Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
Gate MCP
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
#rsETHAttackUpdate
THE BIGGEST DEFI HACK OF 2026 AND WHAT IT MEANS FOR ALL OF US
On April 18, 2026, the decentralized finance world woke up to a crisis that nobody wanted to believe was possible at this scale, but deep down everyone who has been in this space long enough knew was only a matter of time. KelpDAO, one of the most integrated liquid restaking protocols in the Ethereum ecosystem, was hit with an exploit so precise, so calculated, and so devastating in its downstream effects that it has fundamentally changed how the entire industry needs to think about cross-chain infrastructure, bridge security, and the hidden risks buried inside DeFi composability.
This is not just a story about one protocol losing money. This is a story about structural vulnerabilities that exist across the entire ecosystem, and every serious participant in this space needs to understand exactly what happened, how it happened, and what it means for the way you interact with DeFi going forward.
---
WHAT ACTUALLY HAPPENED ON APRIL 18
A major security breach hit Kelp DAO when an attacker drained 116,500 rsETH tokens from its LayerZero-powered cross-chain bridge, netting approximately 292 million dollars and claiming roughly 18 percent of rsETH's entire circulating supply, making this the largest decentralized finance exploit recorded in 2026.
To understand how this happened you need to understand what rsETH actually is and what role the bridge was playing. KelpDAO is a liquid restaking protocol that allows users to stake ETH and receive rsETH in return, a token that represents their staked position and can be used as collateral across lending protocols, earning yield while remaining usable across the broader DeFi ecosystem.
To move rsETH between different blockchains, KelpDAO relied on a bridge mechanism that locks tokens on one chain while issuing corresponding copies on another. An attacker exploited that setup by forging a transfer message that appeared valid, causing the system to approve the transfer even though the tokens were never actually taken out of the sending chain. In simple terms, new tokens were created without real backing.
---
THE TECHNICAL FLAW THAT MADE IT ALL POSSIBLE
This was not a brute force hack or a private key leak. The attacker exploited a flaw in the bridge configuration, specifically a 1 of 1 verification setup that acted as a single point of failure.
This meant the entire system trusted one validator to confirm whether cross-chain messages were legitimate. Once that trust was compromised, the attacker could forge instructions that the system accepted as real.
The contracts themselves worked exactly as designed. The failure was in what they were designed to trust.
---
HOW THE ATTACK UNFOLDED
The breach occurred rapidly, and although emergency controls were eventually activated, the response came too late to stop the damage.
Instead of dumping the stolen tokens on the market, the attacker used them as collateral on lending protocols, borrowing large amounts of ETH and other assets. This allowed them to extract real value without immediately crashing the price of the compromised asset.
By the time defensive measures were taken, the system was already holding collateral that had no real backing.
---
THE CONTAGION THAT SPREAD ACROSS DEFI
What makes this attack especially dangerous is how quickly it spread across the ecosystem. Lending protocols froze affected markets, other platforms paused related operations, and even protocols with no direct exposure took precautionary actions.
This is the reality of DeFi composability. Systems are deeply interconnected, and when one piece fails, the effects ripple outward rapidly.
The same structure that creates opportunity also creates systemic risk.
---
AAVE'S EXPOSURE AND THE BAD DEBT PROBLEM
One of the biggest impacts was on lending markets, where the attacker used unbacked rsETH as collateral to borrow significant amounts of real assets.
This created a situation where protocols were left holding liabilities backed by compromised collateral. Even though their systems functioned correctly, they were still exposed to losses.
Emergency freezes helped contain further damage, but they could not undo what had already happened.
---
WHAT USERS AND PROTOCOLS MUST LEARN
This attack highlights a critical truth: DeFi risk is not just about price volatility. It is about infrastructure risk.
Users must understand that holding or using assets in DeFi exposes them to risks in bridges, collateral systems, and protocol design.
Protocols must enforce stronger validation systems, eliminate single points of failure, and adopt more conservative risk management practices when integrating complex assets.
---
THIS IS NOT THE END OF DEFI, BUT IT IS A TURNING POINT
Every major exploit tests the strength of the ecosystem. Some failures break systems. Others force them to evolve.
The rsETH attack is severe, but it is also a moment of reckoning. The future of DeFi depends on whether builders and users take these lessons seriously.
Because this was not just a 292 million dollar exploit. It was a warning.
And what happens next will determine whether the next incident is smaller… or even bigger.
#rsETHAttackUpdate