Hackers exploited a cross-chain bridge used by Kelp DAO and built using LayerZero on Saturday, draining 116,500 rsETH or about $292 million in the largest DeFi hack of 2026 to date.

LayerZero is a system that enables messaging and data transfer between blockchain networks. Attackers drained 116,500 rsETH, which is a token issued by liquid restaking protocol Kelp DAO representing “restaked” Ether.

Kelp DAO allows users to deposit popular staking tokens like stETH or cbETH in exchange for rsETH.

The hacked system held the reserve of rsETH that backs versions of the token used across more than 20 blockchains, including Base, Arbitrum, Linea, Blast, Mantle and Scroll, according to Coindesk.

“We identified suspicious cross-chain activity involving rsETH,” Kelp DAO said in a post on X. “We have paused rsETH contracts across mainnet and several L2s while we investigate.”

Hackers sent a fake cross-network message that appeared to be a valid instruction, triggering the system to transfer 116,500 rsETH to the attacker’s address.

Kelp froze its system roughly 46 minutes after the drain. The attacker tried to steal another $100 million two more times, but those attempts failed.

With a large portion of the reserve drained, token holders on other networks are worried it may no longer be fully backed, which could lead to panic withdrawals and strain the system.

The largest DeFi lending protocol Aave froze its rsETH markets to contain the damage, although its founder Stani Kulechov assured that the exploit was external and Aave's contracts were not compromised.

“Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed,” the platform said, according to Bloomberg.

Aave’s token plummeted 20% during Asian trading hours on Sunday, according to Coingecko.

The hack exceeds losses of the Solana-based decentralized finance protocol Drift, when hackers drained more than $280 million.

---

Unlock more exclusive Cybernews content on YouTube.