The DeFi world experienced the largest security incident to date in 2026: the liquidity re-staking protocol Kelp DAO based on LayerZero's cross-chain bridge was hacked, resulting in the theft of 116,500 rsETH (approximately 292 million USD) in just 46 minutes, triggering a chain collapse.
📌 What is Kelp DAO?
In simple terms, Kelp DAO is a "liquidity re-staking" protocol under the EigenLayer ecosystem. Users stake ETH to it, and it gives you a "voucher token" called rsETH—this voucher can continue to earn extra income in DeFi protocols, effectively allowing one asset to be used "twice." This model has been very popular in the past two years, with Kelp's TVL (Total Value Locked) exceeding 1 billion USD before the attack.
💡 How did the hackers pull it off?
The core of the attack exploited a verification vulnerability in the LayerZero cross-chain messaging protocol. The hackers called the lzReceive method of the LayerZero EndpointV2 contract, fabricating a cross-chain message that led the Ethereum mainnet's bridging contract to mistakenly believe 'assets were locked on another chain', which caused it to release real rsETH.
In essence: the contract trusted a 'fake message' and spat out real cash.
⚡ How severe is the chain reaction?
The hackers deposited the stolen rsETH into Aave as collateral, then borrowed real ETH, cashing out about 106.5 million ETH (around $250 million).
Multiple DeFi protocols like Aave, Compound, and Euler urgently froze the rsETH market.
Panic spread, with over $5.4 billion in assets withdrawn from Aave for safety.
Justin Sun single-handedly withdrew over 53,665 ETH from Aave.
🤔 What does this incident signify?
Cross-chain bridges remain the most vulnerable link in DeFi. In recent years, several major hacking events (Ronin, Wormhole, Nomad) have concentrated on the bridging layer. With LRT (liquidity re-staking tokens) deeply intertwined with multiple chains and protocols, the greater the composability, the higher the systemic risk—one hiccup can trigger a 'domino effect' throughout the entire ecosystem.
Security audits, multi-signature mechanisms, and the rigor of cross-chain message verification are the true moats of DeFi.
