What Happened

On April 18, 2026, the bridge verification infrastructure that processes cross-chain rsETH messages was compromised outside of Kelp's operational domain. This infrastructure is operated by a third-party provider. A forged packet was accepted by the bridge, releasing 116,500 rsETH from the Ethereum bridge lockbox to an attacker-controlled address.

We have requested a full root-cause analysis from the infrastructure provider and will share details as soon as we have it.

Assets backing rsETH minted on Ethereum Mainnet remain fully secure. The Kelp restaking protocol, the rsETH ERC-20 contract, and all underlying EigenLayer deposits are intact and functioning as designed. There was no infinite-mint, no protocol exploit.

If you hold rsETH on Ethereum mainnet

Since the primary impact occurred on the bridging infra, nothing has been impacted on the Ethereum mainnet. Assets backing rsETH on mainnet remain safe.

If you hold wrapped rsETH on an L2

We are working with ecosystem partners including Aave and others on an impact and next steps. We will have more to share within 72 hours.

Next Steps

●        Mainnet rsETH holders: No action needed.

●        L2 wrapped rsETH holders: Migration pathways will be announced within a few days

●        All users: be cautious of scam links and DMs claiming to offer recovery or claims. Official updates only from Kelp DAO verified channels.

Coordinated Response:

●        All Eth and LSTs deposited on rsETH are fully intact. The protocol is sound. The incident is contained to the bridge verification layer.

●        We are working with Aave and other ecosystem partners on the impact and potential next steps.

Next operational update soon as we have more information.