#rsETHAttackUpdate rsETH Attack Update: A Serious Crisis in DeFi Security

Introduction
On April 18, 2026, the DeFi world suffered a major shock when Kelp DAO's rsETH bridge was targeted by hackers. The attack resulted in a loss of approximately $292–293 million (around 116,500 rsETH), making it the biggest DeFi theft of 2026 so far. The incident has caused panic across the DeFi ecosystem, with trending worldwide.

How the Attack Happened
The attack exploited a major weakness in the LayerZero bridge configuration. Kelp had used a '1-of-1' verification setup – meaning it relied on just a single verifier. Hackers manipulated LayerZero's RPC nodes, crafted fake cross-chain messages, and withdrew funds without any valid deposit on the source chain.

Current Status & Response

· Hacker's wallet currently holds over 11,200 ETH (approx. $21M) plus the stolen rsETH
· Kelp DAO has paused the rsETH bridge and is working with security firms
· LayerZero has confirmed that only Kelp's configuration was vulnerable, not the core protocol
· Negotiations with the attacker are reportedly ongoing for a potential bounty return

What Users Should Do

· Do not interact with rsETH-related contracts until official updates
· Beware of scam recovery sites promising to recover funds
· Follow only official Kelp DAO and LayerZero channels

Conclusion
This incident highlights the critical importance of multi-verifier security models in cross-chain bridges. The coming days will reveal whether a negotiation or a white-hat resolution is possible.

Stay safe and always DYOR (Do Your Own Research).