$293 Million Drained: How the Kelp Restaking Exploit Became One of DeFi's Worst Attacks

Another day, another huge hole in DeFi's balance sheet, this time because of an attack on the Kelp restaking platform resulting in the loss of $293M through an exploit on the protocol across eight different types of accounts. Unfortunately, due to the vulnerability being active and not being able to be verified before the underlying protocols and blockchain were able to be flagged as "emergency" and locked, hackers were able to extract funds from the Kelp platform without the protocols in question being prevented from doing so.

Restaking encompasses many aspects of DeFi's most innovative yield generation strategies by allowing you to utilize your assets already staked in order to generate additional income from different sources at the same time.

Restaking represents a high risk because of the complexity of the associated systems (multiple moving parts), contract interactions and therefore more opportunities for vulnerability exploits to occur.

Combining all of these factors creates an ideal situation for hackers to exploit Kelp's vulnerabilities allowing the hackers to successfully steal user funds from their accounts.

How the Attack Unfolded

The adversary utilized a vulnerability in the management of interaction between Liquid Staking Tokens (LST) that were used for maximum capital efficiency via Restaking, as well as between the actual LST on the Ethereum blockchain and the various underlying contracts of the Liquid Staking Tokens. The hacker was able to alter the internal accounting logic that determines how much value the Liquid Staking Tokens provided to the protocol.

Exploiting the price manipulation/LST inflation model is a well-known method of attack via other DeFi protocols, and has actually been reported in several settings previously. The attacker accomplishes this by exploiting a disparity between what price a DeFi protocol determines to be the value of the LST and the price at which the LST can be traded on the open market. Subsequently, the attacker is able to extract more from the protocol than they initially deposited, thereby taking advantage of the effort that others have put into utilizing the DeFi protocol and/or bank.

In Kelp's incident, the attacker exploited the rsETH adapter bridge contract — the software code that manages Kelp's rsETH token — and drained the platform of about $293 million in funds, according to blockchain security firm Cyvers. By the time the Kelp team figured it out and started pausing the contracts, they had already withdrawn most of the $293 million that was stolen.

After extracting the funds, the attacker converted about $250 million of the stolen funds to Ether through a Tornado Cash-funded address, in a very convoluted manner to make it difficult for investigators to trace. Although investigators began following the traces of the money within hours of the theft occurring, the speed with which the attacker laundered the stolen money indicates that they were well-prepared to execute this scheme, and therefore it was not a spur-of-the-moment or impulsive action on their part.

What Restaking Risk Actually Looks Like

The rise of restaking has been among the fastest-growing areas in decentralized finance (DeFi) over the last two years. The idea gained traction with the launch of Eigenlayer's mainnet, which allowed Ethereum stakers to extend the security guarantees of their staked ETH to other protocols in exchange for additional yield. EigenLayer grew from $1.1 billion to over $18 billion in TVL throughout 2024–2025, now representing 85%+ of the overall restaking market.

For example, Kelp is a platform built on this infrastructure, giving users direct access to restaking positions and eliminating the need for them to manage that complexity.

Because of the yield potential, significant capital has flowed to this type of investment very quickly. At various times, Kelp held approximately $1.07 billion in total value locked (TVL), making it the second-largest player in the EigenLayer ecosystem.

Although there have been many improvements in blockchain technology over time, there are still challenges associated with risk management due to ongoing changes and advancements in the industry. For instance, risk is an inherent part of every blockchain project. There are several motivations for creating risks; one motivation is to build a business based on incentivizing people to use your product. There are multiple layers of complexity involved in managing risk. For each additional layer of complexity that contributes to generating yield, an additional layer of risk arises.

When dealing with a simple staking position through a validator node, there is only one failure mode: validator slashing. However, when dealing with a restaking position that is tied together by a liquid staking token and routed through an aggregate pool where the tokens can be allocated across multiple active validator services, then all of the failure modes of the individual services have interdependencies with one another because they are all subject to the same underlying risk.

Risk models are very difficult to design and implement prior to implementing strategies due to the multitude of potential failure modes within a given risk model. General auditing practices can be useful for detecting/dealing with the majority of defects that may exist in a given system or product, but auditing alone does not ensure that the underlying contractual specification is satisfied. In contrast, formal verification can provide some level of assurance that the underlying specification has been satisfied but cannot account for how a contract may behave when interacting with other contracts during different sequences of transactions.

Furthermore, the competitive nature of the Decentralized Finance (DeFi) ecosystem creates incentives for companies to provide fast solutions that enable them to gain liquidity from their competitors. Companies often choose to limit their level of due diligence needed to support the development of high-value infrastructure within their competitive environment.

The Broader Pattern Nobody Wants to Acknowledge

DeFi has now produced enough large exploits to draw real conclusions from them, and one conclusion is uncomfortable: audited code running on public blockchains with hundreds of millions of dollars locked inside it is an extraordinarily attractive target for sophisticated attackers who have both the technical capability and the financial motivation to find vulnerabilities that audit firms missed. The Kelp exploit is now the largest DeFi hack of 2026, coming amid a broader surge in DeFi attacks that have already pushed losses for the year past $450 million across roughly 45 protocols.

The transparency that makes DeFi philosophically appealing — open source code, public transactions, verifiable logic — is also what lets attackers study target protocols for as long as they need to without anyone knowing they're doing it. A traditional financial institution's internal systems are at least partially obscured. A DeFi protocol's contracts are readable by everyone, including people who want to drain them.

That isn't an argument against DeFi. It's an argument for being honest about what the risk profile of these platforms actually looks like, especially as they attract retail capital from users who don't necessarily understand that "audited" doesn't mean "safe." The contagion from the Kelp exploit triggered over $5.4 billion in ETH to exit Aave, with WETH utilization rates hitting 100% and AAVE's token price slumping as low as $92.

Kelp's users didn't sign up to lose $293 million. They signed up for yield. The distance between those two outcomes is where DeFi's hardest unsolved problems live.