Kelp DAO has become the victim of 2026’s largest cryptocurrency exploit, with attackers draining approximately $292 million worth of wrapped ether from the decentralized finance protocol. The hack has sent shockwaves through the DeFi ecosystem.

The attacker managed to drain 116,500 rsETH tokens, representing roughly 18% of the circulating supply, from Kelp’s LayerZero-powered bridge. The exploit triggered emergency freezes across multiple lending protocols including Aave, SparkLend, Fluid, and Upshift.

According to blockchain security analysts, the wrapped ether remains stranded across 20 different chains, complicating recovery efforts. The Kelp DAO team has launched an investigation and is working with security firms to trace the stolen funds.

This incident highlights ongoing security vulnerabilities in cross-chain bridge protocols, which have become frequent targets for sophisticated attackers. Industry experts are calling for enhanced security standards and more rigorous auditing procedures.

The exploit has also impacted broader crypto markets, with Bitcoin falling back to $76,000 amid increased risk aversion. Investors are urged to exercise caution when using DeFi protocols and to thoroughly research security measures before depositing funds.