Kelp DAO Cross-Chain Bridge Attack Full Analysis: How a Single-Signature Vulnerability Triggered a $293 Million DeFi Systemic Risk

On April 18, 2026, around 17:35 UTC, the cross-chain bridge of the fluid staking protocol Kelp DAO’s rsETH was subjected to a large-scale attack. The attacker exploited a vulnerability in the LayerZero cross-chain configuration, minting approximately 116,500 rsETH out of thin air on the Ethereum mainnet, valued at about $293 million at the time, accounting for roughly 18% of the total circulating rsETH supply. This is the largest DeFi security incident of 2026 to date.

The deadly aspect of the attack lies in the subsequent operations: the hacker did not choose to sell rsETH directly on the secondary market—since liquidity was limited and large sales would cause severe slippage—but instead collateralized this “air asset” into mainstream lending protocols such as Aave V3, Compound V3, and Euler, borrowing approximately $236 million in real WETH/ETH.

The core nature of this incident can be summarized as: cross-chain bridge configuration vulnerability + collateral arbitrage in lending protocols + systemic risk spillover. As a liquid staking token, rsETH’s underlying assets should be backed by real reserves within the cross-chain bridge; however, once the reserves are emptied, rsETH’s value peg collapses instantly, while the oracles used by protocols like Aave continue to value the collateral at the original price, leading to massive bad debt.

On-chain tracking shows the attacker obtained about 106,466 ETH (worth roughly $250 million), including approximately $196 million from borrowing and cashing out via Aave. Subsequently, Aave froze all rsETH-related markets, estimating the protocol’s bad debt to be between $177 million and $196 million.

Deadly Single Signature: Technical Deep Dive into LayerZero Configuration Vulnerability

Core of the vulnerability: Overlooked 1/1 DVN configuration

The attack’s core was not a flaw in the smart contract code itself but a misconfiguration in deployment parameters. Kelp DAO’s LayerZero cross-chain contract used a 1/1 DVN (Decentralized Verifier Network) setup, meaning only a single validator node needed to confirm to pass cross-chain messages. Cosine Yu, founder of SlowMist, pointed out on X that the official LayerZero documentation recommends a 2/2 DVN setup, employing multiple validators for redundancy.

LayerZero V2’s DVN mechanism delegates security decisions to the application layer: each protocol can decide how many validator confirmations are required before a cross-chain message is approved. Kelp DAO set this threshold at the most extreme “1 of 1”—only one node’s validation needed. This configuration created a “single point of failure” vulnerability exploitable by attackers.

Attack execution path reconstruction

The attacker crafted a carefully constructed cross-chain data packet, calling the lzReceive function on the LayerZero EndpointV2 contract, injecting a forged cross-chain message into Kelp’s bridge contract. The message claimed that rsETH assets were locked on the source chain, requesting the target chain (Ethereum mainnet) to release an equivalent amount of rsETH.

The critical vulnerability was that Kelp’s bridge contract did not strictly verify the “source chain” of the cross-chain message. The contract default-trusted messages from LayerZero, executing the release, even though no rsETH was actually deposited on the source chain.

The attacker’s transaction fees were paid via Tornado Cash, indicating thorough anonymization of funds prior to the attack.

Audit blind spot: Why did code auditing tools remain silent?

This incident differs fundamentally from common smart contract vulnerabilities like reentrancy or integer overflow. Traditional DeFi security audits mainly focus on code-level vulnerabilities, and tools like Slither or Mythril are almost powerless against configuration-level risks. Studies suggest that even exploitable code vulnerabilities are detected by only about 8% to 20% of existing tools. Configuration parameters (such as DVN thresholds, validator counts) are outside the scope of static analysis tools, creating a structural blind spot in security auditing.

On-chain reconstruction: 46-minute attack timeline and $250 million fund flow tracking

Key event timeline

Data source: on-chain tracking records

Fund flow step-by-step breakdown

The following table clearly illustrates each step in converting “air rsETH” into real ETH:

Data source: on-chain tracking and post-incident reports from protocols

The entire attack process took only about 46 minutes, from initial breach to Kelp’s suspension of contracts, with the attacker completing core collateralization and borrowing operations. Notably, the team took nearly three hours from the attack to issuing a public statement.

Market turmoil: Aave TVL evaporates by $6.6 billion in one day and tokens plummet

Aave liquidity crisis and institutional withdrawal

The Kelp attack directly triggered massive withdrawals from Aave. According to DefiLlama, Aave’s total value locked (TVL) dropped from about $26.4 billion on April 18 to $196M within two days, a reduction of $8.45 billion. The overall DeFi protocol TVL shrank from $177M to $39.4M, a two-day decline of $13.21 billion.

In a single day, approximately $6.6 billion was withdrawn from Aave, including $3.3 billion in stablecoins. As of April 20, 2026, according to Gate.io data, AAVE traded at $91.66, down 1.00% in 24 hours. Weekend liquidations pushed daily protocol fees to nearly $1.99 million.

The withdrawals were driven not by retail panic but by institutional and large-holder risk mitigation. On-chain data shows prominent investor Justin Sun withdrew 65,584 ETH (~$154 million) from Aave. The utilization rate of ETH on Aave reached 100%, with USDT and USDC lending rates soaring to 15%, and deposit APYs rising to 13.4%, indicating severe liquidity tightening.

Token market performance overview as of April 20, 2026

Based on Gate.io data:

• KernelDao (KERNEL): Market confidence hit by attack. Price at $0.0692, down about 4.25% in 24h. Weekly decline of 17.62%, market cap around $11.29 million.
• AAVE (AAVE): Peaked with over 22% drop post-incident, now at $91.66, reflecting re-pricing of collateral risk. Market cap approx. $1.38 billion, down 17.89% over the past month.
• LayerZero (ZRO): As a core cross-chain infrastructure token, ZRO fell over 40% after the incident. Currently at $1.61, up 5.85% in 24h, but down 16.30% over the week, market cap about $406.5 million.

Industry-wide defensive responses

Following the incident, multiple protocols took emergency measures:

• Curve Finance paused all LayerZero-based infrastructure, including bridges for CRV on BNB Chain, Sonic, Avalanche, and the crvUSD stablecoin, as a precaution, despite not being directly attacked.
• MorphO suspended the OFT bridge for MORPHO tokens on Arbitrum.
• Reserve protocol halted minting of eUSD and USD3, citing rsETH exposure in collateral pools, though redemption remains operational.
• Additionally, South Korean exchanges Upbit and Bithumb issued warnings to Kernel DAO investors, urging caution.

Paradigm Reformation: Cross-Chain Trust, LRT Risks, and Audit Blind Spots

Impact on cross-chain infrastructure trust

This incident is another major test of cross-chain bridge security. Cross-chain bridges have long been a high-risk area in crypto security—examples include the 2022 Nomad bridge hack and this Kelp DAO attack, where message verification configuration remains a common attack vector. Notably, after this event, projects like Solv announced halts on LayerZero OFT bridges.

Curve and Morpho’s precautionary suspensions, while protecting user funds temporarily, also expose the DeFi ecosystem’s over-reliance on shared infrastructure. When one protocol faces issues, others may need to take defensive measures, fragmenting liquidity and further eroding confidence in cross-chain security.

Re-evaluating risks of liquid staking tokens

rsETH, as a liquid staking token, depends on the security of the underlying assets locked in the cross-chain bridge. This incident reveals the core fragility of LRT assets: “Bridge attack → Underlying reserves emptied → LRT value collapses → Collateral fails → Borrowing protocols incur bad debt.”

Aave had no prior security incidents involving rsETH. Although the protocol’s own code was not at fault, the event highlights the importance of risk assessment and isolation for LRT tokens. For example, Spark Protocol had previously delisted rsETH and tightened collateral eligibility earlier this year, avoiding impact from this event.

Curve founder Michael Egorov commented on X that this incident exemplifies the risks of the current “non-isolated lending” model—scalable but riskier, requiring robust risk management. Aave V4’s hub-and-spoke model may be a move toward semi-isolation and increased safety.

Security audit paradigm upgrade

The event exposes systemic blind spots in DeFi security auditing. As discussed, risks at the configuration level and key/node operation security are beyond the scope of current static analysis tools.

Post-incident, LayerZero announced it would urge all projects using single DVN configurations to migrate to multi-DVN architectures, and has paused signature and verification services for 1/1 setups. This could set a minimum security standard for cross-chain configurations. Future security audits may need to include configuration parameter reviews, RPC node security assessments, multi-signature verification, and other non-code risk factors.

Conclusion

The $293 million attack on Kelp DAO not only sets a new record for DeFi losses in 2026 but also reveals a long-ignored truth: DeFi security depends not only on code quality but also on rational configuration, node operation security, and ecosystem resilience.

Technically, a single 1/1 DVN configuration triggered a systemic crisis involving multiple top protocols within just 46 minutes. Market-wise, Aave lost $8.45 billion in TVL over two days, and the entire DeFi chain TVL shrank by over $13.2 billion, as the market re-prices the combined risks of “cross-chain bridge vulnerabilities + LRT collateral risks.”

This incident further confirms the double-edged nature of DeFi’s “Lego-like” composability—while enabling capital efficiency and innovation, it also means that a single point of failure can propagate across the entire ecosystem within minutes.