### **Kelp DAO Exploit: $292M Security Breach**
On **April 18, 2026**, liquid restaking protocol **Kelp DAO** suffered a massive exploit on its cross-chain bridge, resulting in the theft of **116,500 rsETH** (approximately **$292 million**).
### **Key Highlights**
* **The Vector:** The attacker exploited the **LayerZero-powered rsETH bridge**, specifically manipulating the lzReceive function to trigger an unauthorized release of funds.
* **Execution:** The attacker’s wallet was pre-funded via **Tornado Cash** to hide their identity.
* **The Response:** Kelp DAO’s multisig team paused the protocol **46 minutes** after the breach, successfully preventing two additional drain attempts.
* **Status:** All core contracts remain **paused** while Kelp DAO and LayerZero conduct a forensic investigation.
### **Quick Stats**
* **Total Loss:** $292,000,000
* **Asset Type:** rsETH (Liquid Restaked Token)
* **Timeline:** Attack occurred at 17:35 UTC; protocol paused at 18:21 UTC.
