Crypto
$290M

On Saturday, ethereum-based protocol KelpDAO, known for liquid restaking, was exploited for $290 million, the largest hack of 2026 in the decentralized finance ecosystem. 

“Preliminary indicators suggest attribution to a highly-sophisticated state actor, likely DPRK’s Lazarus Group,” LayerZero said in its statement explaining the attack. KelpDAO issues rsETH, while LayerZero provides network infrastructure that allows users to move KelpDAO’s rsETH between blockchains.

The configuration of KelpDAO’s exploited application, powered by LayerZero, relied on a single decentralized verifier network (DVN), responsible for verifying the integrity of cross-chain messages. 

The industry best practice is for protocols to use a multi-DVN setup to prevent a unilateral point of trust or failure. A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised,” LayerZero stated, essentially placing the blame on the restaking protocol for using a single-DVN setup.

The exploiters executed an RPC-spoofing attack and performed DDoS attacks to manipulate the single DVN instance into confirming transactions “that never in fact took place.” The LayerZero team said, “Operating a single-point-of-failure configuration meant there was no independent verifier to catch and reject a forged message.

Meanwhile, KelpDAO is preparing to dispute LayerZero’s account and place the blame on the latter, per a CoinDesk report.

Spilling over

The exploit has since impacted the wider crypto landscape.

The attackers successfully drained 116,500 rsETH from KelpDAO’s bridge, allowing them to deposit $249.7 million of the token to DeFi’s largest lending protocols and withdraw $228.2 million worth of different cryptocurrencies, wETH and wstETH, on-chain data from Arkham Intelligence shows.

Aave, the largest lending protocol, has frozen several markets and is now facing a liquidity crunch.

On Aave’s v3, the ETH, USDT, and USDC markets, which have a combined reserve size of $10.7 billion, have each reached a 100% utilization rate, as total borrowed equals total supplied. When borrows are maxed, users cannot withdraw their supplied liquidity.

The pseudonymous head of strategy at DeFi lending platform Spark, @MonetSupply, wrote on X, There has been a ~$300 million increase in borrowing with USDT collateral in just the past day since the rsETH exploit.

On-chain folks are spooked

The attack comes in the same month that Drift, a solana-based trading venue, suffered from an over $270 million hack. Saturday’s attack also follows worries stemming from Anthropic’s unreleased AI model Mythos, which “is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system.” 

Even though the major cryptocurrencies have not seen their prices move substantially in the last 24 hours, crypto participants have been spooked, evident by the capital exiting the decentralized finance ecosystem.

DeFi saw its total value locked decrease by $13 billion over the weekend to $85.64 billion at the time of writing, its lowest point since April last year, data from DefiLlama shows. 

“OK — Kelpdao hacker, how much you want? Let’s just talk. With KelpDAO’s help, of course. It’s simply not worth it to sacrifice both Aave and KelpDAO and let them go down over this hack. You can’t spend $300 million anyway,” said Justin Sun, founder of the Tron blockchain, who has been beefing with the President Trump-backed World Liberty team. 

More Crypto

See all Crypto
crypto

Bitcoin jumps to highest level since February, boosted by optimism over reopening of Strait of Hormuz

Bitcoin finally broke out of the tight range it’s been stuck in for weeks, rising to just below the $78,000 mark, a level not reached since early February, as risk-on sentiment floods back into the market.

The jump comes on the heels of Iran and the US announcing the reopening of the Strait of Hormuz on Friday morning, which sent oil prices down and the stock market higher.

The renewed optimism for a deal with Iran and the end of the Middle East conflict also sent crypto stocks jumping, with Strategy, the largest corporate bitcoin holder, up more than 13% late Friday morning.

Wave Digital Assets’ head of international portfolio management, Rajiv Sawhney, told Sherwood News that its all about the Strait of Hormuz. Markets are interpreting it as a win. Its a knee-jerk reaction given positioning and expectations. As such, while bitcoin was able to tick higher, the $80K level will be the real barometer we need to cross for me to feel confident that this relief rally has legs, he said, adding that until then, hes remaining cautiously optimistic that risk assets can close at these levels. 

Nic Puckrin, cofounder of Coin Bureau, told Sherwood that we’re seeing a classic short squeeze as heavy short positions in bitcoin are being liquidated, adding that the next resistance level to watch is $79,000. 

“If we get past that and close the week above this level, $90k becomes a real possibility in the medium term. However, if the rally gets rejected at this level, we could remain stuck in the range between $65k and $75k that held bitcoin hostage for months,” Puckrin added.

Underscoring the cautious comeback, Bloomberg reported that from a derivatives market perspective, “traders remain largely defensive.”

“Funding rates for perpetual futures contracts, a key measure of whether leveraged traders are betting on higher or lower prices, were negative. Hefty premiums are also being paid for put options providing downside protections at $60,000 and $50,000, respectively,” Bloomberg reported.

Bitfinex analysts told Sherwood that the liquidation heat map shows dense shorts leverage stacked between $76,000 and $78,000. 

“Clearing this range opens a substantial air gap in the unspent realized price distribution up to $82,000,” they said, adding that the next level they are watching is $83,000, a “significant wall at the short-term holder realized price.”

crypto

OP token rises after payments card provider Ether.fi finalizes migration to the layer 2 network

OP, the governance token for OP Mainnet, has increased as much as 5% since Tuesday night following news that Ether.fi, a decentralized finance protocol known for providing noncustodial crypto payment cards, completed its migration to the ethereum layer 2 blockchain network. 

Ether.fi’s move resulted in around $220 million in total value locked coming to OP Mainnet, the largest single TVL event in the network’s history, as well as over 70,000 payment cards and more than 300,000 accounts, according to a blog post from Ether.fi

Originally on alternative layer 2 network Scroll, Ether.fi made the switch to OP Mainnet due to lower median transaction fees of $0.00001 and sub-250-millisecond finality times. 

“To ship what comes next, we needed infrastructure that could handle real-time payments at consumer volume,” Ether.fi CEO Mike Silagadze told Sherwood News. “OP Mainnet delivered on every dimension. Three days to migrate $220M with no downtime answered the question. Now we get to build.” 

The migration comes about two months after Coinbase-incubated blockchain Base announced moving away from Optimism’s OP Stack. 

Latest Stories

Sherwood Media, LLC produces fresh and unique perspectives on topical financial news and is a fully owned subsidiary of Robinhood Markets, Inc., and any views expressed here do not necessarily reflect the views of any other Robinhood affiliate, including Robinhood Markets, Inc., Robinhood Financial LLC, Robinhood Securities, LLC, Robinhood Crypto, LLC, Robinhood Derivatives, LLC, or Robinhood Money, LLC. Futures and event contracts are offered through Robinhood Derivatives, LLC.