Kelp DAO vulnerability triggers cross-chain bridge security alert: DeFi United raises $300 million to compensate rsETH holders

On April 18, 2026 at 17:35 UTC, an attacker exploited a rsETH bridging vulnerability in Kelp DAO that is based on LayerZero’s cross-chain infrastructure. By disguising inbound data packets, the attacker released 116,500 rsETH, which at the time had a market value of approximately $292 million. Investigations by Chainalysis and ZachXBT both traced the attack to North Korea’s Lazarus Group. By combining DDoS attacks on external nodes with manipulation of internal RPC nodes, the group bypassed the security checks of a single-validator-node network.

This was not a typical smart contract vulnerability—there was no reentrancy attack, no missing permissions, and no price oracle manipulation. The attacker’s real breakthrough lay in this: Kelp DAO used a 1-of-1 DVN configuration with a single point of failure, relying solely on the only validator node run by LayerZero Labs. After the RPC data read by that node was successfully deceived, the bridge contract on the Ethereum side released the forged cross-chain message for rsETH, enabling the genuine rsETH to be released—without any second validator node being able to intervene and perform verification.

Instead of dumping the stolen rsETH on the market, the attacker deposited about 90,000 rsETH into Aave V3 as collateral and borrowed ETH and other assets worth approximately $190 million. This move left Aave directly holding massive bad debt. Aave’s TVL fell sharply from $26.4 billion to $17.9 billion, and across the entire DeFi market, more than $13 billion in funds flowed out in the short term.

As of April 29, 2026, Gate’s market data shows ETH trading prices fluctuating around $2,300. After the attack, the rsETH price briefly dropped to $1,723, creating a roughly $500 gap versus ETH—reflecting market panic over the pricing of uncollateralized rsETH.

Even more concerning is that this incident was not an isolated case. In the first quarter of 2026, DeFi protocols suffered total losses of approximately $168.6 million due to hacker attacks. But within just 20 days in April, the loss figure surged to $606.2 million—setting the highest record for monthly losses since February 2025.

Why does a single validator node become a fatal weak point in DeFi infrastructure?

The Kelp DAO attack exposed a structural problem that had long been underestimated: an imbalance in cross-chain security configurations. In LayerZero’s architecture, each cross-chain message must be checked by one or more decentralized validator-node networks before it can reach the destination chain. But Kelp DAO’s rsETH bridge was configured with only one validator node—LayerZero Labs’ DVN—creating a de facto single point of failure.

This configuration is not a one-off phenomenon. The simpler the logic of a cross-chain bridge, the fewer validator nodes it tends to have, in exchange for faster cross-chain message confirmation and lower Gas costs. However, when only one validator performs the “witness” function, an attacker only needs to compromise that single link—whether it’s the RPC node, the validator node server, or the permissions of the operator—to bypass the entire cross-chain verification logic.

What is even more worrying is that the attacker’s method is nearly invisible to traditional on-chain monitoring. Every on-chain transaction appears fully legitimate at the bytecode level: the message is relayed, the signature is verified, and the destination chain contract executes the correct response to the cross-chain request. What is truly being manipulated is not the smart contract code, but the off-chain validation layer that determines whether “this cross-chain transfer should be approved.”

These attacks reveal a major shift in the boundaries of DeFi security: smart contract vulnerabilities are no longer the only source of systemic risk. The peripheral infrastructure of cross-chain bridges—RPC nodes, validator node networks, and off-chain signing services—forms an increasingly large attack surface. In 2026, the shift in attack patterns is accelerating. The combined share of losses from the Kelp DAO attack and the Drift Protocol attack accounted for 95% of the total losses in April, fundamentally indicating that attackers have systematically expanded their target scope from a single smart contract to the entire DeFi infrastructure layer.

Notably, in the first 4.5 months of 2026 there were 47 hacking incidents in the crypto sector, compared with 28 in the same period of 2025—an approximate year-over-year increase of 68%.

How does decentralized lending transmit a $13 billion liquidity shock in a chain reaction?

The essence of the attack was not merely token theft; it was the transmission of risk across protocols enabled by DeFi’s composability. The forged rsETH was distributed by the attacker to 7 different addresses and was widely used as collateral across multiple lending protocols such as Aave and Compound. Because these rsETH tokens have no real on-chain assets backing them, their use as collateral in lending protocols is, in essence, injecting “a blank check” into the lending market.

When these counterfeit collateral assets are used to borrow real ETH, the risk becomes deeply tied to the lending protocols’ liquidation mechanisms, liquidity reserves, and the safety of users’ deposits. Aave faces pressure in two directions: on one hand, the value of rsETH as collateral is unreliable, sharply increasing the risk of bad debt in the related borrowings; on the other hand, market panic causes users to withdraw liquidity in a concentrated manner, further shrinking the protocol’s ability to maneuver when dealing with bad debt. After the incident, Arbitrum’s Security Council froze 30,766 ETH from the attacker-related wallets, which to some extent curbed the further expansion of losses.

More importantly, this incident shows the negative side effect of DeFi “composability”: when the coupling between protocols is high enough, a structural failure in one component can quickly evolve into a systemic risk across the entire ecosystem, with the ultimate cost borne collectively by the depositors of lending protocols and participants in cross-protocol arbitrage.

How is a $303 million liquidity pool built into a DeFi safety valve?

As of April 27, 2026, the DeFi United rescue plan coordinated under the leadership of Aave founder Stani Kulechov had accumulated more than $303 million in committed funds. The sources span multiple key participants across the Ethereum ecosystem, handled flexibly in the form of donations, deposits, and credit lines.

Specifically, publicly committed participants include: Consensys, together with founder Joseph Lubin, pledging up to 30,000 ETH; Mantle providing a 30,000 ETH credit line; Aave DAO proposal funding of 25,000 ETH; EtherFi pledging up to 5,000 ETH; Lido submitting a governance proposal for 2,500 stETH; Compound submitting a 3,000 ETH grant plan; Renzo providing more than $10 million from its treasury; Babylon Foundation joining with a $3 million USDT deposit; Circle Ventures providing support through buying AAVE tokens; in addition, Avalanche Foundation, Solana Foundation, and Sun Yat-sen’s team have also participated, but the amounts have not been disclosed.

Notably, LayerZero—the cross-chain protocol—joined the rescue with a commitment of 10,000 ETH on the 5th day after the incident. This includes 5,000 ETH directly donated to the DeFi United fund, and another 5,000 ETH deposited into Aave to enhance its liquidity. Puffer Finance announced on April 29 that it would use treasury funds to participate in the DeFi United rescue, becoming a key participant in the restaking track joining the plan.

The entire rescue fund pool has been increased to over 100,360 ETH. This is the largest cross-protocol coordinated funding action in DeFi history, marking a paradigm upgrade for the industry’s response mechanism to systemic crises.

From liquidation-fraud collateral to batch-by-batch replacement of ETH: how the rescue plan is rolled out step by step

The rescue plan released by the DeFi United alliance follows a phased execution framework as the core structure. Its main goal is to fully restore asset backing for rsETH tokens and to fill the bad debt left by the North Korean hackers in Aave and Compound lending protocols. The core approach is to mint the committed ETH back into rsETH in batches, rebuilding its underlying asset value. Before that, the protocol will temporarily adjust the price oracle values used when rsETH is used as collateral, so that controlled liquidations can be initiated. The tokens recovered through liquidations will be sent uniformly to DeFi United’s multisig wallet, and then exchanged for ETH through Kelp’s standard process, with the final proceeds used to cover the funding gaps in the affected lending markets.

More importantly, the plan is designed with realistic constraints of decentralized governance in mind. Most of the committed funds still need to be formally approved via DAO governance votes of their respective protocols, so the later execution pace depends on the parallel efficiency of multiple governance processes.

This plan is not aimed at paying the attacker. Instead, it restores the intrinsic value of the collateral to reduce secondary impacts on ordinary users and protocol liquidity. The logic is: if DeFi allows uncollateralized assets to keep accumulating bad debt in lending protocols without intervention, the credit foundation of the entire ecosystem—not just one protocol—will ultimately be harmed. Therefore, the essence of the rescue mechanism is proactive intervention against systemic risk, not a moral judgment on individual behavior.

When competitors team up to provide backstops: is rescue action reshaping DeFi trust mechanisms?

The uniqueness of the DeFi United rescue action lies in the breadth of its participants and the high level of cross-stakeholder cooperation. More than 14 ecosystem participants—many of which are direct competitors in different tracks—collectively bear financial responsibility within a unified framework. This industry coordination does not come from instructions issued by a centralized institution; instead, it is rolled out step by step by relying on transparent on-chain commitments, the aggregation of funds into multisig wallets, and phased technical execution.

In traditional DeFi narratives, competition among protocols mainly focuses on yield, liquidity scale, and governance incentives. This competition can drive product iteration and efficiency improvements in normal market conditions, but when the ecosystem faces systemic risk, a single protocol often lacks the ability to independently resolve and contain deep “infectious bad debt.” The Kelp DAO incident demonstrates that the deep coupling between cross-chain bridges and lending protocols makes it difficult for risk exposure to be cut off and isolated at the protocol level.

The emergence of rescue initiatives marks a shift: DeFi is evolving from purely competitive free markets into a system that includes a certain degree of collective responsibility. This is not pure altruism—among the rescue participants are protocols directly exposed to bad debt risks, as well as others worried about an ecosystem confidence collapse. Even though motivations differ, all parties align on the final goal of “maintaining DeFi’s overall creditworthiness.” This cross-organizational coordination may not be a definitive standard answer to systemic risk, but it provides a reference model for DeFi’s future evolution toward higher resilience and self-healing capacity.

Summary

The Kelp DAO 2.92 billion USD cross-chain bridge attack is the largest DeFi security incident to date in 2026. Its technical root cause points to a structural vulnerability at the infrastructure layer—specifically, reliance on a single validator node configuration. The attacker’s method went beyond the scope of traditional smart contract vulnerabilities: it targeted the off-chain validation layer and revealed a gap in cross-chain security monitoring.

Led by Aave, the DeFi United rescue action set a record for the largest cross-institutional coordinated fund effort in DeFi history, with a total of $303 million. More than 14 protocols participated in diversified forms including donations, deposits, and credit lines, demonstrating the industry’s capacity for coordinated action during systemic crises. The incident validates a key logic: as cross-chain interoperability continues to deepen, the negative effects of composability will keep accumulating, and the gap between risk pricing and infrastructure security will continue to widen over time. Ultimately, the effectiveness of the rescue still depends on governance efficiency at the execution level and each participating party’s ongoing ability to fulfill commitments.

Frequently Asked Questions

Q: How did the Kelp DAO attack happen?

The attacker exploited a security flaw in Kelp DAO’s LayerZero cross-chain bridge, which was configured with only a single validator node. By forging inbound messages, the attacker tricked the validator’s verification logic, causing the bridge contract on the Ethereum side to incorrectly believe the cross-chain transfer had completed—releasing 116,500 rsETH with a market value of approximately $292 million.

Q: What are the funding sources for the DeFi United rescue action?

As of April 27, the rescue plan had received commitments totaling more than $303 million. The participants include Consensys, Lido, EtherFi, Mantle, Compound, Renzo, Babylon Foundation, LayerZero (10,000 ETH), Puffer Finance, and dozens of other projects and institutions.

Q: How do rsETH holders receive compensation?

DeFi United will mint the committed ETH into rsETH in batches to rebuild the value supporting its collateral. During phased execution, affected assets will be transferred to a multisig wallet and then exchanged for ETH to cover the funding shortfall in the lending market, while the remaining funds will be used to compensate rsETH holders.

Q: What impact does this incident have on DeFi’s security evolution?

The attack shows that DeFi security risks have expanded from smart contract vulnerabilities to the off-chain validation layer of cross-chain infrastructure. This trend means traditional on-chain security monitoring methods are no longer sufficient to identify new attack techniques. More comprehensive cross-chain invariance monitoring systems are needed to verify the authenticity of cross-chain messages and whether the number of tokens locked on the source chain matches.

Q: How will future DeFi protocols prevent similar attacks?

There are three core directions: first, configure multiple independent validator nodes for cross-chain bridges to eliminate single points of failure; second, build integrity monitoring systems for cross-chain data transmission; third, promote risk information sharing and coordinated remediation mechanisms among protocols to address the rapid spread of systemic risks across protocols.