A roughly $292 million exploit over the weekend has rattled the crypto industry, exposing vulnerabilities in decentralized finance (DeFi) infrastructure and raising concerns about knock-on effects across lending protocols. While investigations are still ongoing, early analysis suggests the attack centered on Kelp’s rsETH token — a yield-bearing version of ether (ETH) — and the mechanism used to move assets between blockchains. The attacker appears to have manipulated that system to create large amounts of tokens without proper backing, then quickly used them as collateral to borrow and drain real assets from lending markets, mostly from Aave AAVE$91.96, the largest decentralized crypto lender. The incident is the latest blow to DeFi, happening only a couple weeks after the $285 million exploit of Solana-based protocol Drift, further denting investor trust in the nearly $90 billion crypto sector. At a high level, the exploit targeted a LayerZero bridge component — a piece of infrastructure that enables assets to move across different blockchains, Charles Guillemet, CTO of hardware wallet maker Ledger, told CoinDesk in a note. Bridges typically work by locking assets on one chain and minting equivalent tokens on another. That process depends on a trusted entity — often called an oracle or validator — to confirm deposits. In this case, Kelp effectively acted as that verifier. According to Guillemet, the system relied on a single-signer setup, meaning just one entity could approve any transactions. "It seems the attacker was able to sign a message … allowing him to mint large amount of rsETH," he said. He added that it remains unclear how that access was obtained.