On April 18, 2026, Kelp DAO's liquidity restaking protocol was attacked, with the attacker draining 116,500 rsETH from a cross-chain bridge within hours, amounting to approximately $293 million at the time. The entire process was unusually efficient, from spoofing cross-chain messages to laundering the stolen funds through Aave V3, Compound V3, and the Euler lending protocols, with the attacker fleeing the same day with $236 million worth of WETH. Aave, SparkLend, and Fluid promptly froze the rsETH market.
This marks the largest DeFi hack of 2026 to date.
However, one aspect sets this attack apart from most hacking incidents. The smart contract code of Kelp DAO had no vulnerabilities. Security researcher @0xQuit, involved in the investigation, wrote on X, "From what I currently understand, this is an overlap of two issues: a 1-of-1 DVN configuration and the compromise of the DVN node itself." The LayerZero team's official statement did not point to a contract code issue, categorizing the issue as an "rsETH exploit" rather than a "LayerZero exploit."
$293 million was not in any line of code. It was hidden in a misconfigured parameter during deployment.
The common logic of DeFi security audits is: find the contract, read the code, find the vulnerabilities. This logic operates quite smoothly when dealing with code logic bugs; tools like Slither and Mythril have mature capabilities in detecting known patterns such as reentrancy attacks and integer overflows. The widely promoted LLM-assisted code audits in the past two years also have some ability to detect business logic flaws (such as flash loan arbitrage paths).
But there are two red lines in this matrix.
Configuration vulnerabilities fall into a structural blind spot in tool audits. The issue with Kelp DAO was not in a .sol file but in a parameter written during protocol deployment—the DVN threshold. This parameter determines how many validation nodes a cross-chain message must pass through to be considered valid. It is not in the code, not in Slither's scanning range, and not in Mythril's symbolic execution path. According to Dreamlab Technologies' comparative research, Slither and Mythril respectively detected 5/10 and 6/10 vulnerabilities in the tested contract, but this performance is based on the premise that "the vulnerability is in the code." According to IEEE's research, even at the code level, existing tools can only detect 8%-20% of exploitable vulnerabilities.
From the perspective of the existing audit paradigm, there is no tool that can "detect whether the DVN threshold is reasonable." To detect such configuration risks, what is needed is not a code analyzer, but a specialized configuration checklist: "Is the number of DVNs for the cross-chain protocol ≥ N?" "Is there a minimum threshold requirement?" Such questions are currently not covered by standardized tools, and there is no widely recognized industry standard.
Also in the red zone is key and node security. In @0xQuit's description, the DVN node was mentioned to have been "compromised," which falls under Operational Security (OpSec) and is beyond the detection boundary of any static analysis tool. Neither a top-tier audit firm nor an AI scanning tool has the ability to predict whether a node operator's private key will be leaked.
This attack simultaneously triggered two red zones in the matrix.
DVN is the cross-chain message verification mechanism of LayerZero V2, fully known as the Decentralized Verifier Network. Its design philosophy is to delegate security decision-making to the application layer: each protocol that connects to LayerZero can choose how many DVN nodes need to confirm simultaneously to allow a cross-chain message to pass.
This "freedom" has created a spectrum.
Kelp DAO chose the far-left end of the spectrum, 1-of-1, requiring only one DVN node to confirm. This means the fault tolerance is zero, as an attacker only needs to compromise that one node to forge any cross-chain message. In contrast, Apechain, also connected to LayerZero but configured with more than two required DVNs, was not affected in this incident. In their statement, LayerZero's official wording was "all other apps remain secure," implying that security's state depends on the configuration you choose.
The typical industry recommendation is at least 2-of-3, where an attacker needs to compromise two independent DVN nodes simultaneously to forge messages, raising fault tolerance to 33%. High-security configurations like 5-of-9 can achieve a fault tolerance of 55%.
The issue is that external observers and users cannot see this configuration. Also referred to as "supported by LayerZero," it could either have 0% fault tolerance or 55% fault tolerance behind the scenes, both called DVN in the documentation.
Seasoned crypto investor and someone who experienced the Anyswap incident, Dovey Wan, directly stated on Twitter: "LayerZero's DVN is actually a 1/1 validator... All cross-chain bridges should immediately undergo a comprehensive security audit."
In August 2022, a vulnerability was discovered in the Nomad cross-chain bridge. Someone replicated the initial exploit transaction, made slight modifications, and found it to be successful as well—prompting hundreds of addresses to start replicating it, draining $190 million in just a few hours.
Postmortem analysis by Nomad stated that the vulnerability stemmed from "initially setting the trusted root to 0x00 during a routine upgrade." This was a configuration mistake that occurred during deployment. The Merkle proof verification logic was sound, the code itself was fine, but an incorrect initial value was the issue.
Combining this incident with previous ones related to configuration/initialization vulnerabilities, approximately $482 million has been lost. In the history of cross-chain bridge theft, this category's scale can now be compared to that of key compromises (Ronin $624 million, Harmony $100 million, Multichain $126 million, totaling around $850 million).
However, the product design in the code auditing industry has never been geared towards this category.
The most discussed topic in the industry is still logic bugs within the code. Wormhole lost $326 million due to a signature bypass hack, while Qubit Finance lost $80 million in a fake deposit incident. These cases have complete vulnerability analysis reports, are comparable to CVEs, have reproducible PoCs, suitable for audit tool training, and optimization. Issues at the configuration level are not written in the code, making it challenging to enter the production loop.
One notable detail is that the triggering mechanisms for the two configuration-related incidents were fundamentally different. Nomad's was an unintentional mistake in filling an incorrect initial value during a routine upgrade. On the other hand, Kelp DAO's 1-of-1 was an active configuration choice—LayerZero protocol did not prohibit this option, and Kelp DAO did not violate any protocol rules. A "compliant" configuration choice and a "mistaken" initial value ultimately led to the same outcome.
The execution logic of this attack was straightforward—a forged cross-chain message informed the Ethereum mainnet that "someone on the other chain has already locked equivalent assets," triggering the minting of rsETH on the mainnet. The minted rsETH itself had no real backing, but its on-chain record was "legitimate," allowing it to be accepted as collateral by lending protocols.
The attacker then scattered 116,500 rsETH to Aave V3 (on Ethereum and Arbitrum), Compound V3, and Euler, borrowing over a total of $2.36 billion worth of real assets. According to multiple reports, Aave V3 alone faces a default valuation of around $1.77 billion. Aave's security module Umbrella, available to absorb bad debt in WETH reserves, is around $50 million, covering less than thirty percent, with the remaining portion to be borne by aWETH stakers.
In the end, this bill fell on those who were just looking to earn some WETH interest.
As of the LayerZero official deadline, it is still conducting a joint investigation with the security emergency response organization SEAL Org and plans to release a post-incident analysis report in conjunction with Kelp DAO once all information is obtained. Kelp DAO stated that it is undergoing "active remediation."
The $2.93 billion vulnerability is not in the code. Those four words, "audit passed," did not cover where that parameter was located.
