Cross-Chain Bridges Under Fire: $293 Million Vanishes in Kelp DAO Hack

Share

Cross-Chain Bridges Under Fire: $293 Million Vanishes in Kelp DAO Hack

On Saturday, April 18, 2026, an attacker drained 116,500 rsETH — roughly $293 million at the time of the exploit — from Kelp DAO’s LayerZero-powered bridge. The hack, executed at 17:35 UTC, marks the largest DeFi exploit recorded in 2026 so far, surpassing the $285 million stolen from Drift Protocol earlier in April on Solana. The incident triggered emergency freezes across Aave, SparkLend, Fluid, and Upshift, and raises fundamental questions about the security of cross-chain bridges that connect more than twenty blockchain networks.

Background

Kelp DAO is a liquid restaking protocol operating under the KernelDAO umbrella. It allows ETH holders to deposit their funds through EigenLayer to earn additional yield on top of standard Ethereum staking rewards, issuing rsETH as a tradeable receipt token. This rsETH token is deployed across over twenty networks, including Base, Arbitrum, Linea, Blast, Mantle, and Scroll, using LayerZero’s OFT (Omnichain Fungible Token) standard.

These multi-chain deployments mean that Kelp DAO’s bridge held rsETH reserves backing wrapped versions of the token on every layer 2 blockchain. A powerful architecture for interoperability — but one that concentrates considerable risk: when the bridge is compromised, the reserve backing the entire cross-chain token supply is suddenly at stake. If the bridge releases tokens without a corresponding burn on the origin chain, the mathematical invariant that guarantees the token’s backing collapses.

April 2026 had already been marked by an unprecedented wave of attacks. The Solana-based Drift Protocol had lost approximately $285 million on April 1 in an exploit later linked to North Korea-affiliated actors. At least a dozen other protocols had been breached in the following weeks, including CoW Swap, Zerion, Rhea Finance, and Silo Finance. Industry estimates put total DeFi losses for April 2026 alone above $600 million — a figure that has prompted observers to speak of a « security tax » that the market is beginning to price into its risk models.

Liquid restaking protocols, the segment Kelp DAO represents, experienced explosive growth throughout 2025 and early 2026. By depositing ETH via EigenLayer, users allow their funds to serve the security of the broader Ethereum ecosystem while earning standard ETH staking rewards plus a restaking bonus. In return, they receive rsETH which they can deploy in other DeFi protocols for additional yield. This ingenious mechanism creates a chain of dependencies where each link’s security rests on the integrity of all the others.

The Facts

The attacker exploited LayerZero’s cross-chain messaging layer to trick Kelp DAO’s bridge into believing a valid instruction had arrived from another network. This forged message triggered the release of 116,500 rsETH — roughly 18% of the token’s 630,000-coin circulating supply — to an attacker-controlled address.

According to Chainalysis’ technical analysis, two LayerZero-hosted RPC nodes were compromised, while a third node was simultaneously disabled by a distributed denial-of-service (DDoS) attack. This combination allowed the attacker to satisfy the bridge’s validation quorum without triggering standard alerts. Cyvers’ experts detailed the exploitation mechanism: the attacker was able to create unbacked rsETH and use it to borrow real assets like ETH, « exactly the kind of dynamic that makes this type of exploit blow up so fast, » they explained. The incident immediately became a cross-protocol contagion event, not merely a single protocol exploit.

Kelp DAO’s emergency pauser multisig froze core contracts 46 minutes after the initial drain, at 18:21 UTC. Two subsequent drain attempts at 18:26 and 18:28 UTC both reverted — each attempting to move an additional 40,000 rsETH, worth approximately $100 million. Kelp reported that it mitigated further damage by pausing affected smart contracts across Ethereum mainnet and L2s and blacklisting exploiter-linked wallets, preventing an additional attempt to drain the equivalent of roughly $95 million in rsETH.

The Arbitrum Security Council later froze 30,766 ETH of the attacker’s downstream funds on the Arbitrum blockchain, demonstrating that fast, coordinated governance and law enforcement action can recover ground that real-time monitoring failed to hold.

Kelp DAO published its first official statement on X at 20:10 UTC — nearly three hours after the initial drain — stating that the protocol was investigating the incident alongside LayerZero, Unichain, its auditors, and external security specialists. The protocol has yet to publicly explain how the exploit bypassed the bridge’s validation logic.

LayerZero officially attributed the attack to North Korea’s Lazarus Group and pointed to Kelp’s single-validator configuration. Kelp, however, challenged this narrative, arguing that the configuration was LayerZero’s own default setting, not reckless customization by the protocol. This blame game between protocol and infrastructure provider is likely to continue, especially as the stolen funds are already being mixed through Tornado Cash — significantly complicating recovery efforts.

Analysis

According to Ari Redbord, global head of policy and government affairs at TRM Labs, the incident has pushed bridge security to the top of the crypto industry’s agenda. « Cross-chain bridges are DeFi’s weakest link, » he said in analysis relayed by DL News. « In simple terms, the attacker sent a fake message that told the bridge money had arrived from another blockchain. When users move tokens across chains, the bridge locks the original tokens and creates matching ones on the new chain. The bridge was fooled into believing a fake message from another blockchain was real, so it released tokens it should never have released. »

Chainalysis echoed this assessment and recommended the implementation of continuous cross-chain invariant monitoring — a system that mathematically verifies that tokens released on a destination chain match tokens burned on the source chain. « Spotting this type of exploit requires cross-chain invariant monitoring — continuously verifying that tokens released on a destination chain mathematically match tokens burned on the source chain, » the company wrote. « The KelpDAO exploit is a textbook example of what happens when a cross-chain protocol’s off-chain infrastructure becomes the softest point in the stack. When quorum design gives an attacker a single node to compromise rather than a meaningful set, the entire security model collapses. »

The question of responsibility is now being contested on both sides. LayerZero publicly attributed the attack to Kelp’s single-validator setup. Kelp counters that this configuration was LayerZero’s own default recommendation, and that the real vulnerability lies in LayerZero’s infrastructure — particularly its reliance on a small number of nodes for validation quorum. This technical dispute has significant implications: if cross-chain infrastructure providers can be held liable for their clients’ security failures, the entire LayerZero model — and by extension that of other cross-chain messaging protocols like Hyperlane or Wormhole — could be called into question.

The attribution to North Korea’s Lazarus Group adds another layer of complexity. North Korean state-sponsored actors are known for their high level of sophistication in financial cyberattacks. Their involvement suggests a near-state-level capacity and potentially a link to funding activities for the Pyongyang regime. This geopolitical dimension adds urgency to the industry’s response, which must address not only technical vulnerabilities but also adversarial threats with quasi-governmental resources.

Market Reactions

The AAVE token fell approximately 10% in the hours following the exploit’s disclosure, as the market priced in potential bad debt. Aave was the most exposed protocol: its rsETH markets on V3 and V4 were frozen within hours of the attack. Founder Stani Kulechov confirmed that Aave’s own contracts were not compromised and that the exploit originated from an external factor.

SparkLend and Fluid likewise froze their rsETH markets as a precaution. Lido Finance suspended deposits into its earnETH product, which carries rsETH exposure, while clarifying that stETH and wstETH — Lido’s core staking tokens — were completely unaffected and that Lido’s core staking protocol was not involved in the incident.

Ethena, the issuer of the USDe stablecoin, temporarily suspended its LayerZero OFT bridges from Ethereum mainnet for approximately six hours as an additional safety measure. The platform stressed it held no rsETH exposure and remained overcollateralized at more than 101%.

Bybit, as the largest holder and supporter of Mantle, announced it would support Mantle’s proposal to contribute a loan facility to Aave’s coordinated relief effort. Assets were successfully transferred into an intermediary frozen wallet, rendering them inaccessible to the KelpDAO exploit-associated address and subject only to future movement through actions governed by Arbitrum governance in coordination with relevant stakeholders.

On Sunday, April 26, Aave announced it had raised nearly 80% of the $200 million needed to cover the bad debt left by the Kelp DAO exploit — a sign that the protocol had partially succeeded in containing the financial fallout of the incident, even if the final bill remains to be determined.

Outlook

The central question for rsETH holders deployed on non-Ethereum networks is now stark and urgent: are their tokens still backed by anything? With the bridge reserve drained, wrapped rsETH on layer 2s now face partially emptied underlying collateral. This creates a feedback loop where panic redemptions on L2s pressure unaffected Ethereum supply, potentially forcing Kelp to unwind restaking positions to honor withdrawals.

Several scenarios are possible in the medium term. In the best case, a portion of the funds frozen by the Arbitrum Security Council is returned, and Kelp finds a compensation mechanism for affected holders with help from the community and auditors. The protocol has already demonstrated its ability to act quickly, freezing contracts in under an hour. In the worst case, rsETH completely loses its peg, and confidence in liquid restaking tokens collapses, triggering contagion across the broader EigenLayer ecosystem and beyond.

For investors, the exploit is a stark reminder of the critical importance of understanding cross-chain custody architecture before deploying capital in DeFi. The high yields promised by liquid restaking — often significantly above standard Ethereum staking returns — embed a risk premium tied to the complexity of cross-chain bridges. That premium appears, in light of April 2026’s events, to be significantly underestimated by the market. The exponential growth of liquid restaking protocols in 2025 and early 2026 has not been matched by a proportional maturation of security standards.

In the longer term, the Kelp DAO incident could accelerate the emergence of security standards for cross-chain bridges, similar to how the 2022 Ronin bridge hack spurred reforms in gaming blockchain bridges. The question of legal liability between protocols and infrastructure providers — in this case LayerZero — remains entirely open and will need to be resolved either through regulatory channels or through case law precedents. The debate is all the more urgent as the volume of funds crossing cross-chain bridges continues to grow with no signs of slowing down.

Inaction is no longer an option for the ecosystem. Each major attack erodes trust among both retail and institutional users in DeFi, and losses of several hundred million dollars over the span of a few weeks are beginning to weigh on the sector’s overall perception. The « security tax » that some market observers speak of is unlikely to disappear as long as cross-chain infrastructure remains the weakest link in the chain.

Sources

Lire la Suite

Articles