What Happened
On April 18, 2026, attackers stole approximately $292 million (116,500 rsETH) from Kelp DAO — a liquid restaking protocol built on EigenLayer. It was the largest DeFi exploit of 2026 and one of the largest cross-chain bridge hacks in history.
The attack was attributed to North Korea’s Lazarus Group. The entire exploit took 46 minutes.
The Root Cause in One Sentence
Kelp DAO configured their LayerZero bridge with a 1-of-1 DVN (Decentralized Verifier Network) — meaning a single compromised key was enough to forge a cross-chain message that minted unbacked rsETH.
Background: rsETH and Kelp DAO
Kelp DAO is one of the largest liquid restaking protocols. Users deposit stETH and receive rsETH — a liquid token representing their restaked position. The protocol managed approximately $1.6 billion in TVL at its peak.
rsETH operated across multiple chains via LayerZero. Users could bridge rsETH between Ethereum, Arbitrum, Optimism, Base, and other networks.
How the Attack Worked
Step 1: DVN Key Compromise
The attacker obtained control of Kelp DAO’s single DVN signer. The exact method of compromise remains under investigation, but security firms believe it involved a social engineering campaign targeting Kelp DAO infrastructure staff — similar to the Drift Protocol attack two weeks earlier.
Step 2: Forged Cross-Chain Message
With the DVN key, the attacker crafted a fraudulent LayerZero message:
“16,000 rsETH has been deposited on the source chain. Please mint the equivalent on the destination chain.”
Normally, the Oracle would confirm the deposit actually happened on-chain. But the attacker exploited a timing window where the Oracle and DVN could be tricked into confirming a message for a transaction that never occurred.
Step 3: Minting Unbacked rsETH
The forged message passed both verification layers:
- DVN — Confirmed (attacker controlled the single signer)
- Oracle — Confirmed (the RPC poisoning attack fed the Oracle fake data)
The destination chain’s smart contract minted 116,500 rsETH — backed by nothing.
Step 4: Cashing Out
The attacker redeemed the fake rsETH for WETH from Kelp DAO’s liquidity pools on Aave, spreading the withdrawals across 20 chains to avoid triggering circuit breakers.
By the time the team noticed, $292 million was already moving through mixers and cross-chain bridges.
Timeline
| Time (UTC) | Event |
|---|---|
| 14:02 | Attacker compromises 1-of-1 DVN signer |
| 14:08 | First forged message sent — 30,000 rsETH minted |
| 14:15 | Additional forged messages — total 116,500 rsETH |
| 14:22 | Attacker begins redeeming rsETH for WETH on Aave |
| 14:35 | Kelp DAO monitoring alerts trigger |
| 14:48 | Team attempts to pause the bridge — too late |
| 15:00 | $292M already across 20+ chains |
Why the Defenses Failed
1. Single Point of Failure
A 1-of-1 DVN means one key controls the entire cross-chain messaging layer. This is the equivalent of a multisig wallet with a single signer — it defeats the entire purpose of decentralization.
2. No Volume Anomaly Detection
Kelp DAO’s bridge had no circuit breaker for abnormal mint volumes. A sudden mint of 116,500 rsETH (18% of total supply) should have triggered an automatic pause.
3. No Timelock on Configuration Changes
If Kelp DAO had a timelock on DVN configuration changes, the attacker couldn’t have instantly modified the bridge settings. The team would have had a window to detect and respond.
Lessons for Every DeFi Protocol
This wasn’t a complex zero-day. It was a configuration error that any protocol using LayerZero (or any cross-chain messaging system) could make.
- Never use 1-of-1 threshold configurations — Minimum 2-of-3 with geographically distributed signers
- Volume-based circuit breakers — Auto-pause on anomalous transaction sizes
- Timelock on critical configs — Give your team a window to react
- Independently audit your bridge configuration — Not just the smart contract code, but the operational parameters
- Test your incident response — 46 minutes from detection to total loss means the response plan was too slow
Frequently Asked Questions
Q: Was LayerZero itself hacked? A: No. The LayerZero protocol functioned as designed — it delivered messages that both the Oracle and DVN confirmed. The vulnerability was in Kelp DAO’s choice to use a single-signer DVN configuration.
Q: Could users have protected themselves? A: Not easily. rsETH holders trusted Kelp DAO’s bridge configuration. The only defense would have been diversifying across multiple restaking protocols instead of concentrating in rsETH.