Close Menu
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Facebook X (Twitter) Instagram
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Cryphedge.com
Home » The $292 Million Drain: Inside the Kelp DAO Bridge Exploit
The 2 Million Drain: Inside the Kelp DAO Bridge Exploit

The $292 Million Drain: Inside the Kelp DAO Bridge Exploit

April 23, 20267 Mins ReadNo Comments NFT News
Share
Facebook Twitter LinkedIn Pinterest Email

A forged message. Forty-six minutes of open exposure. And the single largest DeFi exploit of 2026 — a chain reaction that is still settling across lending platforms, Layer 2 networks, and the wallets of thousands of users.

$292M stolen · 116,500 rsETH drained · 20+ chains affected

What Happened — And When

The attack was surgical. It did not smash through encryption or crack private keys. The attacker simply told Kelp DAO’s bridge a lie — and the bridge believed it.

To understand why, a brief primer is necessary. Kelp DAO is a liquid restaking protocol: users deposit ETH, which is routed through EigenLayer to earn stacking yield, and in return they receive rsETH — a tradeable receipt token. To make rsETH usable on blockchains beyond Ethereum, Kelp deployed a bridge powered by LayerZero, a cross-chain messaging layer. That bridge held the rsETH reserves backing wrapped versions of the token deployed across more than 20 other blockchains. It became the single point of failure.

The 2 Million Drain: Inside the Kelp DAO Bridge Exploit

The $292 Million Drain

Timeline of the Exploit

Saturday · 17:35 UTC An attacker submits a forged LayerZero cross-chain message to Kelp’s bridge on Ethereum. The message claims a valid transfer originated from another network. No tokens were actually locked on the sending chain. The bridge’s validation logic accepts the message and releases 116,500 rsETH — worth approximately $292 million at current prices — to an attacker-controlled address. This represents roughly 18% of rsETH’s entire circulating supply of 630,000 tokens.

Saturday · 18:21 UTC — 46 minutes later Kelp DAO’s emergency pauser multisig freezes the protocol’s core contracts. The window of vulnerability closes, but the funds are already gone.

Kelp DAO on X — official statementKelp DAO on X — official statement

Kelp DAO on X — official statement

Saturday · 18:26 UTC and 18:28 UTC Two follow-up drain attempts, each carrying the same LayerZero packet and targeting another ~40,000 rsETH (~$100 million), both revert. The paused contracts hold.

Saturday — hours after the drain Instead of dumping rsETH on open markets — which would crater the price — the attacker deposits 89,567 rsETH as collateral on Aave and borrows approximately $190 million in ETH and related assets across Ethereum and Arbitrum. The borrowed assets are liquid. The collateral is not.

Saturday — same day Aave Labs responds: rsETH markets are frozen across all Aave deployments, loan-to-value ratios are set to zero, and new borrowing against rsETH is halted. The action limits further exposure but cannot unwind existing positions.

Tuesday · April 20 — 23:26 ET Arbitrum’s Security Council executes an emergency freeze of 30,766 ETH (~$71 million) linked to the exploit on Arbitrum One. The funds are transferred to a locked intermediary wallet accessible only through further Arbitrum governance action. The council states it acted on law enforcement input regarding the exploiter’s identity.

Arbitrum Security Council freeze announcement on XArbitrum Security Council freeze announcement on X

Arbitrum Security Council freeze announcement on X

Tuesday · April 20 — same day On-chain investigators ZachXBT and Arkham Intelligence document the laundering begins: two transfers of $117 million and $58 million move through Ethereum. Approximately $1.5 million is bridged to Bitcoin via Thorchain; a further ~$78,000 is routed through privacy protocol Umbra.

How the Exploit Actually Worked

The root mechanism is not exotic. Bridges that connect blockchains face a fundamental challenge: one chain cannot natively verify what happened on another. Instead of doing that verification itself — which is computationally prohibitive — Kelp’s bridge outsourced it to LayerZero’s messaging layer, which relies on a network of operators to attest that a cross-chain instruction is legitimate.

Kelp had configured LayerZero using a 1-of-1 DVN (Decentralized Verifier Network) setup — meaning a single verifier node needed to confirm a message as valid. The attacker manipulated the data feeding into that system, causing it to certify a fabricated instruction. The bridge then did exactly what it was designed to do: it honored the message.

“The bridge worked as designed. It just believed the wrong information.” — Ben Fisch, CEO, Espresso Systems

Kelp subsequently stated that the 1-of-1 DVN configuration had been shipped as a default setting by LayerZero — a claim that sparked a public dispute over responsibility. LayerZero has not publicly confirmed this characterization. Neither protocol bears clean hands: the misconfiguration sat undetected until it cost nearly $300 million.

On-chain analysis of Kelp Dao Hacker's cryptocurrency holdings by Arkham (Source: Arkham)On-chain analysis of Kelp Dao Hacker's cryptocurrency holdings by Arkham (Source: Arkham)

On-chain analysis of Kelp Dao Hacker’s cryptocurrency holdings by Arkham (Source: Arkham)

The Aave Problem: Borrowed Time on Bad Collateral

The most consequential second-order effect of the exploit is the exposure it created for Aave, DeFi’s largest lending protocol. By using stolen, effectively unbacked rsETH as collateral to borrow real ETH, the attacker created a bad-debt time bomb inside Aave’s balance sheet.

A joint report by Aave Labs and risk service provider LlamaRisk outlines two scenarios depending on how Kelp chooses to distribute its losses:

Scenario A — Socialized losses: Losses spread across all rsETH holders; token depegs ~15%. Estimated bad debt for Aave: ~$124 million.

Scenario B — Isolated to L2: Losses confined to Arbitrum and Mantle; mainnet rsETH unaffected. Estimated bad debt for Aave: ~$230 million.

Aave’s DAO treasury holds approximately $181 million in assets — meaning even the more favorable scenario could consume the majority of its reserves. As users processed this exposure, roughly $6 billion in total value locked (TVL) exited Aave in the days following the exploit. A Polymarket prediction market, as of April 22, puts only a 14% probability on Kelp choosing to socialize losses — the precedent most favorable to Aave.

The 2016 Bitfinex hack is the most-cited precedent: after a $60 million theft, Bitfinex distributed losses proportionally across all users rather than shuttering the exchange. That approach was deeply controversial then. Whether Kelp follows it remains unresolved.

rsETH circulating supply (Source: Coingecko)rsETH circulating supply (Source: Coingecko)

rsETH circulating supply (Source: Coingecko)

The Structural Problem Bridges Haven’t Solved

Bridge exploits have now drained billions of dollars from DeFi across multiple years and multiple protocols. Ronin Network ($625M, 2022), Wormhole ($320M, 2022), Nomad ($190M, 2022). Kelp DAO 2026 now sits at the top of that list. Each incident has its own technical specifics. Experts say the underlying cause is consistent.

“As long as we rely on validator-based bridges, these problems will continue.” — Sergej Kunz, co-founder, 1inch

The problem is one of trust minimization. Bridges that move assets between blockchains must rely on external parties to attest to events on chains they cannot natively read. The smaller and less decentralized that attestation layer, the smaller the attack surface needs to be. A 1-of-1 verification configuration, as used here, effectively reduces that surface to a single point of failure.

Proposed solutions include hardware-protected verification environments, cryptographic proof systems that allow one chain to verify another’s state without trusting intermediaries, and diversity requirements for verifier networks — so that compromising a single node cannot forge a valid message. None of these are universally deployed. Building them takes time DeFi teams frequently say they don’t have.

The Laundering Clock

While Arbitrum’s freeze of $71 million represents an unusual and significant intervention — coordinated with law enforcement and executed without disrupting other chain activity — approximately $221 million in exploited funds remains outside any controlled wallet as of this writing. The laundering activity documented on-chain follows what analysts call the “layering” phase: funds are moved through multiple hops, chains, and privacy tools to obscure their origin before eventual conversion.

Arbitrum’s Security Council stated it acted on law enforcement input about the exploiter’s identity but has not publicly named any individual or group. Attribution claims circulating in the industry have not been confirmed by any law enforcement agency. The funds are moving. The investigation is ongoing.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
cryphedge

Related Posts

Tom Lee’s BitMine Adds $43 Million in Ethereum as Strategy Pauses Bitcoin Purchases

June 30, 2026

Binance Will List Re (RE): Everything You Need to Know About the New RWA Token

June 30, 2026

CZ Wants to Make the U.S. the ‘Capital of Crypto’

June 29, 2026

SharpLink Purchases 39,196 ETH Worth $62.4 Million After Eight-Month Pause

June 29, 2026
Add A Comment

Comments are closed.

Editors Picks

Google Gemini AI Predicts Jaw-Dropping Sandisk Stock Price by End of 2026

June 30, 2026

Tom Lee’s BitMine Adds $43 Million in Ethereum as Strategy Pauses Bitcoin Purchases

June 30, 2026

July Bounce, Brutal August, Then the Final Low Near $39,000

June 30, 2026

Binance Will List Re (RE): Everything You Need to Know About the New RWA Token

June 30, 2026
About

cryphedge is an online news portal that aims to share the latest crypto news, bitcoin, altcoin, blockchain, nft news, regulation, trading, crypto scams and much more stuff.

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

How 33% CashRake Is Redefining Top Online Gambling Benchmarks Over FanDuel & Caesars

February 8, 2026

Elliptic Flags Network of Russian Crypto Platforms Bypassing Sanctions

February 22, 2026

Bitcoin tumbles as whale investor shifts billions to Ethereum

August 25, 2025
Subscribe
Please enable JavaScript in your browser to complete this form.
Loading
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • DMCA

Type above and press Enter to search. Press Esc to cancel.

  • bitcoinBitcoin(BTC)$58,768.00-1.70%
  • ethereumEthereum(ETH)$1,577.20-0.86%
  • tetherTether(USDT)$1.00-0.01%
  • binancecoinBNB(BNB)$547.88-1.21%
  • usd-coinUSDC(USDC)$1.000.00%
  • rippleXRP(XRP)$1.04-0.82%
  • solanaSolana(SOL)$73.95-0.39%
  • tronTRON(TRX)$0.314487-1.43%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.01-2.94%
  • HyperliquidHyperliquid(HYPE)$64.18-2.76%
  • dogecoinDogecoin(DOGE)$0.071709-0.97%
  • RainRain(RAIN)$0.015777-0.98%
  • USDSUSDS(USDS)$1.00-0.01%
  • leo-tokenLEO Token(LEO)$9.26-3.02%
  • zcashZcash(ZEC)$398.260.03%
  • stellarStellar(XLM)$0.19581711.85%
  • WhiteBIT CoinWhiteBIT Coin(WBT)$54.1113.94%
  • moneroMonero(XMR)$306.08-2.07%
  • CantonCanton(CC)$0.140742-2.39%
  • cardanoCardano(ADA)$0.1447380.54%
  • chainlinkChainlink(LINK)$7.21-1.25%
  • USD1USD1(USD1)$1.000.02%
  • daiDai(DAI)$1.00-0.02%
  • Ethena USDeEthena USDe(USDE)$1.00-0.03%
  • LABLAB(LAB)$13.43-6.66%
  • Gram (prev. Toncoin)Gram (prev. Toncoin)(GRAM)$1.52-4.74%
  • bitcoin-cashBitcoin Cash(BCH)$200.550.94%
  • litecoinLitecoin(LTC)$42.06-1.26%
  • Circle USYCCircle USYC(USYC)$1.13-0.06%
  • hedera-hashgraphHedera(HBAR)$0.069615-1.97%
  • Global DollarGlobal Dollar(USDG)$1.000.00%
  • avalanche-2Avalanche(AVAX)$6.56-1.09%
  • suiSui(SUI)$0.69-0.29%
  • PayPal USDPayPal USD(PYUSD)$1.00-0.02%
  • shiba-inuShiba Inu(SHIB)$0.000004-0.69%
  • crypto-com-chainCronos(CRO)$0.053682-0.49%
  • tether-goldTether Gold(XAUT)$3,970.610.30%
  • nearNEAR Protocol(NEAR)$1.77-3.16%
  • BlackRock USD Institutional Digital Liquidity FundBlackRock USD Institutional Digital Liquidity Fund(BUIDL)$1.000.00%
  • Ondo US Dollar YieldOndo US Dollar Yield(USDY)$1.13-0.19%
  • BittensorBittensor(TAO)$200.70-2.08%
  • World Liberty FinancialWorld Liberty Financial(WLFI)$0.058479-1.84%
  • pax-goldPAX Gold(PAXG)$3,972.460.30%
  • uniswapUniswap(UNI)$2.80-2.56%
  • AsterAster(ASTER)$0.630.63%
  • okbOKB(OKB)$78.82-1.15%
  • OndoOndo(ONDO)$0.309124-0.96%
  • HTX DAOHTX DAO(HTX)$0.000002-3.25%
  • WorldcoinWorldcoin(WLD)$0.405938-0.91%
  • Falcon USDFalcon USD(USDF)$1.000.05%
  • Ripple USDRipple USD(RLUSD)$1.000.01%
  • polkadotPolkadot(DOT)$0.820.82%
  • usddUSDD(USDD)$1.00-0.02%
  • mantleMantle(MNT)$0.407764-4.68%
  • BFUSDBFUSD(BFUSD)$1.00-0.02%
  • aaveAave(AAVE)$86.08-5.23%
  • Pi NetworkPi Network(PI)$0.114480-0.93%
  • MorphoMorpho(MORPHO)$1.910.97%
  • SkySky(SKY)$0.052375-0.16%
  • internet-computerInternet Computer(ICP)$2.10-3.17%
  • bitget-tokenBitget Token(BGB)$1.58-2.50%
  • DeXeDeXe(DEXE)$23.211.23%
  • ethereum-classicEthereum Classic(ETC)$6.87-2.35%
  • United StablesUnited Stables(U)$1.00-0.01%
  • MemeCoreMemeCore(M)$0.7521.97%
  • PepePepe(PEPE)$0.000002-0.46%
  • Blockchain CapitalBlockchain Capital(BCAP)$106.970.00%
  • quant-networkQuant(QNT)$64.94-0.76%
  • ​​Stable​​Stable(STABLE)$0.0387910.10%
  • kucoin-sharesKuCoin(KCS)$6.71-3.09%
  • Spiko EU T-Bills Money Market FundSpiko EU T-Bills Money Market Fund(EUTBL)$1.200.00%
  • AudieraAudiera(BEAT)$2.974.63%
  • Janus Henderson Anemoy Treasury FundJanus Henderson Anemoy Treasury Fund(JTRSY)$1.110.01%
  • Invesco Short Duration US Government Securities FundInvesco Short Duration US Government Securities Fund(USTB)$11.130.03%
  • USDGOUSDGO(USDGO)$1.00-0.01%
  • kaspaKaspa(KAS)$0.029947-2.07%
  • cosmosCosmos Hub(ATOM)$1.51-0.26%
  • render-tokenRender(RENDER)$1.50-3.71%
  • justJUST(JST)$0.0875220.30%
  • algorandAlgorand(ALGO)$0.082597-3.02%
  • USDtbUSDtb(USDTB)$1.00-0.02%
  • POL (ex-MATIC)POL (ex-MATIC)(POL)$0.068823-1.32%
  • nexoNEXO(NEXO)$0.72-0.89%
  • JupiterJupiter(JUP)$0.210374-0.16%
  • ADIADI(ADI)$5.51-0.65%
  • gatechain-tokenGate(GT)$6.46-1.68%
  • Janus Henderson Anemoy AAA CLO FundJanus Henderson Anemoy AAA CLO Fund(JAAA)$1.040.02%
  • VelvetVelvet(VELVET)$1.590.48%
  • EthenaEthena(ENA)$0.071564-7.93%
  • BeldexBeldex(BDX)$0.084488-5.94%
  • Spiko Amundi Overnight Swap Fund (EUR)Spiko Amundi Overnight Swap Fund (EUR)(EURSAFO)$1.150.00%
  • 币安人生 (BinanceLife)币安人生 (BinanceLife)(币安人生)$0.62-7.28%
  • GHOGHO(GHO)$1.00-0.02%
  • Venice TokenVenice Token(VVV)$12.35-4.38%
  • filecoinFilecoin(FIL)$0.72-0.90%
  • Pump.funPump.fun(PUMP)$0.001385-6.34%
  • YLDSYLDS(YLDS)$1.00-0.01%
  • FlareFlare(FLR)$0.006414-1.58%
  • Usual USDUsual USD(USD0)$1.00-0.02%
  • xdce-crowd-saleXDC Network(XDC)$0.027592-1.76%