In a significant breach, Kelp DAO, a liquid restaking protocol, was exploited for $292 million on Saturday, with an attacker draining 116,500 rsETH (restaked ether) from its LayerZero-powered bridge. This amount represents approximately 18% of the total circulating supply of rsETH, which is tracked at 630,000 tokens. The attack has prompted emergency freezes across several decentralized finance (DeFi) platforms, including Aave and SparkLend, as concerns mount regarding the backing of rsETH across over 20 blockchains. The attacker manipulated LayerZero's cross-chain messaging to authorize the transfer of funds to an address they controlled, leading to a rapid response from Kelp DAO, which paused its core contracts just 46 minutes after the exploit. The fallout from this incident has put intense pressure on the stability of rsETH's peg and Kelp's ability to meet redemptions, as panic among token holders could lead to further instability. This breach marks the largest DeFi exploit of 2026, surpassing a previous attack on the Drift protocol. Kelp DAO is currently working with security specialists to investigate the exploit and determine how its validation logic was bypassed.