The exploit of the Kelp liquid restaking protocol reveals how non-isolated lending and integrations in decentralized finance (DeFi) could cause broader ecosystem contagion, in response to crypto trade executives and blockchain safety companies.
Non-isolated lending on DeFi platforms, together with earlier variations of the Aave lending protocol, exposes customers to dangers from all the varied tokens used as collateral on the platforms, in response to Michael Egorov, founding father of the Curve Finance DeFi protocol.
Kelp was the goal of a cyber assault on Saturday, inflicting the platform to pause sensible contracts for its restaking token (rsETH) whereas it moved to research the assault that left the platform drained of about $293 million.
DeFi groups also needs to vet potential digital belongings to make sure that tokens don’t characteristic single factors of failure or assault surfaces earlier than approving tokens as lending collateral on their platforms, Egorov mentioned in an electronic mail.
He additionally warned towards utilizing cross-chain bridging structure to switch belongings from one blockchain protocol to a different, which was the foundation explanation for this weekend’s Kelp exploit.
“Cross-chain is difficult and probably dangerous. Solely use cross-chain infrastructure when completely mandatory, and do it actually rigorously,” Egorov mentioned.
He mentioned the incident is a studying expertise for DeFi, which the sector can use to develop and implement higher cybersecurity protections as losses from crypto hacks, code exploits and scams reached $482 million in Q1 2026.
Associated: DAO behind CoW Swap urges customers to remain off platform after ‘hijacking’
Kelp exploit triggers “contagion” throughout the DeFi ecosystem
“This was not only a protocol exploit. It instantly turned a cross-protocol contagion occasion,” blockchain safety agency Cyvers advised Cointelegraph.
A minimum of 9 DeFi protocols and platforms, together with Aave, Fluid, Compound Finance, SparkLend and Euler, had been affected within the incident and took motion to freeze rsETH markets or mitigate the fallout from the Kelp exploit, Cyvers mentioned.
“The problem is not simply stopping exploits on the contract degree, however understanding how briskly they will cascade throughout built-in protocols,” Cyvers CEO Deddy Lavid advised Cointelegraph.
The exploit on Kelp adopted the $280 million Drift Protocol decentralized trade hack final week and not less than 12 different crypto platforms and DeFi hacks earlier this month.
Journal: ‘SEAL 911’ group of white hats fashioned to struggle crypto hacks in actual time
