290 million per hour: technical post-mortem of the Kelp DAO rsETH bridge exploit
On April 18, 2026, at 17:35 UTC, one of the largest DeFi exploits of 2026 occurred. The attacker withdrew 116,500 rsETH (approximately $292–293 million at the current exchange rate) through a LayerZero OFT-based bridge. This is about 18% of the total circulating supply of rsETH.
Important: the main protocol of Kelp DAO (deposit pools, EigenLayer integration, and restaking logic) was not affected. The blow was exclusively on the cross-chain bridge — the OFT adapter (Omnichain Fungible Token) built on top of LayerZero infrastructure.
How exactly the exploit took place (technical analysis)
1. Preparation
About ~10 hours before the attack, the attacker's wallets received funds via Tornado Cash (a classic method for laundering incoming capital and concealing its origin).
2. Critical call
The attacker executed the lzReceive function call on the LayerZero EndpointV2 contract.
This call went through Kelp DAO’s OFT bridge contract and led to the issuance (mint) or unlocking of 116500 rsETH without the corresponding backing on the source chain.
Transaction: 0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222 (Ethereum).
Events in the logs show that the bridge accepted the message as valid, although it apparently came from an incorrect/test peer or with manipulation of the verification.
3. Mechanics of the vulnerability (assumed)
This is not a classic reentrancy or integer overflow in Solidity.
This is a typical configuration vulnerability of the bridge: - Weak peer verification in the security stack of LayerZero (Ultra Light Node / EndpointV2).
- Lack of strict validation of source chain + nonce + payload in the specific implementation of the Kelp OFT adapter.
- The possibility of substitution or forgery of cross-chain messages that the bridge interpreted as legitimate unlock/mint.
LayerZero OFT allows the token to 'fly' between chains with minimal trust, but in exchange requires very precise tuning of verifiers, DVNs (Decentralized Verifier Networks), and libraries. It seems that this is where the gap arose.
4. Monetization (17:35–18:21 UTC)
Immediately after receiving rsETH, the attacker began depositing tokens as collateral in lending protocols:
- Primarily Aave V3 and V4 (Ethereum + Arbitrum).
Also Compound V3, Euler, and others.
Large loans were taken against rsETH in WETH/ETH and other assets.
Part of the funds was withdrawn into 'clean' ETH and distributed across several addresses.
As a result, significant bad debt (unsecured positions) formed on Aave, as rsETH lost trust and liquidity after the pause.
Team reactions (response time is critical)
- Kelp DAO: after 46 minutes (at 18:21 UTC) the emergency multisig activated the pauser. All main contracts of rsETH (token, deposits, withdrawals, oracles) were paused on Ethereum and several L2s. The next two attempts of the exploit were blocked.
An official statement was released around 20:10 UTC. The team is collaborating with LayerZero, Unichain, auditors, and security experts for root cause analysis (RCA).
- Aave: at 20:01 UTC froze all rsETH markets on V3 and V4. The main contracts of Aave are unaffected. Coverage of potential bad debt through the Safety Module is planned.
- Other protocols (SparkLend, Fluid, Ethena, Yearn, Pendle, etc.) quickly froze or limited positions with rsETH.
Why this is important
- This is a reminder that cross-chain bridges remain one of the most dangerous surfaces in DeFi. Even when using 'modern' solutions like LayerZero OFT, the risks of configuration and verification of peers do not disappear.
- Liquid restaking tokens (LRT) with high multi-chain exposure become particularly attractive targets: large TVL + use in lending → cascading effect.
- The incident affected the ecosystem more broadly: pressure on the AAVE price (–10–13%), temporary loss of trust in rsETH, freezes across DeFi.
What next (at the time of writing)
- rsETH contracts are still paused.
- An investigation is underway: Kelp + LayerZero + auditors.
- Expected: full post-mortem, migration plan to rsETH v2 (if necessary), possible blacklist of attacking addresses, discussion of compensations.
- The attacker is currently holding funds in consolidated addresses.