Home › Case study › KelpDAO bridge exploit

The $292M KelpDAO Bridge Exploit

On April 18, 2026, an attacker linked to North Korea's Lazarus Group minted 116,500 rsETH out of thin air by compromising a single-verifier LayerZero bridge. The fallout: emergency freezes across Aave, SparkLend, Fluid, Lido and Ethena, $200M+ in projected bad debt, and a still-unresolved fight between Kelp and LayerZero over who is responsible.

Post-mortem 10 min read Updated April 2026

The short version

KelpDAO's rsETH (a liquid restaking token built on EigenLayer) was bridged across 20+ chains using LayerZero. The verification was configured as a 1-of-1 DVN — a single decentralised verifier network deciding whether cross-chain messages were valid. Attackers compromised that single verifier's RPC infrastructure, forged a fake "burn" message on a source chain, and tricked the bridge into minting 116,500 fresh rsETH on Ethereum without any real lock-up. They then borrowed WETH against it on Aave V3 and V4 before defenders could pause markets. The economic damage to Aave, isolated lending markets, and other LRT issuers is still being recovered.

$292M
Stolen at peg
116,500
rsETH minted unbacked
~18%
Of rsETH circulating supply
20+
Chains affected
$230M
Worst-case Aave bad debt
~5
Hours to peg recovery start

What happened

KelpDAO is a liquid restaking protocol on EigenLayer. Users deposit ETH or LSTs and receive rsETH as a tradeable receipt. To make rsETH usable across the EVM ecosystem, KelpDAO contracted with LayerZero to bridge the token to 20+ networks — Arbitrum, Base, Optimism, Polygon, BNB Chain, Linea, Scroll, and others.

For each cross-chain transfer, LayerZero relies on Decentralised Verifier Networks (DVNs) to attest that an event happened on the source chain. Kelp's bridge configuration used a single DVN, run by a single operator, with no second independent verifier and no committee threshold. Attackers identified that this single verifier was the entire trust assumption for hundreds of millions of dollars of bridged rsETH.

On April 18, 2026, beginning at roughly 17:35 UTC, attackers fed the verifier forged messages claiming that rsETH had been burned on a source chain. The verifier, with its data feeds compromised, signed off. LayerZero's mint contract on Ethereum honoured the message and minted 116,500 rsETH to attacker-controlled addresses. None of those tokens were backed by any actual rsETH lock-up.

Hour-by-hour timeline

~T-72h · April 15, 2026
Reconnaissance phase
Attackers (later attributed to the Lazarus Group) probe the verifier's public RPC endpoints. Spear-phishing targeted the operator's internal infrastructure.
T-2h · April 18, 15:30 UTC
DDoS begins on backup nodes
External backup verifier nodes are flooded with junk traffic, forcing the LayerZero verifier client to fail over to internal RPC nodes — the ones the attackers had already compromised.
T+0 · April 18, 17:35 UTC
First unbacked mint
A forged "burn confirmation" message is accepted. The first batch of unbacked rsETH lands on Ethereum.
T+15m · 17:50 UTC
Aave V3 borrows begin
Attackers deposit fresh rsETH as collateral and borrow WETH at scale on Aave V3. Borrows roll into V4 within minutes. Funds are immediately bridged out via THORChain and CCTP.
T+1h · 18:35 UTC
116,500 rsETH minted
By the time the first DeFi monitor alerts fire, the full $292M of unbacked rsETH has been issued and largely deployed as collateral.
T+2h · 19:30 UTC
Aave Risk Council triggers freeze
Aave V3 and V4 freeze rsETH markets. SparkLend and Fluid follow. Lido pauses earnETH deposits (which carry rsETH exposure).
T+3h · 20:30 UTC
KelpDAO emergency pause
Kelp's core staking and bridge contracts are paused. rsETH on the secondary market begins to depeg, dropping to ~0.86 ETH at the bottom.
T+5h · April 18, 22:30 UTC
Public attribution begins
Chainalysis and on-chain analysts trace flows to known Lazarus-affiliated wallets. SecurityWeek and Cointelegraph publish initial reports.
April 19, day +1
Cross-chain laundering via THORChain
Attackers swap WETH proceeds to BTC and other assets through THORChain, mirroring patterns from previous Lazarus operations.
April 20, day +2
LayerZero / Kelp blame split
LayerZero publishes a post-mortem describing the configuration as Kelp's choice; Kelp counters that the 1-of-1 setup matched LayerZero's defaults and recommended pattern at integration time.
April 22, day +4
Aave allocates 25,000 ETH for recovery
Aave governance approves a 25,000 ETH allocation toward recovering bad debt. ether.fi, Lido DAO, Golem and others contribute. The DeFi United recovery fund accumulates ~69,500 ETH.
April 27, day +9 (today)
Recovery negotiations ongoing
Final loss distribution between Kelp, LayerZero, Aave depositors and rsETH holders has not yet been settled.

Root cause

This was not a smart contract bug. The Solidity code on both sides of the bridge worked as designed. The failure was at the verification layer.

LayerZero's security model lets each application choose its DVN configuration: which verifiers must sign, how many of how many, and which executor delivers the message. Configurations range from "1-of-1" (a single party can sign anything into existence) to "N-of-M" with diverse independent verifiers, optional pre-crime checks, and configurable timelocks.

KelpDAO's configuration was a 1-of-1 DVN. Once that single party's data feeds were compromised, the system had no second opinion. The attack worked by:

  1. Compromising the verifier's internal RPC nodes via targeted intrusion. These are the nodes the verifier used to read the source chain.
  2. Simultaneously DDoS-ing the verifier's external/public RPC fallbacks, forcing the client to keep relying on the compromised internal feeds.
  3. Submitting cross-chain messages claiming rsETH had been burned on a sending chain when no such burn had actually occurred. The verifier read the false on-chain state from its own poisoned nodes and signed.
  4. The destination chain's mint contract, seeing a valid signature, minted the receiving rsETH.
The fundamental issue

A single verifier with no diversity in its data sources is the trust assumption. Whether the attack vector is a smart contract bug, an oracle malfunction, an RPC compromise, or social engineering, one party's compromise translates 1:1 into the protocol's compromise.

The blame fight

Within 48 hours, the post-mortem turned into a public dispute. The two narratives:

LayerZero's position

LayerZero argues that DVN configuration is the application's responsibility — the protocol is intentionally pluggable, including with multi-party setups, threshold committees and pre-crime checks. Kelp could have chosen a 3-of-5 DVN or required Polyhedra/Google Cloud as a second verifier; it didn't.

KelpDAO's position

Kelp argues that the 1-of-1 setup was the default during integration, that LayerZero engineers approved the configuration in writing, and that the platform's marketing materials emphasised the DVN's hardening rather than recommending a multi-verifier design. Kelp also points out that several other LayerZero integrations used identical configurations.

Why this matters for stakers

If you're holding any bridged LST or LRT, you can't just trust that the bridge "is audited" or "uses LayerZero / Wormhole / Axelar". You have to look at the application-level verifier configuration. A protocol on a multi-verifier setup with diverse RPC providers and a timelock is a fundamentally different risk than the same protocol on a 1-of-1 default.

DeFi contagion

The attack was sophisticated less for its technical novelty than for how the attacker used the unbacked rsETH. Rather than dumping it directly (which would have crashed the price before they could exit), they used it as collateral to borrow other assets.

Aave V3 + V4

Borrows of WETH against fresh rsETH collateral. Markets frozen, but most of the WETH was already drained.

Up to $230M

SparkLend

rsETH market frozen. Smaller borrow exposure but isolated bad debt expected.

~$28M

Fluid

Frozen rsETH-related vaults. Some users with looped LRT positions liquidated.

~$15M

Lido earnETH

Indirect exposure via rsETH allocation. New deposits paused; existing positions taking depeg pain.

Indirect

Ethena

USDe collateral basket included rsETH-backed positions. Briefly paused mint/redeem.

Indirect

Balancer / Karpatkey

BalancerDAO treasury and managed treasuries took precautionary unwinds of rsETH-related positions.

Treasury impact

The bigger story is that everyone with rsETH exposure had to pause within hours. That's the cost of a fungible token being widely composable: when its supply is corrupted, every protocol that integrated it inherits the problem at the same moment.

Recovery efforts

As of April 27, recovery is still in flight. Key initiatives:

  • DeFi United Recovery Fund — cross-protocol pool of ETH committed by Lido DAO, ether.fi, Golem and private contributors. ~69,500 ETH (~$161M) accumulated.
  • Aave 25,000 ETH allocation — Aave governance approved using treasury reserves to backstop rsETH borrowers.
  • KelpDAO recapitalisation plan — treasury, future fee revenue and a possible governance-token issuance to socialise the loss across rsETH holders rather than concentrating it on Aave.
  • On-chain interdiction — Chainalysis and TRM tracking laundering through THORChain; some funds frozen at CEX off-ramps.

Open questions: how much of the $292M is recoverable, who absorbs the rest, and whether rsETH holders accept a permanent ~10–15% socialised loss in exchange for retaining redemptions.

Lessons for stakers and builders

  1. Bridges are the weakest link in the LRT stack. The rsETH protocol itself wasn't compromised. The mint authority was — on a downstream chain, via a cross-chain message.
  2. "Audited" doesn't cover configuration. Both Kelp and LayerZero contracts were audited. The vulnerable surface was the chosen verifier set and the operator's RPC infrastructure — areas no contract audit covers.
  3. 1-of-1 verifier setups should be treated as 1-of-1 multisigs. If you wouldn't put $290M behind a single private key, don't put it behind a single verifier.
  4. Composability accelerates contagion. The same property that makes LRTs useful (deep DeFi integration) is what made the attack so destructive so quickly.
  5. Lending markets need bridge-aware risk parameters. Aave's risk team had no visibility into KelpDAO's bridge config. Lenders that accept bridged collateral need to track the verifier surface separately.
  6. Recovery via socialisation is now standard. When a DeFi loss is too large to absorb anywhere, the answer keeps being "spread it across stakeholders". Restaking depositors should price that probability into expected returns.

Continue: Why bridges are crypto's most-attacked surface →

Drained
$0
of $292,000,000
~0% of rsETH supply