Is Kelp DAO Safe?
Risk Grade: D (71/100)
Kelp DAO is rated as high risk — extreme novelty, critical interactions, unproven at scale.
Very high risk — realized $292M bridge exploit on April 18, 2026 (largest DeFi loss of 2026) compounds pre-existing oracle vulnerability, reflexive insurance design, and 4-layer derivative nesting. Downgraded from C to D.
A liquid restaking protocol that wraps staked ETH into rsETH tokens and stacks additional yield layers on top through Gain Vaults. On April 18, 2026, attackers exploited a configuration flaw in Kelp's LayerZero bridge to mint 116,500 rsETH out of thin air — about $292M and 18% of the entire supply — making this the largest DeFi exploit of 2026. The attacker then used the stolen rsETH on Aave V3 as collateral to borrow WETH, leaving Aave with an estimated $177-200M in bad debt. Its D grade reflects the realized bridge exploit, the pre-existing hardcoded oracle vulnerability, reflexive insurance design, and four layers of derivative nesting.
TVL
$1.6B
Mechanisms
6
Interactions
4
Value Grade
D+
Key Risks for Kelp DAO Users
On April 18, 2026, the protocol's LayerZero bridge was exploited — attackers minted $292M worth of rsETH that wasn't backed by any real ETH. The bridge was paused 46 minutes later, but rsETH holders now face major uncertainty about recovery.
The protocol still uses a hardcoded stETH=ETH price assumption. If stETH ever trades at a discount again (as it did in 2022), anyone can exploit this to dilute your holdings.
Your money passes through up to 4 layers (ETH to stETH to rsETH to agETH). A problem at any layer compounds through all the others — and in April 2026, that cascade hit Aave V3 as well.
Top Risk Factors
- •LayerZero bridge configuration allowed attacker to mint 116,500 rsETH (~$292M, 18% of supply) on April 18, 2026 with no corresponding ETH on source chain; largest DeFi exploit of 2026
- •Hardcoded stETH oracle enables arbitrage exploit during depeg
- •KERNEL price crash creates reflexive insurance death spiral
How Kelp DAO Compares to Peers
Kelp DAO ranks #26 of 26 Restaking protocols (bottom quartile — among the riskiest). At a risk score of 71/100, it's 29 points riskier than the sector average of 42/100.
See the full Restaking sector leaderboard or the Kelp DAO vs Lombard Finance comparison.
Common Questions about Kelp DAO
Plain-English answers based on Kelp DAO's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Track Record (15/15).
Has Kelp DAO ever been hacked or exploited?
Kelp DAO has a documented incident history that materially raised its risk grade — the track record dimension scored 15/15, near the high end of the scale. Past exploits, governance failures, or contract issues are baked into this rating. Anyone considering deposits should review the incident details before allocating capital.
How much money is at stake in Kelp DAO?
Kelp DAO currently holds over $1.6B in user deposits. A protocol of this size typically has deeper liquidity, more eyes on the code, and more attention from auditors — but it also means a single failure has a much larger blast radius.
What's the worst-case scenario for Kelp DAO?
Hindenrank has identified specific collapse scenarios for Kelp DAO. The most prominent: "Hardcoded Oracle Arbitrage Drain". The trigger condition is stETH depegs >2% from ETH on secondary markets while Kelp DAO's hardcoded 1:1 oracle remains unchanged, creating a persistent arbitrage window. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Kelp DAO regulated or insured?
Kelp DAO has low regulatory exposure on Hindenrank's framework (3/10). The protocol is structured in a way that minimizes counterparty and jurisdiction concentration, though regulatory risk in crypto can change rapidly. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Kelp DAO?
Hindenrank's retail-focused risk audit flagged: On April 18, 2026, the protocol's LayerZero bridge was exploited — attackers minted $292M worth of rsETH that wasn't backed by any real ETH. The bridge was paused 46 minutes later, but rsETH holders now face major uncertainty about recovery. The protocol still uses a hardcoded stETH=ETH price assumption. If stETH ever trades at a discount again (as it did in 2022), anyone can exploit this to dilute your holdings. Your money passes through up to 4 layers (ETH to stETH to rsETH to agETH). A problem at any layer compounds through all the others — and in April 2026, that cascade hit Aave V3 as well. On the technical side, 2 critical-severity interaction risks have been identified.
Should beginners deposit into Kelp DAO?
Kelp DAO carries a D grade — among the riskiest protocols in Hindenrank's coverage. Beginners should not deposit here. Anyone considering a position should understand they may lose everything they put in, and should size accordingly.
How does Kelp DAO compare to safer Restaking alternatives?
Kelp DAO is one protocol in Hindenrank's Restaking coverage. The safest Restaking protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Kelp DAO against the full Restaking ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Kelp DAO risk report.
Read the Full Kelp DAO Risk Report
This protocol has 4 collapse scenarios. 2 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.