+11° Kyiv +18° Warsaw +10° Washington
$ 44.02 € 51.76 zł 12.25
$ 44.02 € 51.76 zł 12.25
+11° Kyiv +18° Warsaw +10° Washington
News Technologies

Hackers stole $293 million through a cross-chain bridge vulnerability — Bloomberg

UA NEWS 19 April 2026 15:10
Hackers stole $293 million through a cross-chain bridge vulnerability — Bloomberg

On Saturday, April 18, 2026, the crypto community witnessed the largest attack on DeFi infrastructure since the beginning of the year. 

Bloomberg reported this.

The attackers exploited a critical vulnerability in the cross-chain interoperability system, resulting in the loss of over $290 million in assets.

The main target of the attack was the rsETH token—a liquid asset issued by the Kelp DAO platform. 

The hackers attacked a bridge built on LayerZero technology, which typically enables seamless exchange of data and assets between different blockchains.

“This wasn’t just a protocol breach; it immediately turned into a cross-protocol incident,” explained security experts at Cyvers. 

According to their estimates, at least nine other major crypto platforms were affected due to architectural interdependencies.

As a result of the incident, approximately 116,500 units of rsETH were stolen. The scale of the losses, totaling $293 million, officially made this hack the most destructive of 2026, surpassing the previous record held by the Solana-based Drift project.

Kelp DAO responded promptly to the incident by suspending smart contracts on the mainnet and several Layer 2 (L2) networks. 

The project team is currently conducting a detailed investigation, attempting to track the movement of the stolen funds using blockchain analyzers.

A key feature of the DeFi sector is that assets are often used as collateral or liquidity across multiple services simultaneously. When rsETH lost its stability due to the hack, it undermined confidence in all related financial instruments.

Aave, the largest lending protocol managing over $20 billion, was forced to urgently freeze rsETH markets. 

This move prevented a mass liquidation of user positions and stabilized the overall situation.

Cyvers CTO Meir Dolev noted that thanks to the quick response, another $100 million was saved. 

According to him, the system was isolated from the breach “in just three minutes” before the hacker could execute a second wave of transactions.

Hackers stole Booking.com user data

Russian hackers breached over 280 accounts of NATO and Balkan institutions
 

Read us on Telegram and Sends