CriticalActiveNo recent activityExploitINC-C84C9F

Kelp DAO Bridge Exploit

Confidence94% · High
TypeExploit
Est. Loss$5.0B
Signals34
First DetectedApr 27, 2026, 10:50 AM
Last SignalApr 20, 2026, 12:00 AM

Overview

Attacker forged a LayerZero cross‑chain message, tricking Kelp’s bridge into releasing rsETH to an attacker‑controlled address.

116,500 rsETH ($292M) drained from Kelp’s LayerZero‑powered bridge; stolen funds deposited into Aave to borrow $190M.

Protocols
Kelp DAOLayerZeroAaveKelpArbitrumKelpDAOSparkLendFluidUpshiftLidoCurve FinanceEthenaBitGoEulerSentoraSparkMorphoSkyjupLendCompoundEigenLayerDeFi UnitedAAVE
Chains
EthereumArbitrumBaseMantleLineaUnichainLayerZeroSolanaBlastScroll
Assets
rsETHETHWETHKELPDRIFTAAVEUSDTUSDCWrapped EtherAave Wrapped EtherwETH

Sources & Timeline

  1. UpdateCointelegraph100%

    Attacker exploited bridge contract using Tornado Cash-funded address.

    Apr 18, 2026, 10:06 PMRead on Bytewit →
  2. NewCoinDesk95%

    Attackers tricked Kelp's cross-chain bridge into releasing 116,500 rsETH, then deposited stolen tokens on Aave to borrow WETH.

    Apr 19, 2026, 2:56 PMRead on Bytewit →
  3. NewCointelegraph90%

    Exploit in Kelp’s cross-chain bridging architecture led to massive fund drain and immediate freezes of rsETH markets.

    Apr 19, 2026, 4:37 PMRead on Bytewit →
  4. NewDecrypt95%

    Exploit of Kelp DAO's rsETH bridge due to single-signer vulnerability allowed minting of unbacked tokens.

    Apr 19, 2026, 7:12 PMRead on Bytewit →
  5. NewCoinDesk95%

    Compromised single-signer setup in Kelp's rsETH bridge allowed unauthorized token minting.

    Apr 19, 2026, 10:27 PMRead on Bytewit →
  6. NewCointelegraph100%

    The $293M Kelp DAO bridge exploit led to bad debt on Aave after attackers borrowed against stolen collateral.

    Apr 20, 2026, 3:13 AMRead on Bytewit →
  7. NewCoinDesk100%

    The $292M KelpDAO bridge exploit triggered panic withdrawals, freezing markets, and a sharp decline in DeFi TVL.

    Apr 20, 2026, 4:51 AMRead on Bytewit →
  8. UpdateCoinDesk90%

    Attacker exploited KelpDAO bridge to mint 116,500 unbacked rsETH, deposited them into Aave, and borrowed real ETH; Aave froze markets, triggering a withdrawal run.

    Apr 20, 2026, 9:27 AMRead on Bytewit →
  9. NewCointelegraph95%

    Attacker exploited single‑verifier setup in Kelp’s LayerZero‑powered bridge to drain funds.

    Apr 20, 2026, 10:47 AMRead on Bytewit →
  10. UpdateDecrypt90%

    Compromised verification channel allowed attacker to fake withdrawal confirmations.

    Apr 20, 2026, 11:35 AMRead on Bytewit →
  11. UpdateCoinDesk95%

    Attackers compromised LayerZero verifier servers via server poisoning, leading to unauthorized bridge withdrawals.

    Apr 20, 2026, 2:41 PMRead on Bytewit →
  12. NewCointelegraph90%

    Hackers compromised two nodes tied to the LayerZero bridge, allowing them to mint 116,500 rsETH and borrow wETH on Aave.

    Apr 21, 2026, 3:41 AMRead on Bytewit →
  13. UpdateCoinDesk95%

    Exploit of KelpDAO's LayerZero-powered bridge led to $292M loss; Arbitrum council acted on law enforcement input to freeze attacker funds.

    Apr 21, 2026, 5:55 AMRead on Bytewit →
  14. NewCoinDesk95%

    The $292M Kelp DAO rsETH bridge exploit caused bad debt on Aave, leading to a bank run and 100% utilization lock-up.

    Apr 21, 2026, 3:52 PMRead on Bytewit →
  15. UpdateCoinDesk90%

    Attackers exploited a single-validator bridge to mint unbacked tokens, then borrowed against them across lending platforms.

    Apr 21, 2026, 6:25 PMRead on Bytewit →
  16. NewCointelegraph90%

    Kelp DAO's use of a single verifier on LayerZero enabled the exploit.

    Apr 22, 2026, 12:29 PMRead on Bytewit →
  17. UpdateCointelegraph100%

    The article reports Aave deposit flight and bad debt following Kelp DAO exploit.

    Apr 22, 2026, 1:47 PMRead on Bytewit →
  18. UpdateCointelegraph90%

    Following the Kelp exploit, Arbitrum Security Council froze exploiter's ETH; Aave seeks redirection to DeFi United fund.

    Apr 27, 2026, 4:20 AMRead on Bytewit →
  19. UpdateCointelegraph95%

    Exploit of Kelp DAO's rsETH bridge due to configuration issue triggered $290M loss and Aave bad debt.

    Apr 27, 2026, 7:00 AMRead on Bytewit →
  20. UpdateDecrypt90%

    Coordinated relief effort surpasses $300M in contributions toward covering exploit losses.

    Apr 27, 2026, 8:56 PMRead on Bytewit →
  21. Post-mortemCoinDesk80%

    The April 18 bridge hack that impacted rsETH on Aave triggered a broad recovery effort.

    Apr 27, 2026, 9:40 PMRead on Bytewit →
  22. UpdateCointelegraph95%

    Kelp bridge released rsETH without burn on Unichain, leaving $293M in unbacked rsETH.

    Apr 28, 2026, 1:42 PMRead on Bytewit →
  23. UpdateCoinDesk90%

    Recovery plan published following April 18 exploit that minted 116,500 unbacked rsETH.

    Apr 28, 2026, 3:43 PMRead on Bytewit →
  24. Post-mortemCoinDesk95%

    Hack on KelpDAO and subsequent collateral borrowing on AAVE caused a bank-run dynamic.

    Apr 29, 2026, 12:55 PMRead on Bytewit →
  25. UpdateCointelegraph90%

    Aave's emergency motion led to a court order modifying the restraining notice.

    May 9, 2026, 11:12 AMRead on Bytewit →
  26. Post-mortemCointelegraph90%

    The incident was triggered by Lazarus Group hacking Kelp DAO on April 18, 2026.

    May 26, 2026, 3:14 AMRead on Bytewit →
  27. NewCoinDesk90%

    The exploit was caused by a flawed cross-chain message verification on KelpDAO's bridge using LayerZero.

    Apr 20, 2026, 8:53 PMRead on Bytewit →
  28. UpdateCoinDesk95%

    Exploit leveraged flaws in Kelp's LayerZero message verification, creating unbacked rsETH used as collateral.

    Apr 20, 2026, 9:03 PMRead on Bytewit →
  29. NewCoinDesk95%

    LayerZero attributes exploit to Lazarus Group, who targeted RPC infrastructure to forge a cross-chain message.

    Apr 20, 2026, 5:01 AMRead on Bytewit →
  30. NewCoinDesk100%

    Attacker tricked cross-chain messaging layer to release funds from bridge.

    Apr 18, 2026, 8:53 PMRead on Bytewit →
  31. NewDecrypt98%

    A single crafted message to the KelpDAO bridge released 116,500 rsETH to an attacker, who deposited it as collateral on Aave.

    Apr 20, 2026, 12:33 PMRead on Bytewit →
  32. NewCoinDesk100%

    The exploit was caused by a configuration vulnerability in Kelp DAO's cross-chain verification layer, allowing an attacker to forge a message and drain rsETH.

    Apr 19, 2026, 5:49 PMRead on Bytewit →
  33. NewCoinDesk90%

    Attacker forged a LayerZero cross‑chain message, tricking Kelp’s bridge into releasing rsETH to an attacker‑controlled address.

    Apr 22, 2026, 4:22 PMRead on Bytewit →
  34. UpdateCointelegraph95%

    The freeze was implemented after the Kelp bridge exploit led to millions in bad debt on Aave and law enforcement input.

    Apr 21, 2026, 6:00 AMRead on Bytewit →
Kelp DAO Bridge Exploit | Bytewit Incidents