Around 17:35 UTC on April 18, 2026, the cross-chain bridge of Kelp DAO’s liquid restaking protocol, rsETH, suffered a large-scale attack. Exploiting a LayerZero cross-chain configuration vulnerability, the attacker minted approximately 116,500 rsETH out of thin air on Ethereum mainnet. At prevailing market prices, this was valued at roughly $293 million, representing about 18% of the total rsETH supply. This stands as the largest DeFi security incident of 2026 to date.
The attack’s critical twist lay in the follow-up actions: instead of dumping rsETH directly on secondary markets—where liquidity was insufficient and large sales would cause severe slippage—the hacker used these "air assets" as collateral in mainstream lending protocols like Aave V3, Compound V3, and Euler, borrowing approximately $236 million in real WETH/ETH.
At its core, this incident can be summarized as: cross-chain bridge configuration vulnerability + collateral arbitrage in lending protocols + systemic risk spillover. As a liquid restaking token, rsETH’s value should be anchored to real reserves in the cross-chain bridge. When those reserves were drained, rsETH’s value instantly collapsed to zero, yet lending protocols like Aave continued to price the collateral at its original value, resulting in massive bad debt.
On-chain tracking shows the attacker obtained about 106,466 ETH (worth roughly $250 million), with around $196 million sourced from Aave borrowings. Aave subsequently froze all rsETH-related markets and estimated protocol bad debt between $177 million and $196 million.
Fatal Single Signature: Deep Dive into the LayerZero Configuration Vulnerability
Core Vulnerability: The Overlooked 1/1 DVN Setting
The heart of this attack wasn’t a smart contract code bug, but a deployment parameter misconfiguration. Kelp DAO’s LayerZero cross-chain contract used a 1/1 DVN (Decentralized Verifier Network) setup—meaning only a single verifier node needed to approve cross-chain messages. As SlowMist founder Cosine noted on X, LayerZero’s official documentation recommends a 2/2 DVN configuration, leveraging redundancy across multiple nodes.
LayerZero V2’s DVN mechanism delegates security decisions to the application layer: each integrated protocol decides how many verifier nodes must confirm a cross-chain message before approval. Kelp DAO set the threshold at the extreme "1 of 1"—just one node’s confirmation sufficed. This configuration created a "single point of failure" for attackers to exploit.
Attack Execution Path Reconstruction
The attacker crafted a malicious cross-chain data packet, invoking the lzReceive function on the LayerZero EndpointV2 contract to deliver a forged cross-chain message to Kelp’s bridge contract. This message claimed rsETH assets were locked on the source chain and requested the Ethereum mainnet to release an equivalent amount of rsETH.
The critical flaw: Kelp’s bridge contract failed to rigorously verify the "source chain" of cross-chain messages. The contract blindly trusted LayerZero’s message and executed the release, even though no rsETH had actually been deposited on the source chain.
The attacker funded transaction fees via Tornado Cash, indicating thorough anonymization preparations before the attack.
Audit Blind Spot: Why Code Audit Tools Fell Silent
This incident fundamentally differs from typical reentrancy or integer overflow vulnerabilities in smart contract code. Traditional DeFi security audits focus on code-level flaws, but tools like Slither and Mythril are nearly powerless against configuration risks. Research shows even code-level exploits are detected by current tools only 8%–20% of the time. Configuration parameters (such as DVN thresholds and verifier counts) are outside the scope of any static analysis tool, creating a structural blind spot in security audits.
On-Chain Reconstruction: 46-Minute Attack Timeline and $250 Million Fund Flow Tracking
Key Event Timeline
| Time (UTC) | Event | Nature |
|---|---|---|
| 17:35 | Attacker invokes LayerZero EndpointV2 contract, forges cross-chain message, releases 116,500 rsETH (~$293M) on Ethereum mainnet | Attack executed |
| 18:21 | Kelp DAO multisig wallet detects abnormal activity, urgently pauses rsETH-related contracts on mainnet and multiple L2s | Defensive response |
| 18:26 | Attacker attempts a second attack, tries to extract 40,000 rsETH (~$100M), reverted | Attack attempt failed |
| 18:28 | Attacker attempts a third attack, again tries to extract 40,000 rsETH, reverted | Attack attempt failed |
| 20:10 | Kelp DAO posts first public statement on X, confirming suspicious cross-chain activity | Official confirmation |
| Hours after the incident | Aave, SparkLend, Fluid, and others urgently freeze rsETH collateral markets | Industry emergency response |
Data source: On-chain tracking records
Fund Flow Breakdown
The following table clearly details each step the attacker took to convert "air rsETH" into real ETH:
| Step | Operation Description | Protocol/Contract Involved | Fund Destination & Outcome |
|---|---|---|---|
| Step 1 | Attacker withdraws fees via Tornado Cash, preparing for anonymized transactions. | Tornado Cash | Attacker’s wallet receives ETH for subsequent gas fees. |
| Step 2 | Forges cross-chain message, calls LayerZero EndpointV2 contract, triggers Kelp bridge contract. | LayerZero EndpointV2, Kelp DAO Bridge | Kelp bridge contract releases 116,500 fake rsETH to attacker’s address. |
| Step 3 | Deposits most fake rsETH as collateral into multiple mainstream lending protocols. | Aave V3, Compound V3, Euler | Attacker secures collateral positions in each protocol, prepping for borrowing. |
| Step 4 | Borrows real WETH and ETH from lending protocols. | Aave V3, Compound V3, Euler | Attacker borrows ~$236M in real assets across protocols. |
| Step 5 | Cashes out and disperses borrowed ETH. | Privacy tools & multiple intermediary addresses | Attacker obtains ~106,466 ETH (worth ~$250M). |
| Step 6 | Bad debt forms; lending protocols face losses as collateral value drops to zero. | Aave V3, Compound V3, Euler | Aave bad debt: $177M–$196M; Compound: ~$39.4M; Euler: ~$840K. |
Data source: On-chain tracking and official post-mortem reports from multiple protocols
The entire attack took just about 46 minutes—from the initial exploit to Kelp pausing contracts, the attacker completed all core collateralization and borrowing steps. Notably, nearly three hours passed between the attack and Kelp’s first public statement.
Market Turbulence: Aave TVL Evaporates $6.6 Billion in One Day, Tokens Sell Off
Aave’s Liquidity Crisis and Institutional Exodus
The Kelp attack triggered a massive withdrawal from Aave. According to DefiLlama, Aave’s total value locked (TVL) dropped from about $26.4 billion on April 18 to $17.947 billion over the next two days—a cumulative decrease of $8.45 billion. Overall DeFi TVL fell from $99.497 billion to $86.286 billion, shrinking by $13.21 billion in two days.
On a single-day basis, Aave experienced $6.6 billion in outflows, including $3.3 billion in stablecoins. As of April 20, 2026, Gate market data shows the AAVE price at $91.66, down 1.00% in 24 hours. Weekend liquidation surges pushed protocol fees up to $1.99 million in a single day.
Withdrawals were not driven by retail panic, but by risk-averse behavior from institutions and large holders. On-chain data reveals prominent crypto investor Justin Sun withdrew 65,584 ETH (~$154M) from Aave. ETH utilization on Aave hit 100%, USDT and USDC borrowing rates soared to 15%, and deposit APYs climbed to 13.4%, signaling acute liquidity tightening.
Token Market Performance Overview
As of April 20, 2026, based on Gate market data:
- KernelDao (KERNEL): The attack undermined market confidence in this token. Gate data shows KERNEL priced at $0.0692, down about 4.25% in 24 hours. KERNEL fell 17.62% over the past week, with a total market cap around $11.29 million.
- AAVE (AAVE): After the incident, the token dropped over 22% at its lowest, currently trading at $91.66. This reflects a re-pricing of collateral risk exposure. Market cap is about $1.38 billion, with a monthly decline of 17.89%.
- LayerZero (ZRO): As a cross-chain infrastructure token, ZRO plunged over 40% after the event. Latest data shows ZRO rebounded slightly to $1.61, up 5.85% in 24 hours, but still down 16.30% for the week, with a market cap of $406.5 million.
Industry-Wide Defensive Response
Following the incident, multiple protocols implemented emergency precautions:
Curve Finance suspended all LayerZero-based infrastructure, including CRV token bridges on BNB Chain, Sonic, and Avalanche, as well as fast bridging for crvUSD stablecoin. Curve stated these were preventive measures, even though the protocol was not directly targeted.
Morpho paused the OFT cross-chain bridge for MORPHO tokens on Arbitrum, also as a precaution.
Reserve protocol suspended minting of eUSD and USD3 due to rsETH exposure in its collateral pool, though redemption remained open.
Additionally, Korean digital asset exchange consortium members Upbit and Bithumb issued investment warnings for Kernel DAO, urging investor caution.
Paradigm Shift: Cross-Chain Trust, LRT Risk, and Audit Blind Spots
The Impact on Trust in Cross-Chain Infrastructure
This incident marks another major challenge for cross-chain bridge security. Bridges have long been hotspots for crypto security breaches—from the 2022 Nomad bridge hack to the Kelp DAO attack, configuration vulnerabilities in cross-chain message validation remain prime targets. A notable trend: after this event, several projects including Solv announced suspension of LayerZero OFT bridging.
Preventive pauses by Curve and Morpho protected user funds in the short term, but also highlighted DeFi’s heavy reliance on shared infrastructure. When one protocol faces issues, others must take defensive measures, potentially fragmenting token liquidity and eroding trust in bridge security.
Reassessing Liquid Restaking Token Risks
As a liquid restaking token, rsETH’s value depends on underlying assets locked in the cross-chain bridge. This incident exposed a fundamental vulnerability of LRT assets: "bridge attack → reserves drained → LRT value collapses → collateral fails → lending protocol bad debt," a chain reaction.
Aave had never experienced a security incident before this event. While the root cause wasn’t its own contract code, it was tied to Aave’s risk assessment and isolation settings for LRT tokens. For comparison, Spark Protocol delisted rsETH and other low-utilization assets and tightened collateral standards back in January, insulating itself from this turmoil.
Curve founder Michael Egorov commented on X that this event highlights the risks of the widely adopted "non-isolated lending" model—high scalability but greater risk, making risk management crucial. Aave V4’s hub-and-spoke model could be a step toward more isolated and secure lending.
Upgrading Security Audit Paradigms
This incident also exposed systemic blind spots in DeFi security audits. As discussed, configuration risks and key/node operational security fall outside the coverage of current audit tools and methods.
After the event, LayerZero announced it would urge all projects using single DVN configurations to migrate to multi-DVN setups, and has suspended signature and verification services for 1/1 configurations. This move may drive the industry toward minimum security standards for cross-chain setups. Future DeFi security checklists may need to expand to include configuration parameter reviews, RPC node security assessments, multisig mechanism verification, and other non-code risk factors.
Conclusion
The $293 million Kelp DAO attack not only set a new record for DeFi losses in 2026, but also exposed a long-overlooked truth: DeFi security depends not just on code quality, but also on sound configuration parameters, secure node operations, and the resilience of ecosystem dependencies.
Technically, a single "1/1" DVN parameter choice triggered a systemic crisis across multiple major protocols in just 46 minutes. From a market perspective, Aave lost $8.45 billion in TVL in two days, and total DeFi TVL shrank by over $13.21 billion, as the market reprices the combined risk of "bridge vulnerabilities + LRT collateral."
This event once again demonstrates the double-edged nature of DeFi’s "Lego-like composability"—high capital efficiency and innovation, but also the risk that a single point of failure can cascade across the ecosystem in mere minutes.
