Kelp · · 6 min read

Does DeFi have a security problem? The Kelp Exploit

Does DeFi have a security problem? The Kelp Exploit
Photo by sebastiaan stam / Unsplash

by John Gray

 One of the biggest heists in DeFi history took place earlier this year. The story received little mainstream attention, despite the haul's total value being nearly $300m (for context, that’s three times the value of the jewels stolen from the Louvre in 2025). Part of the reason for this lack of coverage was that the exploit involved some fiendishly complex technical processes. Even to explain the basics of what happened requires an in-depth understanding of how blockchains work.  

In this sense, the Kelp DAO exploit of April 2026 goes right to the heart of how DeFi works, and tells us a great deal about the challenges it currently faces. Let’s start by unpacking what happened in non-technical terms, then move on to what the exploit reveals about broader cybersecurity risks in DeFi.

What is Kelp DAO?

Kelp DAO is a liquid restaking protocol built on top of the Ethereum ecosystem. Restaking is one way investors can seek to earn returns in DeFi, as The Intersection recently outlined. Users deposit assets such as ETH or liquid staking tokens with Kelp, which then restakes them via the EigenLayer protocol. In return, users receive rsETH, a tradable token that represents their claim on those assets. They can then deploy rsETH elsewhere in DeFi for further yield.

 In its own words, the protocol offers “steady, on-chain rewards through curated DeFi strategies, built for ETH holders who want reliable yield without active management.” The key idea is that, instead of sitting on your ETH as you might do with bitcoin, you can make it “work harder”. In a sense, Kelp is trying to do for crypto what a money market fund or structured income product does in TradFi: take a relatively simple asset and layer additional income-generating activities on top of it.

 The risks of restaking: a checklist

 The catch is that this extra yield doesn’t come for free. It involves assuming additional risks, on top of the market risk of holding the cryptocurrency in the first place. One is smart-contract risk, or the possibility that a flaw in the underlying code could allow funds to be stolen, frozen or otherwise mishandled. Another is bridge risk, which arises whenever assets move between different blockchains. These bridges are among the most complex components of the DeFi ecosystem and have been frequent targets for attackers.

 Bridge risk is really a category of infrastructure risk. Even if the blockchain itself remains secure, DeFi protocols often depend on external information sources and server networks to function properly.

 Then there’s governance risk, which reflects the fact that many protocols are controlled by token holders or small groups of developers, whose decisions can alter the system's rules. Finally, there is liquidity risk: in periods of market stress, it may become difficult to sell or redeem assets at their expected value, leaving investors unable to exit positions without taking a hit. In the case of Kelp DAO, the risk that ultimately manifested was in the bridge infrastructure used to verify and relay information between different blockchains.

 The Kelp caper

 On 18 April 2026, attackers reportedly linked to North Korea’s Lazarus Group drained about 116,500 rsETH (worth roughly $292m) from Kelp DAO. At the time, that represented around 18% of the token’s circulating supply. Crucially, the exploit targeted neither the protocol’s smart contracts nor the blockchain itself, but Kelp’s bridge infrastructure, which relied on the cross-chain messaging protocol LayerZero. The bridge was supposed to release rsETH on one chain only after verifying that an equivalent amount had been burned on another chain. The attackers convinced the bridge’s verification system that such a burn had occurred, when, in fact, it had not.

 As Chainalysis framed it in a highly technical dissection of the exploit, “the rsETH released on Ethereum had no matching burn anywhere upstream. The result was unbacked supply entering circulation.” In other words, the system was tricked into creating rsETH out of thin air, effectively leaving millions of dollars’ worth of phantom collateral in circulation.

Three-step recovery

Kelp and its partners moved quickly to limit the damage. The first priority was containment. Kelp paused its contracts within about 46 minutes of the initial drain, reportedly preventing at least two further attempts that could have stolen another $100m. Lending protocols such as Aave froze rsETH markets to stop the contagion spreading.

 Then, because much of the stolen rsETH had been deposited into lending markets as collateral, Kelp, Aave and other ecosystem participants formed a coalition – known as DeFi United, as detailed below – to neutralise the unbacked tokens, absorb bad debt, and gradually restore the missing backing. Kelp pledged to replenish the entire stolen amount, around 117,000 rsETH, before reopening withdrawals and resuming normal operations. On 25 May, it announced that the final tranche of 20,373.72 rsETH had been transferred to its LayerZero smart contract, and declared the operational phase of the recovery complete.

The final stage was remediation. Kelp hardened its bridge infrastructure and moved away from the single-verifier configuration identified as the exploit’s critical point of failure.

 Collateral damage

 The Kelp DAO exploit sent shockwaves through the DeFi lending market, exposing the sector’s deep interconnections. After using much of the stolen rsETH as collateral on Aave, the attacker left the platform with around $190m in bad debt, triggering a wave of withdrawals. The crisis helped drive Aave’s total value locked (TVL) from $26.4bn to below $14bn, costing it its position as DeFi’s largest protocol. Thus, although Aave itself was not hacked, it became one of the principal casualties of the exploit because it had accepted rsETH as collateral, as it outlined in its post mortem.

 The protocol eventually restored normal operations and recovered much of the damage, but the episode served as a reminder that, in DeFi, a vulnerability in one protocol can rapidly spread through many others. The systemic risk lies not only in the security of individual protocols, but in the connections between them.

 DeFi united

One interesting outcome of the Kelp exploit was the emergence of DeFi United, the industry-wide coalition spearheaded by Aave to coordinate the recovery of rsETH. Faced with the prospect of losses cascading through multiple protocols, participants worked together to restore the token’s backing and stabilise affected markets. As The Defiant noted at the time, “the worst-case scenario for DeFi seemed to be in motion. Then something unprecedented happened: the community plugged the hole itself.”

The episode raises a larger question about the future of DeFi. On one hand, DeFi United demonstrated that the ecosystem can respond collectively to a major crisis, limiting the damage from an attack that might otherwise have spread much further. On the other, critics argue that such interventions risk introducing a form of moral hazard, insulating protocols from the consequences of poor security practices and creating a crypto equivalent of the traditional financial system's “too big to fail” institutions. But let’s leave the niceties of this vastly important argument to a future article, and return to our initial question.

 Does DeFi have a cybersecurity problem?

 As it happens, the Kelp exploit came on the heels of another DeFi exploit.

 On 1 April 2026, attackers stole $285m from Solana’s Drift Protocol — more than half of the platform’s TVL — in an operation that was similarly linked to North Korean actors. According to Drift’s account, the attackers spent months cultivating trust before tricking Security Council members into signing transactions that ultimately handed over administrative control of the protocol. They then approved a worthless token as collateral and used it to withdraw hundreds of millions of dollars in genuine assets.

 The key point here is that the Solana exploit was not really a hack in the traditional sense. Indeed, it was closer to an old-school con job, in which the human element was definitive.  Taken together, the Kelp and Drift exploits tell us a lot about DeFi's current security landscape. Early critiques of DeFi focused on buggy smart contracts: poorly written code that could be exploited to drain funds. Those vulnerabilities certainly still exist. But many of the most consequential attacks now target the people, governance systems, and infrastructure surrounding the blockchain, rather than the blockchain itself.

 The Kelp and Drift incidents illustrate this shift. In one case, attackers allegedly compromised the infrastructure used to verify information between blockchains. In the other, they spent months cultivating trust before obtaining valid administrative signatures. Neither attack depended primarily on discovering a flaw in a smart contract. Instead, they exploited familiar cybersecurity weaknesses: infrastructure compromise, social engineering, credential abuse and excessive trust in critical systems.

 In that sense, DeFi's cybersecurity problem increasingly resembles that faced by every other digital industry. The sector has built extraordinarily sophisticated cryptographic systems, but those systems remain embedded within organisations, technical infrastructure and human networks that are often much easier to attack. There may be a parallel here with the growing number of crypto ‘wrench attacks’: physical robberies where criminals force victims to surrender their cryptocurrency private keys, seed phrases or digital wallet passwords. No matter how robust your encryption is, there will always be a degree of meatspace vulnerability.

 In the case of DeFi, the deeper challenge is that its defining strength — its composability — also creates systemic risk. Protocols are bound to one another through bridges, collateral arrangements, governance systems and liquidity pools. A failure in one part of the ecosystem can rapidly spread elsewhere, as Aave’s experience during the Kelp crisis demonstrated. Security is therefore no longer simply a question of whether a protocol’s code is sound, but whether the entire web of dependencies around it can be trusted.

 The irony is that blockchains themselves may be among the most secure components of the system. More and more, the vulnerabilities lurk at the edges: where chains communicate with one another, where data enters the system, and where human beings are required to make decisions. These are harder problems to solve than a bug in a smart contract because they ultimately involve trust.

Read next