Kelp DAO Exploit

The Kelp DAO exploit of April 18, 2026 is the largest DeFi hack of 2026, with an attacker draining 116,500 rsETH — approximately $292 million and roughly 18% of the token's entire circulating supply — from Kelp's LayerZero-powered cross-chain bridge. The attacker manipulated LayerZero's cross-chain messaging layer into believing a valid instruction had arrived from another network, tricking Kelp's bridge into releasing its entire rsETH reserve to an attacker-controlled address. Because that reserve backed wrapped rsETH deployed across more than 20 layer 2 blockchains including Base, Arbitrum, Linea and Blast, the drain immediately called into question the backing of rsETH on every chain except Ethereum mainnet. Kelp's emergency multisig paused the protocol 46 minutes after the drain. Example: The exploit triggered an immediate contagion cascade: Aave froze rsETH markets on V3 and V4, SparkLend and Fluid froze their rsETH markets, and Lido paused further deposits into earnETH — illustrating how a single bridge exploit can simultaneously stress every protocol that accepted the affected token as collateral. Why it matters for cross-chain interoperability: The Kelp exploit underscores a systemic risk in the omnichain architecture — when a bridge holding reserves backing tokens on dozens of chains is drained, the liquidity crisis is not contained to one network. It propagates across all deployments simultaneously, amplifying the contagion far beyond what a single-chain hack would cause.

Category: defi, cross chain, crypto history

Explore the full Web3 Glossary — 2,000+ expert-curated definitions. Need guidance? Talk to our consultants.