A report claiming Kelp DAO's rsETH token suffered a $100 million exploit appears to be entirely unfounded, with no on-chain evidence or official confirmation supporting the claim.
Over the past 72 hours, a single headline has been making the rounds in crypto circles, suggesting that Kelp DAO's rsETH, a popular liquid restaking token, had been potentially exploited with $100 million at risk. The original Crypto Briefing post floated the possibility of a catastrophic vulnerability undermining broader decentralized finance confidence and Ethereum's price stability. The only problem is that, based on every available metric, the hack never happened.
Major security monitoring platforms and on-chain analytics firms have reported zero anomalous outflows from Kelp DAO contracts. No emergency pause mechanisms were triggered, no post-mortem reports have been published by the team, and no credible DeFi watchdog has raised an alarm. If a $100 million drain had occurred, it would rank among the largest exploits of the past two years, comparable to the catastrophic bridge failures that dominated headlines in 2022 and 2023. An event of that magnitude involving a top-tier liquid restaking protocol would dominate global crypto media. Instead, the silence is deafening.
Kelp DAO operates in the rapidly expanding liquid restaking sector, allowing users to deposit staked Ethereum and receive rsETH, a token that accrues rewards from multiple validation layers simultaneously. The protocol competes directly with platforms like Ether.fi and Puffer Finance, holding a significant share of the restaking market as of early 2026. Its infrastructure remains deeply intertwined with KernelDAO, a related security-focused restaking protocol that successfully launched its token in 2025 without incident. A breach of this scale in the Kelp ecosystem would almost certainly trigger cascading concerns across KernelDAO and the broader restaking landscape. None of that contagion materialized.
Market data further dismantles the exploit narrative. rsETH has not experienced any anomalous price divergence from its expected peg, and liquidity pools across major decentralized exchanges remain intact and fully functional. A genuine drain of nine-figure capital would instantly trigger a liquidity crisis and a fire sale of the token. What traders actually saw was normal market behavior, with rsETH trading in line with Ethereum's own price movements over the same period.
Misinformation in a Fragile Market
The speed at which unverified claims travel in cryptocurrency markets is not a new phenomenon, but the stakes have grown considerably as institutional capital enters the space through vehicles like spot Bitcoin and Ethereum ETFs. A false report of this nature can briefly move markets, forcing liquidations and shaking investor confidence before the truth catches up. In late 2024, actual exploits like the Onyx breach for $3.8 million and the UniBTC drain of $2 million were contained events with clear on-chain footprints and rapid community responses. The specificity of the Kelp DAO claim, attaching a $100 million figure, is what makes it particularly dangerous. It borrows the language and scale of a legitimate crisis without any of the supporting evidence.
As Forbes recently pointed out in a broader analysis of crypto market infrastructure, the maturation of digital asset markets requires not just better security protocols but also more rigorous information standards. The absence of a verified exploit does not mean liquid restaking is without risk. Smart contract vulnerabilities remain a persistent threat across all DeFi protocols, and the complexity of restaking, which stacks multiple layers of consensus and validation logic, introduces unique attack surfaces that researchers are still mapping. Users should remain cautious and conduct standard due diligence, but they should also demand accountability from platforms that publish unverified claims of catastrophic losses.
For investors and entrepreneurs building in the restaking space, the takeaway is straightforward. Kelp DAO appears to be operating as intended, and the reported exploit is unsupported by any available data. Watch for official communications directly from protocol teams and independent security auditors, rather than reacting to unverified headlines designed to capture attention in a competitive news cycle.
