Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
KelpDAO has suffered a devastating exploit, with hackers draining nearly $293 million in rsETH tokens through a cross-chain bridge vulnerability, marking the largest DeFi hack of 2026 so far. The incident has triggered widespread panic across decentralized finance platforms, freezing markets and raising urgent questions about cross-chain security.
---
🔎 What Happened
- Date of Attack: April 18–19, 2026
- Amount Stolen: ~116,500 rsETH, valued at $292–293 million
- Exploit Method: Attackers manipulated LayerZero’s cross-chain messaging system, tricking it into validating fraudulent transactions.
- Speed of Attack: The funds were drained in under 46 minutes, with most converted into ETH and laundered through Tornado Cash.
---
🌐 Impact on DeFi Ecosystem
- Largest DeFi Hack of 2026: Surpassing the Drift Protocol exploit earlier this month.
- Contagion Effect: Lending platforms like Aave, SparkLend, and Fluid froze rsETH markets to prevent systemic collapse.
- Collateral Damage: rsETH was widely used as collateral and liquidity across multiple protocols, amplifying the risk.
---
🕵️ Possible Attackers
- Suspected Group: Post-incident analysis suggests involvement of North Korea’s Lazarus Group, known for sophisticated crypto heists.
- Technique: Attackers poisoned RPC nodes in LayerZero’s DVN system, forcing failover to malicious nodes and enabling fake cross-chain messages.
- Root Cause: KelpDAO’s 1/1 DVN setup lacked redundancy, leaving it vulnerable to spoofing.
---
⚠️ Risks & Lessons
- Cross-Chain Bridges: Once again highlighted as the weakest link in DeFi security, with billions lost in similar exploits over the past years.
- Systemic Risk: The hack demonstrates how one protocol’s vulnerability can ripple across the entire ecosystem.
- Need for Redundancy: Experts stress that multi-verifier setups and stronger failover mechanisms are essential to prevent similar attacks.
---
📌 Key Takeaways
- Investors: Those holding rsETH or using it as collateral face significant uncertainty until markets stabilize.
- Protocols: Must urgently review cross-chain bridge security and implement redundancy.
- DeFi Community: This incident underscores the importance of audits, layered defenses, and rapid incident response. #KelpDAOBridgeHacked