Kelp DAO Suffers $292M Bridge Exploit in Under an Hour

April 19, 2026 CryptoExpert Uncategorized
Bybit
fiverr


Key Takeaways

  • A Saturday attack on Kelp DAO’s LayerZero bridge resulted in the theft of 116,500 rsETH tokens valued at approximately $292 million
  • The exploit manipulated LayerZero’s cross-chain messaging system to authorize fraudulent fund withdrawals
  • Approximately $250 million in stolen assets were swapped for ETH using an address funded through Tornado Cash
  • Nine or more DeFi protocols implemented emergency rsETH market freezes, including major platforms Aave, SparkLend, and Fluid
  • The incident represents 2026’s most significant DeFi security breach, exceeding April’s Drift Protocol compromise

On Saturday at 17:35 UTC, malicious actors successfully extracted 116,500 rsETH tokens from Kelp DAO’s LayerZero-integrated bridge infrastructure, absconding with cryptocurrency assets valued at approximately $292 million.

The compromised volume accounts for roughly 18% of rsETH’s entire circulating token supply, which totals 630,000 units based on CoinGecko analytics.

Kelp DAO operates as a liquid restaking platform that accepts ETH deposits, channels them through EigenLayer for enhanced yield generation, and distributes rsETH as transferable receipt tokens to depositors.

The perpetrators exploited vulnerabilities in LayerZero’s cross-chain communication infrastructure, deceiving the system into processing what appeared to be legitimate cross-network instructions. This manipulation prompted Kelp’s bridge contract to transfer substantial funds to wallets under attacker control.

Binance

Kelp’s emergency response team activated protocol pause mechanisms across core smart contracts at 18:21 UTC, exactly 46 minutes following the initial breach. Two subsequent withdrawal attempts targeting an additional 40,000 rsETH — approximately $100 million in value — were successfully prevented.

Blockchain forensics from security firm Cyvers revealed that stolen assets were routed through addresses previously funded via Tornado Cash. Roughly $250 million of the compromised rsETH had already undergone conversion to ETH at the time of analysis.

Widespread Impact Across DeFi Ecosystem

The compromised bridge contract served as the collateral reserve supporting wrapped rsETH deployments across over 20 blockchain networks, including Base, Arbitrum, Linea, Blast, and Scroll.

With reserve backing eliminated, rsETH holders on layer 2 platforms now confront significant questions regarding token collateralization and redemption capabilities.

Aave implemented immediate rsETH market suspensions across both V3 and V4 platforms within hours of breach detection. [[LINK_START_0]]Aave’s token[[LINK_END_0]] experienced approximately 10% depreciation as traders factored in potential bad debt exposure risks.

SparkLend and Fluid similarly enacted rsETH market freezes. Lido Finance suspended deposits to its earnETH product due to rsETH holdings while emphasizing that its primary staking infrastructure remained unaffected.

Ethena implemented precautionary LayerZero OFT bridge suspensions from Ethereum mainnet for approximately six hours, though the protocol confirmed zero rsETH exposure.

Kelp’s initial public statement arrived at 20:10 UTC — nearly three hours post-attack. The protocol confirmed active collaboration with LayerZero, Unichain, audit partners, and external security consultants.

2026’s Challenging DeFi Security Landscape

Cyvers CEO Deddy Lavid characterized the breach as demonstrating inherent vulnerabilities within DeFi’s interconnected composability architecture.

The Drift Protocol, operating on Solana, sustained approximately $285 million in losses on April 1 through an attack attributed to North Korean threat actors.

Additional protocols including CoW Swap, Zerion, Rhea Finance, and Silo Finance have experienced security compromises throughout recent weeks.

According to Cyvers data, combined cryptocurrency losses from exploits and fraudulent schemes reached approximately $482 million during Q1 2026.

The Kelp DAO incident now holds the position as 2026’s most substantial DeFi security breach, marginally exceeding the Drift Protocol compromise.

As of publication, Kelp has not provided technical details explaining how attackers circumvented the bridge’s validation architecture.

The post Kelp DAO Suffers $292M Bridge Exploit in Under an Hour appeared first on Blockonomi.

Source: https://blockonomi.com/kelp-dao-suffers-292m-bridge-exploit-in-under-an-hour/





Source link

Blockonomics

Be the first to comment

Leave a Reply

Your email address will not be published.


*