KelpDAO reported a loss of $293 million after a restaking protocol exploit that occurred over the past weekend. The attacker exploited a vulnerability in the rsETH bridge and withdrew nearly $300 million, converting part of the funds to ETH.

Incident details

The breach targeted the protocol’s restaking mechanism, exploiting a weakness in the bridge that connects staked derivatives. The attacker executed withdrawals that drained protocol liquidity and transferred assets on-chain to external addresses.

Immediate response

Following the exploit, Aave and several other protocols halted operations involving the affected token to limit contagion risks. KelpDAO teams initiated emergency infrastructure checks and began coordinating incident response measures.

Current status and actions

On-chain monitoring and forensic analysis are reported to be ongoing as teams trace funds and assess the full impact. Exchanges and counterparties typically review suspicious transfers, and affected projects usually share indicators of compromise for community awareness.

Context

Restaking protocols and cross-chain bridges remain frequent targets due to composability and complex trust assumptions. This incident underscores persistent risks in multi-protocol integrations and the need for continuous security reviews.