An attacker from the Lazarus hacking group in North Korea extracted 116,500 rsETH from the Kelp DAO's cross-link bridge without cracking any of the smart contract code-approximately $292 million at the current market value, which is equivalent to 181 TP3T of the total circulating supply of rsETH. 18%.There were only 46 minutes between the successful attack and the emergency suspension of the Kelp DAO. These 46 minutes were the most expensive 46 minutes of DeFi 2026.
Even more shocking: this vulnerability was publicly documented on Aave's governance forums 15 months ago, and no one has fixed it.
I. Full Timeline of Events: 46-minute Response Process
Pre-attack Preparation Stage
Kelp DAO is a liquid repledging protocol that allows users to deposit ETH, receive additional pledge proceeds through EigenLayer, and obtain rsETH as a tradable token. rsETH is deployed on over 20 blockchains, with cross-chain movement relying on LayerZero's bridging infrastructure.
The attackers accomplished complex preparations beforehand: they successfully compromised two RPC nodes used by the LayerZero Labs DVN (Decentralized Validation Network) and planted malware on these nodes, enabling them to report false on-link status to the DVN, while still reporting real data for requests to other IP addresses to evade detection by the security monitoring system.
Day of Attack: Precise Three-Step Strike
17:35 UTC: The attack is officially launched. The attacker launches a DDoS attack against an external RPC node used by the LayerZero Labs DVN, forcing the system to switch to a contaminated spare node. The contaminated node then reports to the DVN that a large amount of rsETH has been destroyed on the source chain (Unichain) - when in fact no destruction has taken place at all, and the LayerZero Labs DVN confirms the legitimacy of the cross-chain message based on this false report. The contract on the ethereum main chain received confirmation and released 116,500 rsETH from the escrow address to an address controlled by the attackers.
The whole process - a legitimate chain transaction - is based on a completely false perception of reality.
17:35 to 18:00 UTC (first 25 minutes after the event)The attackers acted quickly, allocating 116,500 rsETH to Aave V3 (Ether and Arbitrum), Compound V3, and Euler, lending over $236 million in real WETH using rsETH as collateral. aave V3 alone faces an estimated $177 million in bad debt.
18:21 UTC (46 minutes after the attack): An emergency multi-signature suspension of the Kelp DAO froze the core contract. Subsequently, at 18:26 UTC and 18:28 UTC, two follow-up attacks attempted by the attackers - each attempting to withdraw approximately 40,000 rsETH (worth approximately $100 million) again - failed due to contract suspensions.
Without this 46-minute emergency response, the total loss could have been close to US$490 million.
Aave, SparkLend, and Fluid froze all rsETH markets within hours. aave's TVL fell by about $6 billion after the incident, and the total value of the entire DeFi lockup fell by about $14 billion. on april 21, 2026, the Arbitrum cybersecurity committee froze the attackers' 30,766 ETH (about $71 million), roughly equivalent to 25% of the stolen funds. On April 21, 2026, the Arbitrum Cybersecurity Committee froze 30,766 ETH (approximately $71 million) of the attacker's funds, which equaled approximately 25% of the stolen funds.
What is the DVN 1-of-1 vulnerability? Let's use the simplest analogy to explain
Trust Mechanisms Across Chain Bridges
To understand the nature of this attack, it is important to understand the trust mechanism across the link bridge.
When you bridge a token from chain A to chain B, the system needs a "referee" to confirm that a corresponding asset lock or destruction has occurred on chain A. This referee is called a DVN (Decentralized Validation Network) in LayerZero's architecture. This referee, in LayerZero's architecture, is called a DVN (Decentralized Validation Network).
The question is: Who is going to make sure that this referee is telling the truth?
LayerZero is designed to allow protocols to configure multiple independent DVNs, and cross-chain actions will only be executed when all (or a specified number of) DVNs acknowledge that the message is valid. It's like an apartment building that needs multiple keys to unlock the safe; no operation can be completed without any of them.
Kelp DAO's Deadly Choice
However, rsETH is configured in such a way that only LayerZero Labs' own DVNs are required to acknowledge messages - the so-called "1-of-1" setting.
To use the simplest analogy: it is like a safe in a building designed to be opened by a single key, which is kept by a staff member of the security company. Once that staff member is cheated or coerced, the safe is completely unprotected.
If Kelp DAO uses "2-of-3" or "3-of-5" multi-DVN setup, even if the attacker successfully contaminated LayerZero Labs nodes, other independent verifiers will find that the message does not match the actual state of the chain and refuse to confirm. This attack will be technically invalid.
Recent Recent Posts:
2026 Latest 6 Free Coin Ring Tools Inventory|Where to find the data on the chain?
2025 Latest OKX Web3 Wallet Tutorial: Does it work? How to create it? A Guide to Safe Operation, Multi-Link Support, and Time-Limited Airdrops
2026 Latest Polymarket Tutorial|How to find out the insiders and realize the high win rate!
2025 New DeFi Beginner's Guide|Teaching you to earn stable money passive income! Introducing 3 popular programs, DeFiLlama tool tutorial!
Disputes over attribution of responsibility
After the incident, a public dispute over liability erupted between LayerZero and Kelp DAO.
LayerZero's statement emphasizes that the Kelp DAO chose to use a 1-of-1 configuration despite being aware of many DVN best practices, so the onus is on the application layer, not the protocol layer.
The Kelp DAO counters that LayerZero's own V2 OApp Quick Start Guide and default GitHub configuration is itself a 1-of-1 setup; that LayerZero never sent Kelp specific configuration changes; and that statistically, about 40% of the protocols on LayerZero are still using the same 1-of-1 configuration. -of-1 configuration on LayerZero.
This dispute over responsibility reflects a systemic problem in the security culture of the entire cross-link bridge ecosystem: when the vulnerability is a "bad choice in compliance" rather than a "bad code mistake", who should bear the responsibility?
How does the Arbitrum freezing mechanism work?
Why a 'decentralized' chain can freeze money
Perhaps the most surprising aspect of the incident was the success of the Arbitrum Network Security Committee in freezing the attacker's 30,766 ETH on April 21st, which raises a legitimate question: how can a decentralized blockchain freeze users' funds?
The answer lies in the fact that Arbitrum is still in the early stages of its decentralized roadmap, retaining a multi-signature "Security Council" mechanism. This council consists of 12 members who can take protective actions in case of emergency, including upgrading contracts and, on a technical level, influencing the confirmation of specific states.
This does not mean that Arbitrum is centralized, but rather that an emergency intervention mechanism exists in reality until decentralized governance fully matures. The existence of this mechanism is a compromise between the security design and decentralized ideals of the DeFi protocol.
25%'s funds frozen: enough?
Currently, the Arbitrum Security Council has frozen funds equal to approximately 25% of the total amount stolen, and the whereabouts of the remaining 75% is still under investigation. According to Chainalysis' chain analysis, some of the stolen funds have been transferred via coin-mixers, a common tactic used by the Lazarus hacking organization.
Kelp DAO has stated that it is working on a "proactive remedy", but the specific compensation plan and timeline have not yet been announced. For rsETH holders, the most important thing to do is to wait for the official announcement, rather than taking any action that may aggravate losses.
The Current Status of rsETH and the Progress of Official Rescue
In the aftermath of the incident, holders of rsETH on multiple chains were faced with a serious question: if the bridge reserve had been emptied, would rsETH on these chains still be backed by real ETH?
The key difference is that the Kelp DAO's core repledging contracts were not attacked. The rsETH backed by real user deposits on the ethereum main chain is still valid, and the EigenLayer delegation relationship is intact. What was compromised was the reserve of cross-chain versions that circulate on non-Ether chains.
This means that users holding rsETH on the ethereum main chain still theoretically hold valid pledged certificates. However, users holding rsETH on L2 and other chains face greater uncertainty because the cross-chain reserves behind them are partially missing.
Currently, Kelp DAO and LayerZero are conducting a joint investigation with SEAL Org, a security incident response organization, and have committed to releasing a joint after-action report when the information is complete.LayerZero has announced that it will stop signing messages for any application still using a 1-of-1 DVN configuration, mandating an industry-wide multi-DVN migration.
What should rsETH holders do now?
If you currently hold rsETH, the following is a suggested framework based on the information available, but emphasize that this is not investment advice and that the final decision should be based on your personal circumstances and following up on official announcements.
First, find out which chain you are holding rsETH on. A rsETH holding on the main Ether chain faces a different level of risk than a cross-chain version held on L2s such as Arbitrum, Base, Linea, etc. Confirming which chain your position is on is the basis for determining the next step.
Secondly, do not take any hasty action for the time being. Until the Kelp DAO announces a formal compensation plan, it may not be optimal to try to sell cross-chain rsETH in the secondary market that may carry a chain discount. Post-event rescues of DeFi agreements typically involve a snapshot compensation mechanism, and a position before the snapshot point in time is often more favorable than after a sale.
Thirdly, keep an eye on the official announcement channels of Kelp DAO and LayerZero. All official updates are released via the official Kelp DAO Twitter feed (@KelpDAO) and the official LayerZero blog, and any third-party notification of compensation claiming to represent officialdom should be considered a potential scam.
Lesson: How to choose DeFi bridge security?
The Kelp DAO attack has special significance in the history of DeFi security. Most previous bridge attacks involved vulnerabilities at the code level of smart contracts - attackers found flaws in the code logic and used it to extract funds. This attack was completely different: all the smart contract code worked correctly and all the on-chain transactions were fully compliant - the problem was that the off-chain infrastructure was contaminated with false input data.
According to KuCoin's analysis, the logic of the attack is that a forged cross-chain message telling the ethereum mainchain that "an equivalent asset has been locked on another chain" triggers the mainchain to cast rsETH. The cast rsETH itself has no real backing, but its on-chain record is perfectly "legitimate" and therefore accepted as collateral in lending agreements.
This pattern of attacks suggests an industry blind spot: traditional security audits are about "finding vulnerabilities in the code of a contract," but in this case the vulnerability wasn't in the code at all-it was in the deployment configuration, and configuration auditing is still an emerging, immature practice in the industry.
For the average DeFi user and developer, this incident provides a concrete framework for security assessment.
First, how many independent DVNs does this bridge use? The 1-of-1 setting has been proven by this incident to have a single point of failure risk. Any rational bridge design should use at least a 2-of-3 or higher threshold for multiple validations.
Second, are DVNs truly independent of each other? Multiple DVNs that rely on the same RPC infrastructure or are operated by the same entity are only superficially independent and do not provide true multi-point authentication protection.
Third, does the protocol have a mechanism for cross-checking the state of the chain? Chainalysis points out that the most effective defense against this attack is cross-chain invariant monitoring - continuously verifying that the number of tokens released by the destination chain mathematically matches the number destroyed by the source chain. The most effective defense against this attack is cross-chain invariant monitoring-continuously verifying that the number of tokens released by the destination chain mathematically matches the number destroyed by the source chain.
Fourth, does the agreement have an emergency suspension mechanism? The Kelp DAO's emergency suspension in 46 minutes prevented an additional $200 million in damages. A protocol without emergency suspension capability leaves little room for protection in the event of an attack.
DeFi's security perimeter is no longer just code - it extends to the off-chain infrastructure that you can't see directly. These four questions are worth asking seriously before you choose to deposit your assets into any bridging protocol.
Disclaimer
The content of this article is for reference only, investors should exercise independent judgment, invest with caution and at their own risk, this article does not provide or attempt to persuade viewers to trade or invest on the basis of the content of this article is for sharing purposes only, and should not be regarded as investment advice, and does not represent the Monsterblockhk viewpoints and positions, all information and views of the specific date of the judgment of the time-limited nature. In addition, if any content in this website involves virtual asset trading platforms that have not yet obtained a license to operate virtual asset trading platforms in Hong Kong, including but not limited to text introductions, pictures, promotions, events, etc., they are only available to users outside of the Hong Kong Special Administrative Region.
According to the Hong Kong Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Ordinance 2022, after June 1, 2023, all centralized virtual asset trading platforms operating in Hong Kong or actively promoting their services to Hong Kong investors will be licensed and regulated by the SFC, and any related unlicensed activities will be a criminal offence. For more information and details of the legislation, users may refer to the SFC website.