Kelp DAO Just Got Drained for $293M: Inside the Biggest DeFi Hack of 2026

At 17:35 UTC on April 18, 2026, a single transaction rewrote the DeFi security playbook. In 46 minutes, an attacker drained 116,500 rsETH — roughly $293 million — from Kelp DAO's cross-chain bridge. That's 18% of rsETH's entire circulating supply, gone. Not rug-pulled, not drained through a phishing link. Exploited. Surgically. Through a spoofed LayerZero cross-chain message that the protocol had no mechanism to reject.

The fallout: $280M+ in bad debt dumped on Aave, Compound, Euler, and SparkLend. AAVE token dropped 19% in three days. rsETH holders on 20+ Layer 2 networks potentially sitting on unbacked tokens. And Kelp DAO — which operates under the KernelDAO umbrella — didn't even acknowledge the drain until three hours after the attack began.

Bloomberg confirmed it as the biggest DeFi exploit of 2026. It happened in the context of a catastrophic two-week period for the industry: $600M+ stolen across DeFi, 10+ protocols compromised. This one takes the crown.

Let's break down exactly what happened, who built the kill chain, and what it means for everyone holding liquid restaking tokens right now.

What Is Kelp DAO and rsETH?

If you're not neck-deep in restaking lore, here's the 60-second explainer. Kelp DAO is a liquid restaking protocol built on EigenLayer. When you deposit ETH or LSTs (liquid staking tokens like stETH) into Kelp, you receive rsETH — a receipt token representing your restaked position.

The value proposition: instead of your ETH just sitting there earning staking yields, restaking lets it simultaneously secure additional protocols (called Actively Validated Services) for extra yield. rsETH is your claim on all that yield, packaged in a transferable ERC-20 token.

The cross-chain part is where things get spicy. rsETH is deployed on 20+ Layer 2 networks — Base, Arbitrum, Linea, Blast, Mantle, Scroll, and more. To move rsETH between these chains, Kelp uses LayerZero, an omnichain messaging protocol. The rsETH bridge relies on LayerZero's EndpointV2 contract to authenticate and relay messages between chains.

That bridge architecture is exactly where the attacker found their in.

How the Hack Went Down: A 46-Minute Kill Chain

This wasn't opportunistic. The attacker had clearly mapped Kelp's bridge architecture in advance. Here's the timeline, beat by beat:

Hours before the attack: The attacker funded their wallets through Tornado Cash, breaking the on-chain link between their funding source and attack wallets. Classic obfuscation move — nothing new, but methodical.

17:35 UTC — The exploit transaction fires: The attacker crafted a malicious cross-chain message targeting LayerZero's EndpointV2 contract. The message spoofed a legitimate bridge release request — essentially telling Kelp's bridge contract "yes, this is a valid cross-chain transfer, release the rsETH." The drain transaction hash: 0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222.

The core vulnerability: the bridge's message verification was insufficiently strict. LayerZero's architecture relies on configurable trust assumptions — specifically, which oracles and relayers are considered trusted for a given app. Kelp's deployment allowed a spoofed message to pass validation and trigger the release of 116,500 rsETH in a single shot.

The next 40 minutes: The attacker didn't wait. The freshly minted rsETH hit DeFi's composability stack immediately. Deposits into Aave V3, Aave V4, Compound, and Euler. rsETH was still trading near peg at this point — lending protocols hadn't priced in the attack. The attacker used the stolen rsETH as collateral to borrow real ETH and WETH.

18:21 UTC — The cavalry (barely) arrives: Kelp's emergency pauser multisig detected the exploit and froze the bridge contracts. Forty-six minutes after the initial drain. Two follow-up attack attempts worth a combined $100M were blocked. But the damage was done.

The Money Trail: How You Launder $293M On-Chain

One of the most important questions after a DeFi hack: where does the money go? The answer reveals a masterclass in DeFi composability being weaponized as an exit pipeline.

Deposit → Borrow → Swap → Consolidate Pipeline

The attacker's laundering chain was elegant in its brutality:

1. Deposit rsETH as collateral into Aave V3, Aave V4, Compound, and Euler — all of which accepted rsETH as a valid collateral asset at the time of the attack
2. Borrow real, liquid ETH and WETH against the rsETH collateral. At peak, the attacker borrowed at aggressive LTV ratios before the protocols started repricing
3. Swap and consolidate through Uniswap and Kyber — fragmenting the trail across multiple DEX paths to complicate tracking
4. Consolidate into ~74,000 ETH across a cluster of attacker-controlled wallets

The net effect: the attacker turned ~$293M of freshly minted (and now effectively unbacked) rsETH into ~74,000 ETH — real, liquid, Ethereum. The rsETH positions they left behind as collateral? Worthless. That's the $280M+ bad debt now sitting on lending protocols.

Why DeFi Composability Is a Feature AND a Bug

The word "composability" gets thrown around like it's purely a positive. This attack is the clearest illustration of why it isn't.

Composability means any token, any protocol, any chain can interact permissionlessly. That's powerful for building yield strategies, but it also means a hacker who steals a token at step one can immediately plug it into steps two through ten — each protocol treating the stolen token as legitimate until the bad news propagates.

Aave, Compound, and Euler didn't "fail" here in any traditional sense. They were operating normally. The problem is that their risk parameters — set before this exploit — didn't account for an 18%-of-supply bridge drain making rsETH effectively worthless. By the time the signal reached them, the attacker had already exited.

This is the systemic risk problem that DeFi has not solved: oracle latency + composability + large enough attack = exit before the system can respond.

The Fallout: Who Got Rekt

The blast radius on this one is wide. Let's run the damage report:

Aave V3 + V4: Froze rsETH markets across both versions after the exploit. Estimated ~$177M in bad debt from undercollateralized rsETH positions. AAVE governance emergency proposals were live within hours. The AAVE token itself dropped ~19% over the three days following the attack as the market priced in bad debt uncertainty.

SparkLend, Fluid, Compound, Euler: All affected to varying degrees. The combined bad debt across these protocols plus Aave totals $280M+. These are real losses — protocol treasuries and liquidity providers absorb them over time through bad debt socialization or governance-approved backstops.

rsETH holders on L2s: This is the quietly devastating part. rsETH is deployed on 20+ Layer 2 networks. Those tokens are now potentially unbacked — the Ethereum mainnet rsETH that backs them was drained. L2 holders on Base, Arbitrum, Linea, Blast, Mantle, and Scroll may be holding tokens that have no redemption path until (if) Kelp's recovery plan addresses them.

The broader ecosystem: Lido paused earnETH deposits. Ethena paused LayerZero bridges entirely as a precaution. Two of the biggest yield-bearing protocols in DeFi went into defensive mode because one exploit on one bridge shook confidence in the entire cross-chain architecture.

Kelp DAO / KernelDAO: Three hours of silence after a $293M drain is a comms catastrophe. The team eventually acknowledged the exploit and froze contracts, but the narrative was already set. Trust, once lost, compounds negatively just like bad debt.

Is Your rsETH Safe? What to Check Right Now

If you're holding rsETH or have positions that involve rsETH as collateral, here's a practical checklist for right now:

Step 1: Check which chain your rsETH is on. Mainnet rsETH holders are in a different position than L2 holders. Mainnet rsETH is closer to the underlying collateral and recovery mechanisms. L2 rsETH is one additional abstraction removed — and those bridges are frozen.

Step 2: Check your lending positions. If you used rsETH as collateral on Aave, Compound, or any other lending protocol, check your health factor immediately. Even frozen markets can have existing positions that move toward liquidation as rsETH's oracle price updates.

Step 3: Monitor Kelp's official channels. Not Twitter. Not Telegram. The official Kelp DAO governance forum and GitHub. Rumors move faster than facts in these situations. KernelDAO will publish a post-mortem and recovery plan — wait for that before making decisions.

Step 4: Don't panic-sell into low liquidity. rsETH markets are thin right now. If you sell into a frozen, low-liquidity market, you're going to eat significant slippage on top of whatever loss you're already facing. Assess your actual exposure before moving.

Step 5: Review your broader restaking exposure. If you hold other liquid restaking tokens (weETH, ezETH, pufETH), assess whether their bridge architectures have similar LayerZero trust assumptions. This exploit pattern is now public knowledge — copycat attempts on weaker forks are a real risk.

And seriously — use a proper portfolio risk tool going forward. Checking your exposure after a $293M exploit is reactive. What you need is proactive protocol health monitoring.

Why Bridge Hacks Keep Happening — and Why They'll Get Worse

This is the fourth major bridge exploit in 18 months. Ronin was $625M. Wormhole was $320M. Nomad was $190M. Now Kelp is $293M. The pattern is not a coincidence — it's structural.

The Trust Model Problem

LayerZero is not inherently insecure. The issue is the trust model it exposes to application developers. LayerZero lets each application configure its own oracle and relayer — the two components that verify cross-chain messages. This is flexible and powerful, but it means security is only as good as the application's configuration.

Kelp's EndpointV2 configuration apparently allowed message validation that could be spoofed with a sufficiently crafted payload. The precise mechanism is still being analyzed in the post-mortem, but the surface area — an application-layer configuration that permits forged messages under certain conditions — is a known risk class in omnichain architectures.

The deeper problem: bridges are trust boundaries by definition. When you move value between chains, you're trusting something to verify that a "send" on chain A corresponds to a "receive" on chain B. Every attack vector on bridges targets that trust. Whether it's a compromised multi-sig (Ronin), a buggy merkle proof (Wormhole), or a spoofed oracle message (this attack) — the attack is always about subverting the verification step.

What Would Actually Fix This

The honest answer? Nothing fixes this entirely. But there are meaningful improvements that would have reduced this exploit's impact:

• Circuit breakers with hard supply limits: A smart contract rule that automatically pauses any bridge release exceeding X% of circulating supply in a single transaction would have stopped this cold. 18% of supply in one tx is a red flag visible from orbit.
• Faster automated monitoring: 46 minutes is an eternity. On-chain anomaly detection that triggers automatic pauses at the contract level — not dependent on humans watching dashboards — closes that window.
• Cross-protocol communication: Aave, Compound, and Euler froze rsETH markets, but only after significant bad debt had accumulated. A shared, real-time protocol risk broadcast system would allow lending markets to freeze rsETH collateral the moment a bridge anomaly is detected.
• Native ZK verification for bridges: ZK proofs can mathematically verify cross-chain state without trusting an oracle or relayer. Projects building ZK-based bridges (Succinct Labs, zkBridge) are building toward this. It's not production-ready at scale yet — but this attack is a clear argument for accelerating that roadmap.

The $600M drained across DeFi in the two weeks leading up to this attack tells you something important: we're in a phase where the attack tooling is getting more sophisticated faster than the defense tooling. AI-assisted exploit discovery — where models are used to map contract state machines and identify exploitable paths — is already being discussed in security circles as an emerging threat vector. The Kelp attack shows no signs of AI involvement, but the next generation of bridge attacks might.

The Bottom Line

The Kelp DAO hack is a $293M lesson in the hidden fragility of cross-chain DeFi. The protocol did several things right: it had an emergency pauser. It did eventually freeze contracts. It did block follow-up attempts. But right isn't enough when an 18%-of-supply drain can happen in a single transaction before humans can react.

rsETH as a concept isn't dead. Liquid restaking isn't dead. Cross-chain bridging isn't dead. But trust — in this specific protocol, in bridge architectures broadly, in the idea that LayerZero configurations are hardened enough for nine-figure TVL — took a significant hit on April 18, 2026.

The broader takeaway for every degen holding yield-bearing tokens on L2s: your risk isn't just the token. It's the bridge that backs it. It's the lending protocol that accepts it as collateral. It's the oracle that prices it. It's every composability layer between you and your underlying ETH. The $293M number is the visible damage. The invisible damage — to trust, to bridge usage, to rsETH peg recovery — will take much longer to quantify.

Check your positions. Review your bridge exposure. And maybe — just maybe — don't park nine-figure sums on a bridge architecture that hasn't been stress-tested at this scale.

Not financial advice. DYOR. But seriously — do your research with the right tools.