- Security experts have flagged an apparent nearly $300 million exploit of Kelp DAO.
- The $293.7 million in rsETH was drained from the protocol.
- The DeFi community is still reeling from other recent exploits.
Another day, another DeFi hack.
That’s what appears to be the case after blockchain security experts on Saturday flagged nearly $300 million leaving Ethereum-based Kelp DAO.
First alerted by blockchain sleuth ZachXBT via his Telegram channel, a total of $293.7 million was drained from the protocol’s rsETH adapter — a tool allowing users to deposit liquid staking tokens and get rsETH in return.
Kelp DAO wrote on X that it had “identified suspicious cross-chain activity involving rsETH” and that it had paused rsETH contracts while it investigated the situation with security experts.
The world’s biggest DeFi project, Aave, also posted on X that it had frozen rsETH markets on its peer-to-peer lending protocols Aave v3 and Aave v4.
“Aave’s contracts have not been exploited and this is an exploit related to rsETH,” the project’s official account wrote.
Security firm Cyvers confirmed the hack to DL News, and said the funds had been swapped back to Ethereum and Arbitrum. It added that the attacker received funding from coin-mixer Tornado Cash’s to pay gas fees.
Kelp DAO did not immediately respond to questions from DL News.
What happened
Kelp DAO is a liquid restaking protocol built on Ethereum. Suspicious money movements from its rsETH adaptor were flagged at around 2.50pm in New York.
Users receive Kelp DAO’s rsETH token when they deposit other liquid staking tokens, such as stETH or cbETH, into the adaptor.
They can then use rsETH across other DeFi protocols, like Aave, while continuing to earn staking rewards.
Stani Kulechov, Aave’s founder & CEO, wrote on X that “the asset does not have any borrowing power” and that Aave v3 and v4 have no exposure to rsETH. He reassured users that the freeze was to help Kelp DAO investigate.
The price of Aave’s native AAVE token was down 10% over the past 24 hours, according to CoinGecko. Other major DeFi tokens like stETH and wstETH also dropped by nearly 4%.
DeFi community reeling
Saturday’s attack comes as hackers seemingly step up their attacks on DeFi protocols.
Cybercriminals hit Solana-based Drift Protocol on April 1, making away with $295 million. Before that, decentralised exchange and automated market maker Balancer was hacked in November for $128 million.
In a smaller crime this week, criminals targeted popular bridge Hyperbridge, exploiting the protocol to mint $1.2 billion in counterfeit crypto. But they only managed to get away with $237,000 due to liquidity issues.
This is a breaking news story and will be updated.
Mathew Di Salvo is a news correspondent with DL News. Got a tip? Email at mdisalvo@dlnews.com.
