Kelp DAO appears to have been exploited for $293 MILLION in the last hour, making it the biggest DeFi hack of 2026.
And it's far from being the only one this month.
Over $600M stolen from DeFi in the last 2 weeks across over 10 different protocols, and AI is only making it easier for hackers.
> Kelp DAO: attacker exploited the LayerZero bridge to drain 116,500 rsETH ($293M), then used it as collateral on Aave to borrow ETH, leaving Aave with bad debt as $AAVE dumps.
> Drift Protocol: $285M drained by North Korean hackers using AI powered social engineering, they spent months building trust with insiders before executing in 12 minutes.
> Rhea Finance: $18M stolen through fake token pools that tricked the protocol's oracle into approving withdrawals.
> Grinex: $15M stolen, sanctioned Russian exchange suspended all operations and blamed "Western intelligence".
> Hyperbridge: attacker minted 1 billion fake bridged DOT with a notional value over $1B, but only extracted about $237K because liquidity was thin.
> BSC TMM pool: $1.67M drained through reserve manipulation.
> Aethir: $423K lost in an access control exploit on their GPU network.
> Dango: $410K stolen through a smart contract bug in their bridge aggregator.
> Silo Finance: $392K gone from a misconfigured oracle.
> CoW Swap: frontend hijacked through DNS attack, site redirected to a phishing page.
> Zerion: hit by North Korean social engineering, credentials stolen.
The attack surface is expanding faster than the defenses.
This is only going to get worse.
And it's far from being the only one this month.
Over $600M stolen from DeFi in the last 2 weeks across over 10 different protocols, and AI is only making it easier for hackers.
> Kelp DAO: attacker exploited the LayerZero bridge to drain 116,500 rsETH ($293M), then used it as collateral on Aave to borrow ETH, leaving Aave with bad debt as $AAVE dumps.
> Drift Protocol: $285M drained by North Korean hackers using AI powered social engineering, they spent months building trust with insiders before executing in 12 minutes.
> Rhea Finance: $18M stolen through fake token pools that tricked the protocol's oracle into approving withdrawals.
> Grinex: $15M stolen, sanctioned Russian exchange suspended all operations and blamed "Western intelligence".
> Hyperbridge: attacker minted 1 billion fake bridged DOT with a notional value over $1B, but only extracted about $237K because liquidity was thin.
> BSC TMM pool: $1.67M drained through reserve manipulation.
> Aethir: $423K lost in an access control exploit on their GPU network.
> Dango: $410K stolen through a smart contract bug in their bridge aggregator.
> Silo Finance: $392K gone from a misconfigured oracle.
> CoW Swap: frontend hijacked through DNS attack, site redirected to a phishing page.
> Zerion: hit by North Korean social engineering, credentials stolen.
The attack surface is expanding faster than the defenses.
This is only going to get worse.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
