Kelp Exploitation ‘Contagion’ Spreads Across DeFi Ecosystem: Crypto Execs
Exploitation of the Kelp Liquidity Recovery Protocol shows how decentralized lending and decentralized finance (DeFi) can lead to broader ecosystem contagion, according to crypto industry executives and blockchain security companies.
Michael Egorov, founder of the Curve Finance DeFi protocol, said that unblocked lending on DeFi, including previous versions of the Aave lending protocol, exposes users to risks from the various tokens on the platform.
Kelp was the target of a cyber attack on Saturday, which caused the platform to suspend smart contracts for its Retention Token (rsETH) as it moved to investigate the attack, which drained it of around $293 million.
Before approving tokens as collateral on their platforms, DeFi teams should screen future digital assets to ensure tokens don't have a single point of failure or vulnerabilities, Egorov said in an email.
He also warned against using the cross-chain bridge architecture to transfer assets from one blockchain protocol to another, the cause of this weekend's Kelp exploit.
“Cross-chain is difficult and potentially dangerous. Only use cross-chain infrastructure when necessary, and do so carefully,” Egorov said.
Crypto hacks, code exploits and fraud losses will reach $482 million in Q1 2026, he said, adding that the sector is a learning experience for DeFi to develop and implement better cybersecurity protections.
Related: DAO Behind CoW Swap Urges Users To Stay Off Platform After ‘Hack'
Kelp exploitation triggers “contagion” in DeFi ecosystem.
“This wasn't just a protocol exploit. It immediately became a cross-protocol incident,” blockchain security firm Syvers told Cointelegraph.
At least nine DeFi protocols and platforms, including Aave, Fluid, Compound Finance, SparkLend and Euler, were affected by the incident and have taken steps to block rETH markets or mitigate the fallout from kelp exploitation, Syvers said.
“The challenge is not only to prevent exploits at the contract level, but also to understand how quickly they cross over into integrated protocols,” Syverse CEO Dedi Lavide told Cointelegraph.
The exploit on Kelp follows last week's $280 million hack of the Drift Protocol decentralized exchange and at least 12 other crypto platforms and DeFi hacks earlier this month.
Magazine: ‘SEAL 911' White Hat Team Formed To Fight Crypto Hackers In Real Time
