Crypto News

Kelp DAO Loses $292 Million in 2026’s Largest DeFi Hack via LayerZero Bridge Exploit

By Telemac

Share

Kelp DAO Loses $292 Million in 2026’s Largest DeFi Hack via LayerZero Bridge Exploit

On Saturday, April 19, 2026, an attacker drained 116,500 rsETH — approximately $292 million — from Kelp DAO’s cross-chain bridge powered by LayerZero. The sum represents nearly 18% of rsETH’s total circulating supply, estimated at 630,000 tokens by CoinGecko. The incident, which occurred at 17:35 UTC, marks the largest DeFi hack of 2026 so far, surpassing the $285 million Drift Protocol exploit earlier in April by a few million dollars. Within hours, virtually the entire DeFi ecosystem triggered emergency response mechanisms, once again illustrating the systemic fragility of liquid restaking protocols when used as collateral across multiple blockchain networks.

Context

Kelp DAO is a liquid restaking protocol developed under the KernelDAO umbrella. Its mechanism relies on EigenLayer: users deposit ETH, which is then routed through Ethereum’s restaking protocol to generate additional yield beyond standard staking rewards. In return, Kelp issues the rsETH token, a tradeable receipt for ETH staked through EigenLayer. The token gained rapid adoption thanks to its deployment on over twenty blockchain networks, including Base, Arbitrum, Linea, Blast, Mantle, and Scroll.

Kelp’s cross-chain architecture uses LayerZero’s OFT (Omnichain Fungible Token) standard. This model enables token transfers between blockchains with a 1:1 reserve system maintained on Ethereum. When a user transfers rsETH to an L2 blockchain, the process involves locking on the Ethereum mainnet followed by minting on the target network. The reverse path — from L2 to mainnet — works via burning on L2 and unlocking on Ethereum. The entire mechanism relies on LayerZero’s messaging layer to verify and execute cross-chain instructions. It was precisely this verification layer that the attacker circumvented.

The Facts

The attack began on April 19 at 17:35 UTC. The attacker exploited the lzReceive method of the LayerZero EndpointV2 contract to forge a fraudulent inter-chain message. Specifically, they bypassed LayerZero’s verification logic, causing the OFTAdapter contract on Ethereum to release 116,500 rsETH to an attacker-controlled address, with no corresponding destruction record on the source chain. This is precisely what is called a break in omnichain supply conservation: there was no debit on the source side, yet a credit occurred on the destination side.

On-chain data shows the attacker’s wallet had been funded through Tornado Cash’s 1 ETH pool approximately ten hours before the exploit — a classic method for obfuscating the origin of funds. The stolen amount — $292 million — represents 18% of rsETH’s circulating supply, a significant percentage that immediately raised questions about the real value of rsETH tokens deployed on other networks.

Forty-six minutes after the drain, at 18:21 UTC, Kelp DAO’s security multisig executed the pauseAll function, freezing the protocol’s core contracts: the LRT Deposit Pool, the Withdrawal contract, the LRT Oracle, and the rsETH tokens themselves. Two follow-up drain attempts, each targeting an additional 40,000 rsETH — approximately $100 million — were recorded at 18:26 UTC and 18:28 UTC. Both attacks failed thanks to the contract suspension. Without this rapid intervention, the total loss could have approached $391 million.

The exploited vulnerability was not unknown. In January 2025, fifteen months before the incident, a development team had warned Kelp DAO on the Aave governance forum that the protocol should move to a multi-signature DVN (Decentralized Verifier Networks) configuration rather than 1/1 — the weakest security level permitted by LayerZero. This recommendation was never implemented, leaving the protocol exposed to a single point of failure attack.

Analysis

The structure of the hack goes far beyond simple token theft. Once the rsETH was stolen, the attacker immediately used the funds as collateral across multiple DeFi lending protocols. On Aave V3 and V4 alone, approximately $196 million was borrowed in WETH and ETH. Total debt positions created exceed $236 million across Aave, Compound V3, and Euler combined.

The structural problem that results is as follows: the collateral for these loans — the stolen rsETH — no longer has any underlying reserve on the Ethereum mainnet. The Aave protocol cannot proceed with a standard liquidation, because the liquidation mechanism relies on collateral that has lost all real value. It is therefore the WETH and ETH suppliers from Aave’s lending pool who directly absorb the bad debts. This is a scenario where the trust assumption built into the system turns against the lending protocol users who relied on the collateralization logic.

The Aave team initially stated it would use the Umbrella safety reserve to offset any deficit, before revising its position on X to say it would « explore paths to offset the deficit. » This nuance is significant: the coverage intent is now presented as an option rather than a certainty. Aave lending pool users thus find themselves with uncertain exposure to the bad debts left by the attacker.

Kelp DAO’s choice to opt for a rapid multi-chain OFT deployment rather than slower but more secure native minting illustrates a structural tension in the LRT ecosystem. Speed brought market share, but it also created increased systemic risks from the combination of multiple restaking layers, cross-chain bridges, and lending products. This priority given to speed over security is a recurring pattern in the crypto ecosystem that continues to produce costly incidents.

Market Reactions

On-chain reactions spread throughout the entire DeFi ecosystem within hours. Aave froze rsETH markets on V3 and V4 as soon as the incident was confirmed, founder Stani Kulechov specifying that the exploit came from an external protocol and that Aave’s contracts were not compromised. SparkLend and Fluid also froze their rsETH markets. Upshift suspended deposits and withdrawals from its High Growth ETH and Kelp Gain vaults.

Lido Finance suspended new deposits into its earnETH product, which exposes users to rsETH, while clarifying that stETH and wstETH — Lido’s core products — were unaffected and that Lido’s core staking protocol was not involved in the incident. Ethena, for its part, suspended its LayerZero OFT bridge from Ethereum mainnet as a precaution for approximately six hours, stating it had no rsETH exposure and remained overcollateralized at more than 101%.

On the price side, AAVE fell approximately 10% in the hours following the incident as the market priced in bad debt risk. ZRO retreated 20% and KERNEL fell 11% over the following twenty-four hours, according to Bitget market data. The rsETH token itself faces massive redemption pressure as L2 holders attempt to convert their tokens before the main reserve is definitively depleted. At least nine protocols in total triggered emergency responses related to this incident.

Outlook

The central question for rsETH holders deployed on networks other than Ethereum is now straightforward: do their tokens still have underlying value? With the main OFTAdapter reserve emptied, all withdrawal orders from L2s become claims on a protocol that no longer has the necessary ETH to honor them. This can create a negative feedback loop where panic redemptions on L2s put additional pressure on unaffected Ethereum supply, potentially forcing Kelp to unwind restaking positions to honor withdrawals.

In the medium term, this incident should accelerate a reassessment of the use of LRT assets as collateral on lending protocols. Several protocols have already suspended their rsETH markets in emergency, but the underlying problem persists: liquid restaking tokens carry multiple trust assumptions — EigenLayer, LayerZero’s DVN validator, the bridge itself — that stack on top of each other. When the base Adapter reserve is depleted, the entire chain becomes unbalanced.

On-chain data reveals the attacker has already consolidated approximately 74,000 ETH into a single address, with some $250 million converted to native ETH. The balance is spread across six wallets identified by ZachXBT, distributed between Ethereum and Arbitrum. Tracking via Tornado Cash makes future attribution likely, but fund recovery remains uncertain. The fact that the wallet was funded through Tornado Cash — a sanctioned mixing protocol — suggests clear criminal intent and potentially links to state-affiliated actors.

This incident follows an already tense period for decentralized finance. During the first four months of 2026, DeFi hacks caused cumulative losses approaching $1 billion, including the $285 million Drift Protocol hack on April 1, later attributed to North Korea-affiliated actors. The lack of significant improvement in cross-chain bridge security after repeated similar incidents remains a major concern for the entire ecosystem. The Kelp DAO hack illustrates in an emblematic way the persistent flaws in liquid restaking protocol architecture and their interdependence with inter-chain bridges. These protocols’ reserves, supposed to be the cornerstone of user trust, proved vulnerable to an attack targeting the messaging layer rather than the contracts themselves.

The ecosystem’s reaction, while rapid, does not solve the underlying problem. At least nine protocols triggered emergency measures, but the question of fund recovery remains entirely open. The attacker has already consolidated a significant portion of their haul, and tracing possibilities diminish as funds pass through mixing services. US authorities — the FBI and NSA — had already launched investigations into North Korea-affiliated groups involved in the Drift Protocol hack, and these same teams would likely take interest in the present incident. Historical precedents show that recovering stolen funds, even when authors are identified, remains a long and uncertain process.

For the future, the main lessons from this incident are threefold. First: cross-chain bridge security configurations must be raised to a minimum threshold of 3 DVNs instead of 1, as informed voices had been demanding for months. Second: liquid restaking assets should not be whitelisted as collateral on lending protocols without thorough risk analysis of concentration and cascade effects. Third: DeFi protocol governance must react faster to security alerts reported on public forums, lest ignored recommendations turn into real losses.

Sources

Telemac
Telemachttp://cryptoinfo.ch

Contenu [hide]

Lire la Suite

Articles