KelpDAO: rsETH Records $936k Net Outflows One Month Post-Hack – Details

What happened

KelpDAO, a prominent decentralised finance (DeFi) protocol, experienced a significant security breach, resulting in the loss of 152,577 rsETH, valued at approximately $292 million. This exploit occurred on April 18, targeting a vulnerability within KelpDAO's LayerZero cross-chain bridge. The incident sent shockwaves through the DeFi community, contributing to a substantial $13.5 billion drop in total value locked (TVL) across the sector.

Immediately following the hack, analytics firm Santiment observed a net inflow of approximately 563 rsETH, worth about $1.1 million, onto cryptocurrency exchanges. This movement indicated that investors were opting to sell or swap their holdings for other assets, such as stablecoins, to mitigate their exposure to the fallout from the exploit and the perceived increased risk surrounding KelpDAO and rsETH.

In the aftermath, a concerted effort was launched to address the breach and recover funds. KelpDAO collaborated with other major DeFi entities, including Arbitrum and Aave, to secure the hackers' positions on their respective platforms. Aave DAO, alongside other leading DeFi protocols like EtherFi, Lido, and Ethena, also provided financial support following the incident.

On May 15, KelpDAO announced a crucial step towards recovery: the resumption of rsETH activities, including withdrawals, bridging, and core protocol operations. This announcement marked a turning point. Santiment data subsequently showed a net outflow of approximately 435 rsETH, equivalent to $936,000, from exchanges. This shift suggests a renewed, albeit cautious, investor confidence, as rsETH moves from exchange wallets into self-custody or decentralised applications, indicating a return to normal market dynamics for the asset.

Adding to the industry's security concerns, the decentralised liquidity protocol THORChain also suffered a separate, unrelated attack, leading to an estimated $10.8 million in losses. This exploit impacted four different blockchains: Bitcoin, Ethereum, Binance Smart Chain (BSC), and Base. THORChain, known for its cross-chain swapping capabilities, temporarily halted trading and issued a global emergency alert in response. These incidents highlight the ongoing challenges and significant security risks prevalent within the broader crypto ecosystem, with total losses from malicious activities in 2026 reaching $823.9 million at the time of reporting.

Why it matters for Australian investors

For Australian investors, the KelpDAO and THORChain incidents serve as a stark reminder of the inherent risks associated with decentralised finance and the broader cryptocurrency market. While these specific exploits occurred on platforms that may not be directly used by every Australian crypto holder, the ripple effects can influence global market sentiment, including the AUD-denominated crypto market.

These events underscore the importance of due diligence when evaluating DeFi protocols. Australian investors should meticulously research the security audits, insurance policies, and operational history of any platform they consider using. The quick response and recovery efforts by KelpDAO, albeit after a significant loss, do offer a glimpse into how some protocols attempt to manage such crises, which can be an important factor in assessing long-term viability.

The initial movement of rsETH to exchanges post-hack and the subsequent outflow after recovery highlight typical investor behaviour in times of uncertainty and recovery. Australian investors should understand these market dynamics, as they can sometimes present opportunities for those who carefully assess risk and reward, or conversely, lead to significant losses for those who react impulsively.

Furthermore, the multi-chain nature of the THORChain exploit demonstrates the interconnectedness of the crypto ecosystem. An exploit on one chain or protocol can affect multiple others, potentially impacting a broader range of assets and investment strategies. Australian regulations from bodies like AUSTRAC and ASIC primarily focus on centralised exchanges, but the responsibility for securing assets in a decentralised context largely falls to individual investors.

Impact on the AUD market

While the KelpDAO and THORChain exploits did not directly target Australian exchanges or AUD-pegged assets, their global impact on crypto market sentiment can indirectly affect the Australian crypto market. A significant decline in total crypto market capitalisation, as observed globally, tends to influence AUD-denominated crypto prices on local exchanges like CoinSpot, Independent Reserve, Swyftx, and BTC Markets.

Increased market volatility, often a consequence of major exploits, means that Australian investors might see greater price fluctuations in their portfolios. This can be particularly pronounced for investors holding assets that have a direct or indirect relationship with the affected protocols, or for those whose portfolios are heavily weighted towards DeFi.

The shift in investor confidence observed with rsETH – from panic selling to renewed accumulation – could be mirrored on a smaller scale within the Australian market for certain assets. Australian investors might become more discerning, potentially favouring assets and protocols perceived as more secure or those with a proven track record of recovering from incidents.

Regulatory scrutiny, while not directly tied to these specific hacks in Australia, is always a backdrop. Continuous high-profile exploits globally might prompt further discussions among Australian regulators like ASIC and AUSTRAC regarding investor protection in the rapidly evolving digital asset space. This could eventually influence how Australian platforms operate or how certain assets are treated.

What to watch next

The ongoing recovery efforts and the full extent of financial restitution for KelpDAO victims will be a key indicator of the protocol's resilience and its community's commitment. Observing how decentralised autonomous organisations (DAOs) like Aave continue to support protocols in crisis can provide insights into the evolving landscape of DeFi governance and collective responsibility.

The broader trend of security incidents across the DeFi ecosystem, as evidenced by the $823.9 million in losses in 2026, requires close monitoring. Australian investors should pay attention to new security innovations, improved auditing standards, and insurance solutions emerging within the DeFi space. These developments could mitigate future risks and improve the overall safety of decentralised investments.

Regulators globally and in Australia will likely continue their dialogue on how to best protect investors in a decentralised, often borderless, environment. While ASIC and AUSTRAC focus on consumer protection and anti-money laundering, the prevalence of hacks might spur further discussions on industry best practices and self-regulatory measures from within the Australian crypto community.

Finally, observing the long-term price action and adoption of rsETH, now that withdrawals and operations have resumed, will be telling. A sustained recovery in its value and a return to normal user engagement would signal successful crisis management. Conversely, a continued struggle could indicate lasting damage to trust and a cautionary tale for other protocols and investors.

For Australian investors, staying informed on these developments, understanding the associated risks, and diversifying portfolios thoughtfully remain paramount in this dynamic environment. As always, consider consulting a financial professional for tailored advice, bearing in mind that the ATO's tax treatment of crypto assets continues to evolve.