Very high risk — realized $292M bridge exploit on April 18, 2026 (largest DeFi loss of 2026) compounds pre-existing oracle vulnerability, reflexive insurance design, and 4-layer derivative nesting. Downgraded from C to D.
Risk Breakdown
Top Risks
1
LayerZero bridge configuration allowed attacker to mint 116,500 rsETH (~$292M, 18% of supply) on April 18, 2026 with no corresponding ETH on source chain; largest DeFi exploit of 2026
2
Hardcoded stETH oracle enables arbitrage exploit during depeg
3
KERNEL price crash creates reflexive insurance death spiral
Frequently Asked Questions
Is Kelp DAO safe to use?
Kelp DAO receives a D risk grade (71/100) from Hindenrank, where lower scores indicate lower risk. Very high risk — realized $292M bridge exploit on April 18, 2026 (largest DeFi loss of 2026) compounds pre-existing oracle vulnerability, reflexive insurance design, and 4-layer derivative nesting. Downgraded from C to D. A liquid restaking protocol that wraps staked ETH into rsETH tokens and stacks additional yield layers on top through Gain Vaults. On April 18, 2026, attackers exploited a configuration flaw in Kelp's LayerZero bridge to mint 116,500 rsETH out of thin air — about $292M and 18% of the entire supply — making this the largest DeFi exploit of 2026. The attacker then used the stolen rsETH on Aave V3 as collateral to borrow WETH, leaving Aave with an estimated $177-200M in bad debt. Its D grade reflects the realized bridge exploit, the pre-existing hardcoded oracle vulnerability, reflexive insurance design, and four layers of derivative nesting.
What are the main risks of using Kelp DAO?
The key risks identified for Kelp DAO are: (1) On April 18, 2026, the protocol's LayerZero bridge was exploited — attackers minted $292M worth of rsETH that wasn't backed by any real ETH. The bridge was paused 46 minutes later, but rsETH holders now face major uncertainty about recovery. (2) The protocol still uses a hardcoded stETH=ETH price assumption. If stETH ever trades at a discount again (as it did in 2022), anyone can exploit this to dilute your holdings. (3) Your money passes through up to 4 layers (ETH to stETH to rsETH to agETH). A problem at any layer compounds through all the others — and in April 2026, that cascade hit Aave V3 as well.
What is Kelp DAO's risk score breakdown?
Kelp DAO scores 71/100 across eight risk dimensions: Mechanism Novelty: 5/15, Interaction Severity: 18/20, Oracle Surface: 8/10, Documentation Gaps: 6/10, Track Record: 15/15, Scale Exposure: 7/10, Regulatory Risk: 3/10, Vitality Risk: 9/10. The highest risk area is Track Record at 15/15.
How does Kelp DAO compare to other Restaking protocols?
Among 26 rated Restaking protocols on Hindenrank, Kelp DAO ranks #26 by safety (lowest risk score = safest). Its 71/100 risk score and D grade place it among the riskier Restaking protocols.
Has Kelp DAO ever been hacked or exploited?
Kelp DAO scores 15/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.
Last scanned 2026-04-19
Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.