Kelp, a liquid retaking protocol, fell victim to a cyberattack on Saturday, which resulted in the platform pausing clever contracts for its retaking token (rsETH) as it “investigates” the attack amid reports of losses running into the hundreds of millions of dollars.

“We have previously identified suspicious cross-chain activity related to rsETH. We have suspended rsETH contracts on the mainnet and several Layer 2s” – Kelp Platform he said in post X.

The attacker exploited the rsETH adapter bridge contract, the software code that manages Kelp’s rsETH token, and deprived the platform of approximately $293 million of funds. According to to Cyvers, a blockchain security company.

The attacker used an address funded by cryptocurrency mixer Tornado Cash and has already converted approximately $250 million of stolen funds into Ether (ETH), the native cryptocurrency of Ethereum’s Layer 1 blockchain network, Cyvers told Cointelegraph.

In response to the attack, decentralized finance (DeFi) platform Aave announced that it had frozen rsETH markets on Aave V3 and V4. Cyvers said at least nine cryptographic protocols had contact with the token and blocked activity on their platforms in response.

“This is exactly the type of incident that highlights the risks of compositing in DeFi,” Deddy Lavid, CEO of Cyvers, told Cointelegraph. Cointelegraph reached out to Kelp but had not received a response by the time of publication.

The incident is the latest in a string of hacks and cybersecurity exploits of crypto platforms that have occurred over the past few months, as cryptocurrency losses from hacks and fraud totaled approximately $482 million in the first quarter of 2026.

Related: The phony Ledger Live app in the Apple App Store extracted $9.5 million from victims: ZachXBT

Drift Protocol hacked for $280 million

In April, decentralized cryptocurrency exchange Drift Protocol also experienced an exploit that drained approximately $280 million of its platform value.

The Drift Protocol team said the attack required “months of deliberate preparation,” during which suspected North Korean hackers infiltrated the team.

In the autopsy updatethe Drift team said it met the attackers at a “major” crypto conference and worked with them for several months before the attackers placed malware on developers’ computers and compromised the platform.

Warehouse: DeFi’s billion-dollar secret: the insiders behind the hacks

Cointelegraph is committed to independent and clear journalism. This news article has been produced in accordance with Cointelegraph’s Editorial Policy and is intended to provide exact and up-to-date information. Readers are encouraged to verify the information themselves. Read our Editorial Policy https://cointelegraph.com/editorial-policy