🚨LATEST: @KelpDAO has been exploited for $292 million after an attacker drained 116,500 rsETH, roughly 18% of total supply, marking the largest crypto exploit of 2026 so far. The attack targeted its LayerZero powered bridge, where a single verifier weakness was exploited to mint unbacked rsETH. The attacker used the fake rsETH as collateral across Aave, Compound, and Euler, borrowed real ETH, then swapped and moved funds across 20+ chains. Emergency freezes were triggered across multiple platforms as assets became stranded. While Aave’s core contracts were not exploited, it now holds an estimated $177 million to $200 million in bad debt after accepting rsETH as collateral. Two additional exploit attempts of around $100 million each were blocked following intervention. The incident has pressured @aave due to potential Safety Module risk, where staked tokens could absorb losses if recovery falls short. It also reinforces a recurring pattern in DeFi, where bridge vulnerabilities and single points of failure can lead to large scale losses across the ecosystem.
Share
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.