A forged message. Forty-six minutes of open exposure. And the single largest DeFi exploit of 2026 — a chain reaction that is still settling across lending platforms, Layer 2 networks, and the wallets of thousands of users.
$292M stolen · 116,500 rsETH drained · 20+ chains affected
What Happened — And When
The attack was surgical. It did not smash through encryption or crack private keys. The attacker simply told Kelp DAO’s bridge a lie — and the bridge believed it.
To understand why, a brief primer is necessary. Kelp DAO is a liquid restaking protocol: users deposit ETH, which is routed through EigenLayer to earn stacking yield, and in return they receive rsETH — a tradeable receipt token. To make rsETH usable on blockchains beyond Ethereum, Kelp deployed a bridge powered by LayerZero, a cross-chain messaging layer. That bridge held the rsETH reserves backing wrapped versions of the token deployed across more than 20 other blockchains. It became the single point of failure.
The $292 Million Drain
Timeline of the Exploit
Saturday · 17:35 UTC An attacker submits a forged LayerZero cross-chain message to Kelp’s bridge on Ethereum. The message claims a valid transfer originated from another network. No tokens were actually locked on the sending chain. The bridge’s validation logic accepts the message and releases 116,500 rsETH — worth approximately $292 million at current prices — to an attacker-controlled address. This represents roughly 18% of rsETH’s entire circulating supply of 630,000 tokens.
Saturday · 18:21 UTC — 46 minutes later Kelp DAO’s emergency pauser multisig freezes the protocol’s core contracts. The window of vulnerability closes, but the funds are already gone.
Kelp DAO on X — official statement
Saturday · 18:26 UTC and 18:28 UTC Two follow-up drain attempts, each carrying the same LayerZero packet and targeting another ~40,000 rsETH (~$100 million), both revert. The paused contracts hold.
Saturday — hours after the drain Instead of dumping rsETH on open markets — which would crater the price — the attacker deposits 89,567 rsETH as collateral on Aave and borrows approximately $190 million in ETH and related assets across Ethereum and Arbitrum. The borrowed assets are liquid. The collateral is not.
Saturday — same day Aave Labs responds: rsETH markets are frozen across all Aave deployments, loan-to-value ratios are set to zero, and new borrowing against rsETH is halted. The action limits further exposure but cannot unwind existing positions.
Tuesday · April 20 — 23:26 ET Arbitrum’s Security Council executes an emergency freeze of 30,766 ETH (~$71 million) linked to the exploit on Arbitrum One. The funds are transferred to a locked intermediary wallet accessible only through further Arbitrum governance action. The council states it acted on law enforcement input regarding the exploiter’s identity.
Arbitrum Security Council freeze announcement on X
Tuesday · April 20 — same day On-chain investigators ZachXBT and Arkham Intelligence document the laundering begins: two transfers of $117 million and $58 million move through Ethereum. Approximately $1.5 million is bridged to Bitcoin via Thorchain; a further ~$78,000 is routed through privacy protocol Umbra.
How the Exploit Actually Worked
The root mechanism is not exotic. Bridges that connect blockchains face a fundamental challenge: one chain cannot natively verify what happened on another. Instead of doing that verification itself — which is computationally prohibitive — Kelp’s bridge outsourced it to LayerZero’s messaging layer, which relies on a network of operators to attest that a cross-chain instruction is legitimate.
Kelp had configured LayerZero using a 1-of-1 DVN (Decentralized Verifier Network) setup — meaning a single verifier node needed to confirm a message as valid. The attacker manipulated the data feeding into that system, causing it to certify a fabricated instruction. The bridge then did exactly what it was designed to do: it honored the message.
“The bridge worked as designed. It just believed the wrong information.” — Ben Fisch, CEO, Espresso Systems
Kelp subsequently stated that the 1-of-1 DVN configuration had been shipped as a default setting by LayerZero — a claim that sparked a public dispute over responsibility. LayerZero has not publicly confirmed this characterization. Neither protocol bears clean hands: the misconfiguration sat undetected until it cost nearly $300 million.
On-chain analysis of Kelp Dao Hacker’s cryptocurrency holdings by Arkham (Source: Arkham)
The Aave Problem: Borrowed Time on Bad Collateral
The most consequential second-order effect of the exploit is the exposure it created for Aave, DeFi’s largest lending protocol. By using stolen, effectively unbacked rsETH as collateral to borrow real ETH, the attacker created a bad-debt time bomb inside Aave’s balance sheet.
A joint report by Aave Labs and risk service provider LlamaRisk outlines two scenarios depending on how Kelp chooses to distribute its losses:
Scenario A — Socialized losses: Losses spread across all rsETH holders; token depegs ~15%. Estimated bad debt for Aave: ~$124 million.
Scenario B — Isolated to L2: Losses confined to Arbitrum and Mantle; mainnet rsETH unaffected. Estimated bad debt for Aave: ~$230 million.
Aave’s DAO treasury holds approximately $181 million in assets — meaning even the more favorable scenario could consume the majority of its reserves. As users processed this exposure, roughly $6 billion in total value locked (TVL) exited Aave in the days following the exploit. A Polymarket prediction market, as of April 22, puts only a 14% probability on Kelp choosing to socialize losses — the precedent most favorable to Aave.
The 2016 Bitfinex hack is the most-cited precedent: after a $60 million theft, Bitfinex distributed losses proportionally across all users rather than shuttering the exchange. That approach was deeply controversial then. Whether Kelp follows it remains unresolved.
rsETH circulating supply (Source: Coingecko)
The Structural Problem Bridges Haven’t Solved
Bridge exploits have now drained billions of dollars from DeFi across multiple years and multiple protocols. Ronin Network ($625M, 2022), Wormhole ($320M, 2022), Nomad ($190M, 2022). Kelp DAO 2026 now sits at the top of that list. Each incident has its own technical specifics. Experts say the underlying cause is consistent.
“As long as we rely on validator-based bridges, these problems will continue.” — Sergej Kunz, co-founder, 1inch
The problem is one of trust minimization. Bridges that move assets between blockchains must rely on external parties to attest to events on chains they cannot natively read. The smaller and less decentralized that attestation layer, the smaller the attack surface needs to be. A 1-of-1 verification configuration, as used here, effectively reduces that surface to a single point of failure.
Proposed solutions include hardware-protected verification environments, cryptographic proof systems that allow one chain to verify another’s state without trusting intermediaries, and diversity requirements for verifier networks — so that compromising a single node cannot forge a valid message. None of these are universally deployed. Building them takes time DeFi teams frequently say they don’t have.
The Laundering Clock
While Arbitrum’s freeze of $71 million represents an unusual and significant intervention — coordinated with law enforcement and executed without disrupting other chain activity — approximately $221 million in exploited funds remains outside any controlled wallet as of this writing. The laundering activity documented on-chain follows what analysts call the “layering” phase: funds are moved through multiple hops, chains, and privacy tools to obscure their origin before eventual conversion.
Arbitrum’s Security Council stated it acted on law enforcement input about the exploiter’s identity but has not publicly named any individual or group. Attribution claims circulating in the industry have not been confirmed by any law enforcement agency. The funds are moving. The investigation is ongoing.
