Kelp DAO is a liquid restaking protocol that, before the attack, held more than $2 billion in total value locked and was integrated across more than 40 DeFi platforms on more than 20 chains. Its flagship token, rsETH, allowed users to earn stacking staking and restaking yields simultaneously while keeping liquidity accessible across those integrated platforms, making it one of the more systemically connected assets in the sector.

On April 18, 2026 at 17:35 UTC, attackers compromised Kelp DAO's LayerZero-powered cross-chain bridge and minted 116,500 rsETH tokens on a destination chain without burning corresponding tokens on the source chain. The result was a counterfeit inflation of roughly 18% of rsETH's circulating supply of approximately 630,000 tokens. Kelp's emergency multisig paused contracts 46 minutes later, blocking a second attempted drain of $95 million. Chainalysis and LayerZero have both attributed the attack to Lazarus Group, the North Korea-linked state actor also identified by the unit designation TraderTraitor used by Chainalysis and U.S. authorities, and tied to April's $285 million Drift Protocol exploit.

The root cause was not a bug in Kelp's smart contracts. Attackers used compromised RPC nodes and a coordinated DDoS operation to forge cross-chain messages. What made the forgery possible was Kelp's bridge configuration: a single Decentralized Verifier Node (DVN) was responsible for approving all cross-chain messages. LayerZero's own guidance recommended multiple independent verifiers, but Kelp used a 1-of-1 setup. On April 20, 2026, LayerZero initially placed full responsibility on Kelp, stating that "KelpDAO chose to utilize a 1/1 DVN configuration. A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective." Kelp countered that LayerZero personnel had reviewed its setup across eight integration meetings over two and a half years and raised no objections. On May 9, LayerZero issued a revised statement acknowledging shared fault: "We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions. We didn't police what our DVN was securing, which created a risk we simply didn't see."

The attackers deposited the minted rsETH as collateral across Aave and Compound, borrowing WETH and wstETH against positions that should not have existed. On Aave alone, 89,567 rsETH backed roughly $190.86 million in borrowed WETH and approximately $2.33 million in wstETH. Aave's total TVL dropped approximately $6 billion in the immediate aftermath. All WETH reserves across Aave V3 markets on Ethereum, Arbitrum, Base, Linea, and Mantle hit 100% utilization, locking out users who needed liquidity. Aave's governance forum estimated potential bad debt ranging from $123.7 million to $230.1 million depending on how losses were distributed across chains. Aave clarified in its official incident report: "Aave's smart contracts were not compromised at any point. All protocol logic continued to function as designed. The incident originated entirely outside Aave from external bridge conditions."

To prevent a disorderly collapse, Aave led the formation of DeFi United, an industry coalition that surpassed $300 million in ETH commitments. The recovery plan involved three steps: re-collateralizing rsETH by converting pledged ETH into rsETH in controlled tranches, liquidating the attacker's positions systematically rather than letting them cascade, and restoring the bridge lockbox's backing ratio to re-enable cross-chain operations. As of the latest Aave governance funding update, approximately 87,955 ETH has been recovered or made recoverable through a combination of frozen attacker funds (around 43,168 ETH from Kelp's internal freeze and 30,765 ETH coordinated by the Arbitrum Security Council with law enforcement) and liquidated collateral from Aave and Compound positions. A residual gap of roughly 75,081 ETH is being covered by a mix of ecosystem pledges totaling around 14,570 ETH, a 30,000 ETH credit facility from Mantle (making it the single largest contributor), a pending 25,000 ETH request from Aave's DAO treasury that had not received final on-chain approval at time of publication, and a combined 10,000 ETH contribution from LayerZero in the form of a donation and loan.

For users outside North America and Europe, the exposure was concrete and uneven. Mantle, a network with significant outreach toward Asian and emerging market participants, faced the highest proportional shortfall in the L2-isolated loss scenario, with a potential haircut of up to 71.45% on outstanding claims. rsETH had been integrated across Aave markets on Arbitrum, Mantle, and Linea, and users in South Asia and Africa who held rsETH or relied on Aave's WETH markets for borrowing were locked out during the freeze. Halborn Security, which published a post-exploit technical review, put the architectural lesson plainly: "Decentralization is non-negotiable: multi-signature or distributed verification prevents single-node compromises from enabling system-wide theft. The incident demonstrates that architectural centralization creates exploitable bottlenecks regardless of individual component security." Kenya's BitKE, one of Africa's most active blockchain publications, observed that "The incident highlights growing systemic risks in DeFi where deeply interconnected protocols can amplify the impact of a single exploit across the broader ecosystem."

Kelp has since migrated rsETH's bridge infrastructure from LayerZero to Chainlink CCIP. Solv Protocol followed, moving $700 million in tokenized Bitcoin infrastructure to CCIP. Reported total migration to CCIP across the DeFi sector now exceeds $3 billion. LayerZero has updated its policy to require a minimum 3-of-3 DVN configuration for high-value integrations, with configurations scaling up to 5-of-5 where available. The change increases latency and cost for cross-chain applications, with an outsized impact on lean developer teams in South Asia and Africa who have fewer resources to absorb the added overhead. With formal recovery operations now underway, the immediate question for the Kelp and Aave communities is whether the final funding stack closes the residual gap cleanly, or whether some form of loss socialization across Aave protocol revenues becomes unavoidable. The attack also fits into a broader and accelerating pattern: combined Lazarus Group losses across the Kelp and Drift exploits alone exceeded $577 million in April 2026, and North Korean state-sponsored actors have been linked to more than 70% of all DeFi exploits recorded so far this year.