2026's biggest crypto exploit: Kelp DAO hit for $292 million with wrapped ether stranded across 20 chains

Kelp DAO suffered a $292 million exploit on its LayerZero bridge, with attackers draining 116,500 rsETH (18% of circulating supply) and stranding wrapped ether across 20 blockchain networks. The incident triggered emergency freezes on major lending protocols including Aave, SparkLend, Fluid, and Upshift.

The Kelp DAO exploit represents a critical failure in cross-chain bridge security, one of DeFi's most persistent vulnerability vectors. An attacker successfully drained a substantial portion of rsETH liquidity from Kelp's LayerZero-powered bridge, exposing fundamental weaknesses in how wrapped assets are managed across multiple chains. The scale of the theft—$292 million—demonstrates that even established protocols remain susceptible to sophisticated attacks targeting bridge architecture.

This incident continues a troubling pattern in DeFi's infrastructure layer. Bridges have consistently proven to be high-value targets because they control large pools of assets in transit between ecosystems. Kelp DAO's reliance on LayerZero, despite the protocol's recent upgrades and audits, illustrates that formal verification and security reviews may fail to catch complex attack vectors. The attacker's ability to strand wrapped ether across 20 different chains compounds the damage, fragmenting liquidity and making recovery efforts more complex.

The cascading freezes across Aave, SparkLend, Fluid, and Upshift reveal how interconnected DeFi has become. A single bridge failure can trigger defensive measures across the ecosystem, as protocols protect their users from exposure to potentially worthless collateral. This defensive posture, while prudent, also reduces capital efficiency and highlights counterparty risk concentration in popular lending platforms.

Looking forward, this exploit will likely accelerate discussions around bridge standardization, multi-signature security requirements, and stricter governance controls for cross-chain protocols. Developers will face increased pressure to implement circuit breakers and automated pause mechanisms. Institutional participants may demand higher insurance provisions for bridge-related exposures, potentially making cross-chain DeFi more expensive and less accessible.

• →Kelp DAO lost $292 million in rsETH through a LayerZero bridge exploit affecting 18% of circulating supply
• →Wrapped ether assets were stranded across 20 blockchain networks, complicating recovery and creating fragmented liquidity
• →Major lending protocols including Aave and SparkLend implemented emergency freezes to prevent contagion
• →The exploit demonstrates persistent vulnerabilities in cross-chain bridge architecture despite audits and security upgrades
• →Interconnected DeFi infrastructure means a single bridge failure can trigger defensive actions across multiple protocols