Editor's Note: On April 18, KelpDAO fell victim to a $292 million asset theft. This was not your typical "smart contract breach" but a chain reaction triggered by a cross-chain validation layer misconfiguration: the attacker, through forged messages, created out of thin air 116,500 rsETH tokens that should not have existed and used these "unbacked assets" to borrow real ETH on Aave, rapidly spreading the risk from a single protocol to the entire DeFi collateral system.
In a highly composable system where cross-chain bridges, liquidity collateral tokens, and borrowing protocols are nested layer upon layer, any seemingly "local" configuration choice can become a trigger point that penetrates the entire chain. When assets like rsETH are widely considered relatively safe collateral, once their underlying mechanism fails, it results not only in price fluctuations but in the synchronous collapse of the entire pricing and trust system.
Building on this, the author puts forth a deeper insight that DeFi, while continuously reinforcing modularity, composability, and the "permissionless" design ethos over the past few years, has always lacked the restraint of minimum security standards. This implies that a technically "optional" configuration error is sufficient to evolve into systemic risk.
When a high-leverage, highly interconnected financial system is built on fragile engineering configurations, "trustlessness" does not automatically equate to "more secure."
Below is the original article:
On Saturday afternoon, a forged message (barely the equivalent of a line of text) caused a piece of software to "voluntarily" hand over $292 million. No guns, no social engineering attacks, no insider. Just a security setting misconfiguration and an attacker who meticulously laid out the plan hours in advance and patiently waited.
By Sunday morning, what was the largest DeFi hack event of 2026 had wiped $6.6 billion from Aave's balance sheet, plunged the AAVE token by 16%, froze liquidity in at least nine major protocols, and once again triggered the familiar proclamation: DeFi is dead.
It is not dead. But this time, it once again exposed a structural wound that the industry has long avoided addressing and has never truly fixed.
Next, we will dissect the sequence of events, the impact, and the potential subsequent changes this incident may bring about.
Analogy: Coat Check Room
Before diving into the technical details, let's first use a visual analogy to help understand the entire event.
You can think of the Kelp DAO as a coat check room in a massive building, spanning across 20 rooms. You hand over your coat (ETH) to it, and it gives you a coat check ticket (rsETH) in return. This ticket is valuable in itself: it proves that the coat belongs to you, can earn yield while in custody, and, most importantly — while the coat is still being held, you can take this ticket and use it as collateral at any counter in the building to borrow money.
All coats are stored in a main warehouse on the ground floor (Ethereum mainnet). Every ticket in each room is ultimately endorsed by this main warehouse.
These rooms are connected by an "intercom system" called LayerZero. When someone in Room 12 (Arbitrum) wants to communicate with the warehouse, they have to go through this intercom system. Inside the system are "security personnel" — called DVNs (Decentralized Verification Networks) — responsible for verifying the authenticity of messages before they are executed.
The issue is that Kelp only assigned one security guard to this intercom system. Just one. Any instruction only needs one signature to be deemed "authentic."
The attacker approached the intercom, impersonated someone from another room, and said, "Release 116,500 tickets." The sole security guard accepted this forged message. Consequently, the warehouse released tickets worth $292 million — and throughout the entire process, no one actually deposited any coats.
Subsequently, the attacker went straight to Aave (the borrowing counter in this building) and said, "I want to use these tickets as collateral for a loan." Aave accepted these tickets at face value. The attacker ultimately walked away with over $236 million worth of real ETH.
Meanwhile, Aave was left with a pile of "notes" that had no real asset backing.
How Did the Incident Unfold (Step-by-Step Breakdown)
Preparation Phase
Approximately 10 hours before the attack took place, the attacker funded 6 wallets through Tornado Cash to obfuscate the fund source. This was a standard pre-attack preparation process — planned, patient, and quite professional.
Execution of the Attack
On April 18, 2026, at 17:35 (UTC), the attacker's wallet called the lzReceive function in LayerZero's EndpointV2 contract — the entry point where cross-chain messages are received and executed.
The attacker crafted a spoofed message that appeared to originate from a legitimate counterpart contract on Unichain, instructing Kelp's bridge to release 116,500 rsETH to the attacker-controlled address.
The bridge executed this instruction.
There was no burn operation on the source chain, no collateral, and no actual originating transaction. The reserve was directly "emptied." 116,500 rsETH — approximately 18% of the total circulation — appeared out of thin air in the attacker's wallet.
The Fatal Issue with DVN
At the core of the issue: Kelp was using a 1/1 DVN configuration — where only one validation node is responsible for confirming the legitimacy of cross-chain messages.
By compromising or forging this single node, any message could be spoofed. As a developer expressed on X: "With just one signature, 116,500 rsETH was magically created on Ethereum. It's not the contract that's bad; it's the validation layer."
Another explanation comes from on-chain analytics firm D2 Finance: it could be a leak of the source chain OApp node's private key, granting the attacker direct legitimate signing capability.
Whichever path it took, the essence is the same: a single point of failure.
Next Step: Draining the Value
The attacker didn't immediately dump the $2.92 billion worth of rsETH into the market — that would have caused an instant price collapse.
They opted for a more efficient route: depositing these rsETH into Aave V3 as collateral, borrowing a significant amount of WETH. Since this rsETH essentially had no asset backing, these collaterals were essentially "air." However, Aave couldn't real-time recognize this and processed the collateral as usual.
The result was the attacker walking away with real ETH, leaving behind a bad debt.
Emergency Response
46 minutes later, Kelp's emergency multisig executed the pauseAll instruction, freezing the LRT liquidity pool, withdrawal contracts, oracles, and rsETH itself. Subsequent two attempts at additional attacks (each around 40,000 rsETH, totaling approximately $100 million) were thwarted. Without this pause, the total loss could have been close to $3.91 billion.
This is the only mechanism in the entire event that has functioned as intended.
Systemic Impact on the DeFi Stack
Due to rsETH’s deep integration into the broader DeFi ecosystem, where it serves as widespread collateral, the impact propagated almost instantly.
Aave has globally frozen the rsETH market across V3 and V4. The ETH utilization rate soared to 100%—all ETH in the pool was borrowed, and depositors were unable to withdraw their assets. Panic spread rapidly, with over $5.4 billion worth of ETH being pulled from the protocol. In a single transaction, Justin Sun withdrew approximately $154 million. Aave’s TVL plummeted by $6.6 billion within hours.
SparkLend and Fluid also froze their respective rsETH markets. SparkLend stated that it did not have direct exposure to risk, attributing this to its more conservative risk control strategy.
Lido Finance paused deposits to its earnETH product (which involved rsETH risk exposure), but its core protocol and stETH remained unaffected.
As a precautionary measure, Ethena halted its LayerZero-based OFT cross-chain bridge (even though it did not hold rsETH and its overall collateral ratio remained above 101%). This action itself signifies that the panic has transcended specific assets and shifted to a systemic level.
Upshift suspended withdrawals and deposits from its High Growth ETH and Kelp Gain vaults.
On-chain analyst 0xngmi summarized the systemic scope of this impact in one sentence: fund outflows "even extending to Solana and other unaffected protocols—the market panic is no longer focused on rsETH itself but on the entire DeFi stack's trust erosion.
Revealed Structural Flaws
This exploit did not rely on breaking encryption algorithms or require reverse-engineering smart contracts. It capitalized on a configuration-level decision error.
LayerZero’s architecture is fundamentally modular—each protocol can individually choose security parameters. While this flexibility is a technical advantage, it also means the system lacks a minimum security threshold.
A protocol could easily configure just one validating node, and the system would operate as usual. No alarms would sound, no risk alerts would be raised. Until one day, $292 million was siphoned away.
This is not just a LayerZero issue, but a problem with the entire design philosophy of DeFi: the belief that “composability” and “permissionlessness” can replace mandatory security standards.
DeFi has built a financial system that can be freely pieced together like LEGO blocks, but lacks the structural constraints of the traditional financial system.
When you deposit money in a bank, the default security mechanism is regulated and standardized; whereas in DeFi, you are essentially trusting:
· Every engineer's configuration decision
· Every integration pathway
· Every on-chain execution logic
This trust is “implicit, distributed, and unverifiable.”
LRT: Risk Amplifying Structure
Liquidity Reserving Token (LRT) further amplifies this issue. rsETH is not just a token; it is essentially a withdrawal receipt against a “primary reserve” and has been replicated across over 20 chains. When this reserve is drained, all on-chain “withdrawal requests” become untrustworthy.
It is the “composability” that makes rsETH a quality collateral, but also serves as a systemic risk amplifier in case of failure.
What Happens Next
Funds are essentially considered irretrievable. The attacker demonstrated a high level of premeditation and utilized Tornado Cash for coin mixing. It is expected that Kelp will post an on-chain message offering a white-hat bounty (a common practice, but with low success rates). On-chain sleuth ZachXBT has identified 6 attacker wallets, and analysts are actively tracking them, but attackers of this scale usually have well-established fund migration paths.
The most pressing issue now is how Aave will handle the shortfall. There may be three paths:
1. The Safety Module (Umbrella) absorbs the loss, and the protocol resumes normal operation within a few days
2. Losses are socialized among token holders through a governance vote (painful but manageable)
3. Prolonged freeze leading to loss of trust, with a recovery timeline measured in years
Communication from Aave in the next 72 hours will shape market expectations.
The Kelp DAO is likely to continue in a downsized form within the KernelDAO system, but the position of rsETH as a frontline collateral asset is essentially terminated. This is its second major incident in 12 months, making trust hard to regain.
LayerZero will also be forced to adjust. The postmortem report is likely to confirm the community's consensus: a DVN minimum security standard must be established. Although the official proposal may still be presented in the form of "recommendations," market pressure will push it towards de facto mandatory compliance.
Lending protocols will reprice all LRT collateral. Assets including rsETH, ezETH, weETH, and pufETH will face:
· Lower Loan-to-Value ratio (LTV)
· Stricter supply cap
· More detailed risk assessment
The era where LRT was considered a close equivalent to stETH has come to an end.
Regulators will not overlook this event. Two attacks exceeding $285 million each within the same month — Drift Protocol (April 1) and Kelp (April 18) — have provided ample evidence to drive policy for mandatory security standards in DeFi.
It is expected that by the end of the second quarter, these two events will be featured in U.S. congressional hearings and EU MiCA technical consultations, becoming key cases in regulatory discussions.
Conclusion
$292 million has vanished. This "cloakroom" had only one security guard, guarding a vault holding nearly a fifth of a "coat." When this guard was breached, the attacker didn't even need to pick a lock or blow up the safe — they simply had to "politely ask," and they were granted access.
The industry's next steps will determine whether this event becomes a true turning point or is merely recorded as another avoidable disaster. The technical fixes are not actually complex — multiple DVN configurations, setting a minimum security threshold, and more conservative LRT collateral parameters. But the real challenge lies in acknowledging that "permissionless" and "trustless" do not equate to "safe."
DeFi's promise from the outset was to build a more transparent, more accountable infrastructure than traditional finance. However, this promise is only credible if the system itself is also more secure. The cloakroom analogy holds because when you go to retrieve your coat, it is indeed still there.
