The exploit, executed on April 18 at 17:35 UTC, targeted Kelp DAO's cross-chain bridge infrastructure across more than 20 networks including Arbitrum, Base, Linea, and Mantle. Kelp DAO is a liquid restaking protocol built on EigenLayer: users deposit staked ETH and receive rsETH, a yield-bearing token backed by EigenLayer's restaking rewards that had become widely accepted as collateral across DeFi lending markets including Aave. Attackers stole 116,500 rsETH, representing roughly 18 percent of the token's entire circulating supply. Chainalysis and bridge provider LayerZero have attributed the attack to TraderTraitor, a subunit of North Korea's Lazarus Group.

How the Attack Worked

The exploit was not a smart contract bug. Security firm Halborn's post-mortem describes a coordinated infrastructure attack. Attackers first compromised two internal RPC nodes that Kelp's bridge verifier network relied on to read transaction data from the source chain. They then launched a simultaneous DDoS attack to knock out legitimate external nodes, forcing the verifier to rely exclusively on the attacker-controlled nodes. With no alternative data sources, the verifier approved a forged cross-chain message releasing 116,500 rsETH to attacker wallets. As Halborn described it, "The attacker introduced a fake cross-chain message into the datasets provided by the RPC nodes." Malware on the infected nodes erased itself and deleted logs once the window closed.

The underlying weakness was a configuration choice. Kelp had deployed a 1-of-1 DVN (decentralized verifier network) setup on its LayerZero bridge, meaning a single verifier node was responsible for approving cross-chain transfers. A multi-node configuration requiring consensus among several independent verifiers would have blocked this attack even with one node fully compromised. LayerZero called the incident the work of "a highly-sophisticated state actor, likely DPRK's Lazarus Group, more specifically TraderTraitor."

Kelp DAO publicly acknowledged the incident, stating it was "investigating with LayerZero, Unichain, its auditors and outside security specialists," though the protocol had not disclosed how the exploit bypassed validation logic at the time of its first statement.

Aave Took the Heaviest Blow

Rather than selling the stolen rsETH, the attackers deposited 89,567 rsETH (roughly $221 million) into Aave V3 markets as collateral and borrowed approximately 82,650 WETH ($190.86 million) plus 821 wstETH ($2.33 million) across seven positions on Ethereum and Arbitrum.

This left Aave holding severely impaired collateral. Depending on how losses are distributed, Aave's governance forum estimates bad debt between $123.7 million and $230.1 million. The lower figure reflects a scenario in which losses are spread across the protocol as a whole, while the higher figure applies if losses are isolated to specific markets. Aave's Umbrella safety module was immediately identified as insufficient to cover the full shortfall, which is what triggered the broader coalition call. With Aave's treasury totaling approximately $181 million against a potential bad-debt ceiling of $230 million, the gap was large enough to require coordinated external support.

The fallout hit fast. Aave's total deposits dropped from $45.8 billion to $30.8 billion in four days. Protocol TVL (total value locked, a measure of assets held) fell from roughly $26.4 billion to $17.9 billion, knocking Aave from its position as the largest DeFi protocol by TVL to Lido.

Across all of DeFi, more than $13 billion in TVL evaporated within 48 hours as nine or more protocols including SparkLend, Fluid, Compound, Euler, and Upshift froze operations as a precaution. Ethena also paused LayerZero's broader OFT bridge infrastructure, and Lido paused earnETH deposits, illustrating the contagion spreading well beyond direct rsETH holders. The AAVE governance token fell approximately 10 percent.

Aave founder Stani Kulechov posted on X that "Aave is my life's work and we're working nonstop to find the best possible outcome" for users and market normalization.

The DeFi United Coalition

A recovery coalition called DeFi United has assembled a funding stack to cover the residual shortfall, estimated at between 75,000 and 89,500 ETH after Kelp's own asset freezes, a separate Arbitrum Security Council intervention, and partial liquidations. Those three sources together recovered approximately 73,700 ETH, which is the baseline from which the residual shortfall range is derived.

The Arbitrum Security Council voted 9-of-12 to freeze 30,766 ETH (roughly $71 million) connected to the attacker. The council noted it "did not make this decision lightly."

So far, public pledges include approximately 14,570 ETH from contributors such as Lido (2,500 stETH), EtherFi (5,000 ETH), Kulechov personally (5,000 ETH), and Golem (1,000 ETH). Mantle has offered a separate 30,000 ETH credit facility, though the terms attached to that arrangement have not been fully disclosed.

The proposed 25,000 ETH Aave DAO contribution would represent the single largest pledge. As of April 24, the proposal remains in community feedback stage and has not yet moved to a binding vote.

Regional Stakes

Kelp DAO's origins place this incident squarely inside South Asia's DeFi story. Founded in November 2023, the protocol was built in Bengaluru by co-founders Amitej Gajjala and Dheeraj Borra, drawing on experience at Stader Labs, one of India's most prominent liquid staking platforms. Gajjala previously led strategy at Swiggy, India's largest food-tech company, before co-founding Stader Labs in mid-2021, a path widely cited as emblematic of South Asian DeFi founding talent moving from consumer technology into decentralized finance.

Kelp had grown into a genuinely global protocol with 630,000 rsETH in circulation across more than 20 chains. That track record now faces serious scrutiny. Users holding rsETH on Layer 2 networks remain uncertain about redemption values until the shortfall is resolved, and liquidity pools and yield aggregators integrated with rsETH stay frozen or constrained.

For African DeFi users and builders, the Arbitrum Security Council's decision to freeze attacker funds underlines a persistent tension in Layer 2 design: the same governance powers that can intercept a state-sponsored thief can also be used to override account access in other circumstances. Developers in markets where DeFi serves as a primary banking alternative should weigh that trade-off carefully when selecting infrastructure. The DeFi United coalition raises a second question that is equally pointed for emerging-market participants: smaller or regionally oriented protocols are unlikely to command this scale of institutional solidarity in a crisis. For users building on niche regional infrastructure, there may be no backstop coalition available, and losses could fall entirely on depositors with no coordinated recovery mechanism in sight.

This is the second major DeFi exploit in April 2026 attributed to Lazarus Group, which also executed the $285 million Drift Protocol hack on April 1 through governance social engineering. The two attacks struck within 18 days of each other and combined total more than $575 million.

The Kelp attack adds a sharper lesson: off-chain infrastructure including RPC nodes, bridge verifiers, and multisig signers is now the primary attack surface, and protocol security audits that focus only on smart contracts are not sufficient.