rumor in a small town. Aave, SparkLend, Lido Finance-everyone hit the panic button. AAVE token dropped 10-13%, ETH dipped 3%, and stETH took a sympathy hit. It’s like the whole DeFi ecosystem just got a collective heart attack.
So, where’s the money now? Sitting in six wallets across Ethereum and Arbitrum, untouched. No mixers, no CEX deposits, no OFAC labels. It’s like the attacker is playing the long game, or maybe they’re just waiting for the heat to die down. Either way, Kelp DAO is left picking up the pieces-again.
This isn’t their first rodeo, folks. In 2024, a GoDaddy attack drained user wallets. In 2025, a fee-contract bug caused an Aave freeze. And now this. Kelp’s track record is starting to look like a bad sitcom. Audits? Check. Bug bounties? Check. Still got hacked? Double check.
As of now, Kelp’s contracts are paused, no RCA is out, and the attacker’s still sitting pretty with 74,000 ETH. The next 72 hours will tell us if rsETH’s peg holds, if the lending markets can handle the bad debt, and if Kelp can figure out what went wrong. Spoiler alert: it’s probably something stupid.
Stay tuned, folks. This story’s got more twists than a bowl of spaghetti. And remember, in DeFi, the only thing guaranteed is uncertainty. Or, as I always say, “It’s good to be the hacker!”
Read More
- Trails in the Sky 2nd Chapter launches September 17
- Paradox codes (April 2026): Full list of codes and how to redeem them
- HBO Max Just Added the Final Episodes of a Modern Adult Swim Classic
- Pragmata Shows Off Even More Gorgeous RTX Path Tracing Ahead of Launch
- Crimson Desert’s Momentum Continues With 10 Incredible New Changes
- PRAGMATA ‘Eight’ trailer
- How Could We Forget About SOL Shogunate, the PS5 Action RPG About Samurai on the Moon?
- Hulu Just Added One of the Most Quotable Movies Ever Made (But It’s Sequel Is Impossible To Stream)
- Solo Leveling’s New Character Gets a New Story Amid Season 3 Delay
- Dragon Quest Smash/Grow launches April 21
2026-04-19 08:36