$292 million KelpDAO cross-chain bridge hacked: Who should pay for this

April 18, 2026, an attacker stole 116,500 rsETH from KelpDAO’s cross-chain bridge within 46 minutes, worth approximately $292 million. This is the largest DeFi security incident so far in 2026. The stolen tokens were immediately deposited into lending protocols like Aave V3 as collateral, loaning out about $236 million worth of ETH, causing $177 to $200 million in bad debt on the Aave platform, triggering a chain reaction affecting more than nine DeFi protocols, with Aave’s total value locked (TVL) evaporating by about $6 billion overnight.

The details of the incident have been widely reported; this article will not reiterate them. In fact, the author himself has several tens of thousands of dollars stuck and unable to withdraw… so the author is highly motivated to do research. This article explores a different question: from a civil legal perspective, who should be held responsible? Can victims truly obtain compensation?

The answer is much more complex than the initial mutual accusations within the crypto community. Through a systematic legal analysis of applicable legal frameworks, I believe: KelpDAO and LayerZero Labs bear joint and several liability (concurrent liability), roughly apportioned as KelpDAO 60% / LayerZero 40%; meanwhile, the liability caps in both protocols’ terms of service are nearly certainly unenforceable.

Core Liability Issue: Two Failures, One Attack

Discussions around this attack always start with the same debate: is it KelpDAO’s fault (choosing a 1-of-1 DVN configuration), or LayerZero’s fault (its RPC infrastructure for the DVN being poisoned)?

The answer is: both are responsible.

(1) What did KelpDAO do wrong?

LayerZero’s cross-chain messaging protocol uses a decentralized verifier network (DVN) to verify whether messages sent from one blockchain to another are genuine. The protocol is designed to be highly flexible: each application deployed on LayerZero can choose how many DVNs must reach consensus before trusting a message. LayerZero’s own documentation recommends at least a 2-of-3 configuration, meaning at least two out of three independent validators must confirm a message before acceptance.

KelpDAO chose the absolute minimum configuration: 1-of-1. One validator. Zero fault tolerance.

This means anyone who can compromise, deceive, or manipulate that single validator can forge any cross-chain message, including one instructing KelpDAO’s bridge to release all rsETH reserves to an attacker-controlled address. And that is exactly what happened.

It’s quite absurd: KelpDAO’s bridge locks in over $1.6 billion across more than twenty blockchain networks. The protocol chose a single point of failure (SPOF) to protect these assets, akin to using one lock to secure a bank vault, despite manufacturers explicitly recommending a three-lock system.

Under traditional tort law, this analysis is straightforward. The Restatement (Second) of Torts defines negligence as conduct that falls below the standard of care established by law to prevent unreasonable risks of harm to others. ( For professional actors, protocol operators managing billions of dollars in user assets undoubtedly fall into this category, where the standard of care is elevated to the skill and knowledge generally possessed by industry practitioners. )

The classic risk-utility analysis by Judge Learned Hand from the U.S. Court of Appeals for the Second Circuit in United States v. Carroll Towing Co. states: if the cost of prevention (B) is less than the probability of harm (P) multiplied by the magnitude of harm (L), then failure to take preventive measures constitutes negligence. That is: negligence exists when B < P×L.

In this case, there is no doubt:

• P (probability): Cross-chain bridge attacks are among the most common and costly attack types in DeFi. Examples include Wormhole ($320 million, 2022), Ronin ($625 million, 2022), Nomad ($190 million, 2022), and Drift Protocol ($285 million, April 1, 2026, just 17 days before this attack). These all demonstrate that bridge security is a known, active threat.
• L (loss magnitude): Direct loss of $292 million, plus downstream protocol bad debts totaling hundreds of millions of dollars.
• B (prevention cost): Changing the bridge’s DVN configuration from 1-of-1 to 2-of-3. Additional costs: minimal validation delay (a few seconds) and DVN fees, negligible relative to the assets protected.

No rational protocol operator could justify using a 1-of-1 configuration for assets of this scale. Prevention costs are minimal, but the expected damage is catastrophic.

It’s also instructive to look at industry peers’ practices. SparkLend’s LTV for rsETH is set at 72%, Fluid’s at about 75%, both well below Aave’s 93%. This conservative stance likely reflects the industry’s awareness of the underlying bridging risks of rsETH. If even lending protocols are cautious about rsETH bridging risks, then as the bridge operator itself, KelpDAO should have adhered to higher security standards. But the opposite happened: the bridge operator chose the lowest security configuration.

Another important defense argument is the on-chain transparency defense. The 1-of-1 DVN configuration is publicly verifiable on-chain; any technically capable user can query the LayerZero EndpointV2 contract to verify the bridge’s security parameters. KelpDAO might argue that since the configuration is public, users have the opportunity (and responsibility) to assess the bridge’s security before depositing assets. This constitutes an assumption of risk defense (fact-based), distinct from contractual waiver of service terms (to be analyzed in Part Two). The strength of this defense depends on how courts view the reasonableness standard for DeFi users—whether ordinary DeFi users are expected to review the DVN configuration before depositing assets. For institutional users and high-tech “whales,” this defense may be effective; for retail users, its persuasive force diminishes significantly.

[1] (2) What did LayerZero do wrong?

But KelpDAO’s configuration choice alone is insufficient to cause the loss. The attack also required the attacker to deceive LayerZero’s DVN into signing off on a transaction that never actually occurred. It is precisely at this stage that LayerZero’s legal risk becomes clear.

According to a detailed analysis published by SlowMist founder Cos (Yu Xian), [2] this attack was not a breach of DVN keys nor an exploitation of LayerZero’s protocol logic. The attacker targeted the upstream data sources of the DVN: the RPC nodes LayerZero uses to read blockchain state.

The attack was executed in five steps:

• The attacker obtained the list of RPC nodes used by LayerZero’s DVN.
• The attacker compromised two independent RPC node clusters, replacing legitimate op-geth binaries with trojanized versions.
• The trojanized binaries used selective spoofing: they returned fake data only to requests from DVN IP addresses. All other IPs, including LayerZero’s own scan monitoring services, received real data. This IP-based selective response pattern made poisoning behavior completely invisible to normal monitoring.
• The attacker launched a DDoS attack on the uncompromised RPC nodes, forcing the DVN to fail over to the poisoned nodes.
• After forging the validation, the malicious binary self-destructed and cleared all logs, eliminating forensic evidence.

This is critical: LayerZero operates this DVN. It is not a passive software library deployed by KelpDAO. LayerZero actively