•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
One of the largest decentralized finance (DeFi) exploits of 2026 occurred on Saturday, with an attacker siphoning more than $290 million from the Kelp DAO ecosystem across the Ethereum and Arbitrum networks.
Lending protocols moved quickly to enact emergency protective measures to contain the financial contagion tied to the breach, which centered on the rsETH cross-chain bridge.
The incident also triggered market impact: the price of the Aave (AAVE) token fell by roughly 18% following the exploit.
On-chain forensics provided by security analytics firm D2 Finance indicate the vulnerability was not a flaw in the underlying LayerZero infrastructure. Instead, the exploit was identified as an “OApp peer-trust bug,” stemming from a severe key compromise on the source chain.
After securing the rsETH funds, the exploiter did not immediately attempt to cash out. Instead, they moved to use the stolen assets across major DeFi lending markets.
Blockchain security firm PeckShield reported that the attacker aggressively deposited the stolen rsETH as collateral to borrow Wrapped Ethereum (WETH).
The exploiter’s consolidated holdings currently exceed 106,400 ETH, valued at nearly $250 million.
Aave announced the freezing of all rsETH markets across its V3 and V4 deployments, stripping the asset of all borrowing power.
Aave founder Stani Kulechov said Aave’s core smart contracts remain secure and were not exploited.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
