Post
--Bearish
Yesterday, Kelp's rsETH was hacked, and $293 million evaporated in an instant, with 116,500 pieces accounting for 18% of the circulating supply. All 20 chains were affected, marking the largest DeFi security incident of 2026 to date, and ETH also dropped by 3.2%
The core attack path was extremely simple. The hacker exploited a vulnerability in Kelp's implementation of the LayerZero cross-chain bridge, forged messages, and directly minted/extracted rsETH on the target chain, then swiftly transferred and cashed out across 20 chains.
Chain reaction: rsETH was used as collateral by at least 9 protocols including Aave, SparkLend, Fluid, and Upshift. When it collapsed, all liquidity dried up, and various protocols urgently froze to protect themselves, a typical DeFi Lego collapse effect.
This incident exposed several pain points:
- The stronger the DeFi composability, the greater the systemic risk. A single bug can drag down innocent users across the entire ecosystem.
- The security assumptions of LayerZero are being re-examined by the market, and ZRO has surged in popularity today.
- The hope for rsETH holders to recover is bleak, and the scale of $293 million is likely to overwhelm the protocol's reserves.
This wave is not just a single protocol being hacked, but it dealt a heavy blow to the narrative of re-staking LRT for ETH. User confidence has been directly undermined, and subsequent TVL is expected to see a major retreat. Quickly check your rsETH positions and the positions collateralized with rsETH on platforms like Aave/SparkLend.
No matter how innovative DeFi is, security must come first.
The core attack path was extremely simple. The hacker exploited a vulnerability in Kelp's implementation of the LayerZero cross-chain bridge, forged messages, and directly minted/extracted rsETH on the target chain, then swiftly transferred and cashed out across 20 chains.
Chain reaction: rsETH was used as collateral by at least 9 protocols including Aave, SparkLend, Fluid, and Upshift. When it collapsed, all liquidity dried up, and various protocols urgently froze to protect themselves, a typical DeFi Lego collapse effect.
This incident exposed several pain points:
- The stronger the DeFi composability, the greater the systemic risk. A single bug can drag down innocent users across the entire ecosystem.
- The security assumptions of LayerZero are being re-examined by the market, and ZRO has surged in popularity today.
- The hope for rsETH holders to recover is bleak, and the scale of $293 million is likely to overwhelm the protocol's reserves.
This wave is not just a single protocol being hacked, but it dealt a heavy blow to the narrative of re-staking LRT for ETH. User confidence has been directly undermined, and subsequent TVL is expected to see a major retreat. Quickly check your rsETH positions and the positions collateralized with rsETH on platforms like Aave/SparkLend.
No matter how innovative DeFi is, security must come first.
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.