KelpDAO, a prominent liquid restaking protocol, was hit by a significant exploit on April 18, 2026, resulting in the loss of approximately $292 million in rsETH tokens. The attack, which targeted KelpDAO's LayerZero-powered cross-chain bridge, saw 116,500 rsETH drained to an attacker-controlled address. This incident marks one of the largest DeFi exploits of the year, sending ripples across the decentralized finance ecosystem.
Blockchain investigator Drake Evans highlighted the nature of the compromise, stating in a tweet, > "It looks like @KelpDAO was running their own peer which was compromised. Unsurprisingly it appears that @LayerZero_Labs is not compromised." Evans further noted that the message facilitating the unauthorized withdrawal originated from "EID 30320 aka from Unichain," indicating a specific vulnerability within KelpDAO's operational setup involving Unichain.
LayerZero Labs, the underlying cross-chain messaging infrastructure, confirmed it is working with KelpDAO to address the rsETH vulnerability. However, LayerZero emphasized that its core protocol and other applications utilizing its services remain secure. This clarifies that the exploit stemmed from an issue within KelpDAO's implementation and its interaction with LayerZero's messaging layer, rather than a direct breach of LayerZero's foundational security.
The attacker's wallet was reportedly funded via Tornado Cash, a common tactic for obfuscating transaction origins in DeFi exploits. Following the initial drain, KelpDAO's emergency multisig quickly paused the protocol's core contracts, preventing further attempts to siphon an additional 40,000 rsETH. The exploit led to immediate market reactions, including a 10% drop in the price of AAVE tokens, as lending platforms like Aave, which had rsETH exposure, froze markets to assess potential bad debt.
KelpDAO, a product under the KernelDAO umbrella, acknowledged the incident on social media, announcing an investigation with LayerZero, Unichain, its auditors, and security specialists. The protocol's rsETH liquid restaking token is deployed across over 20 networks, making the cross-chain bridge a critical component. This event underscores the persistent security challenges within the rapidly evolving DeFi landscape, particularly concerning cross-chain interoperability and the integration of third-party services.
