#KelpDAOFacesAttack
*KelpDAOFacesAttack* refers to security incidents where Kelp DAO, a liquid restaking protocol on Ethereum, was targeted. There have been two main ones:
*1. Recent rsETH minting bug — April 2026*
Kelp DAO paused operations after discovering a *crypto bug* in its fee contract
*What happened:*
- A bug caused *excess rsETH minting* — the protocol created more rsETH liquid restaking tokens than it should have
- This could disrupt rsETH’s balance and peg
- *Response*: Kelp DAO paused deposits/withdrawals to stop the issue from worsening and fix the bug
This was a protocol-level smart contract bug, not an external hack.
*2. DNS hijacking attack — July 2024*
Attackers compromised Kelp DAO’s website/domain to steal user funds
*How it worked:*
1. Attackers impersonated the Kelp team and convinced *GoDaddy customer support* to bypass 2-FA
2. They changed nameservers to route users to malicious app code that phished wallets
3. Malicious dApp showed wallet transactions trying to steal user funds
*Resolution:*
- Kelp team locked the domain within 30 min and restored access within 4 hours
- dApp was fully safe again in 5 hours
- Some users reported lost funds and Kelp provided support
*What is Kelp DAO?*
A prominent liquid restaking protocol on Ethereum. Users deposit ETH → get *rsETH* liquid restaking tokens. It integrates with EigenLayer and offers “Gain Vaults” for L2 airdrop rewards.
*Bottom line*: “KelpDAOFacesAttack” covers both a recent smart-contract minting bug and a 2024 domain hijack/phishing attack. The team paused services both times and restored functionality quickly.
