**Bridge Breach Sends Shockwaves Through DeFi

On Saturday, hackers targeted a cross-chain bridge associated with the liquid restaking protocol Kelp DAO, resulting in the theft of approximately $290 million in rsETH.** This incident has reverberated throughout the decentralized finance (DeFi) markets, raising concerns about the security of multichain infrastructure as the repercussions extended to various lending platforms. The breach specifically involved Kelp DAO’s LayerZero-powered bridge for rsETH, a token utilized across multiple chains and DeFi applications. Reports indicated that around 116,500 rsETH, representing nearly 18% of its circulating supply, was siphoned from the bridge. In response to the unusual cross-chain activity, Kelp DAO paused the affected rsETH contracts on both mainnet and layer-2 networks while collaborating with security experts to address the situation. What distinguished this incident from a mere theft was the manner in which the compromised assets were allegedly utilized across interconnected protocols. The attacker reportedly acted swiftly to deploy the stolen rsETH as collateral, extracting hard assets such as wrapped ether from lending platforms, including Aave. This led to discussions about potential spillover effects on other platforms like Compound and Euler, with estimates suggesting that Aave’s wETH pool could face between $177 million and $200 million in bad debt, transforming the bridge exploit into a systemic stress event. This chain reaction has reignited longstanding concerns within the crypto markets regarding the risks associated with composability, which can amplify losses as effectively as it can foster growth. Academic research on bridge design has highlighted that cross-chain systems often possess weaker security guarantees compared to the foundational blockchains they connect. A study conducted in 2024 identified recurring design flaws and vulnerabilities in bridging architectures, while subsequent research in 2026 reiterated that bridges have historically been significant sources of DeFi losses. Preliminary analyses from security researchers suggest that the breach may not have originated from a failure in Kelp DAO’s core restaking contracts, but rather from the bridge configuration responsible for cross-chain message validation. One analysis indicated that a forged cross-chain message was accepted due to the bridge's reliance on a single validator setup, enabling the attacker to manipulate the escrow contract into releasing tokens improperly. This distinction is crucial for market participants, as it implies that the vulnerability resided in the interoperability layer rather than in the underlying asset pool, although users and lenders still experienced the market's adverse effects. The incident also highlights the rapid migration of risk once a token is widely adopted as collateral. When a bridged asset loses its credibility or backing, lending markets that continue to price it optimistically can inadvertently become conduits for losses. Similar contagion dynamics have been observed in other DeFi incidents this year, where compromised or depegged assets retained collateral value long enough for attackers to exploit them, leaving protocols and depositors to bear the consequences. For the broader digital asset industry, the timing of this breach is particularly concerning. Chainalysis reported that stolen funds pose a significant threat to the ecosystem, with North Korea-linked hackers alone having stolen $2 billion in 2025. Additionally, Elliptic noted that over $21.8 billion in illicit and high-risk crypto had been laundered using cross-chain methods. While these figures do not directly pertain to this case, they illustrate how bridges and multichain routes have become central to both theft and the movement of stolen funds following an exploit. The breach on Saturday is poised to be one of the largest crypto hacks of 2026. Previous significant incidents this year included attacks on Drift Protocol and losses at Step Finance, but the Kelp DAO exploit has surpassed them in both scale and the extent of its ramifications. This has intensified scrutiny of bridge operators, auditors, and protocols that accept bridged assets as collateral without implementing stronger circuit breakers, oracle controls, or emergency pricing mechanisms.

---