KelpDAO rsETH LayerZero Bridge

On April 18, 2026 at 17:35 UTC, attackers minted 116,500 rsETH on Ethereum mainnet with no backing — extracting approximately $292 million in what became the largest DeFi hack of 2026. KelpDAO's bridge was configured with a single LayerZero verifier (DVN) — no second DVN had to agree to accept a cross-chain message. LayerZero's own standard recommends multi-DVN configurations specifically to prevent this attack. KelpDAO had not enabled it.

What happened

KelpDAO operates the rsETH liquid-restaking token — a wrapped representation of ETH staked through EigenLayer. To support rsETH across multiple chains, KelpDAO used LayerZero's omnichain fungible token (OFT) standard, which bridges tokens by verifying cross-chain messages through one or more Decentralised Verifier Networks (DVNs).

LayerZero's documented best practice is to require multiple independent DVNs to agree on every cross-chain message before it's accepted as valid. This is the analogue of a multi-sig: any single DVN being compromised should not be enough to forge a message.

KelpDAO had configured rsETH's OFT with a single DVN: LayerZero Labs' own DVN. There was no second DVN. There was no fallback. Any compromise of that single verifier produced an unforgeable-looking message that the rsETH contract would accept.

The attack:

1. Compromised the single LayerZero Labs DVN through what LayerZero subsequently described as "a highly-sophisticated state actor, likely DPRK's Lazarus Group."
2. Used the compromised DVN to sign cross-chain messages authorising rsETH minting on Ethereum.
3. Minted 116,500 rsETH on mainnet with no corresponding ETH locked anywhere else in the ecosystem.
4. Immediately began dumping the rsETH into DEXs and lending protocols — selling for real ETH and other assets before the unbacked supply was detected.

Aftermath

• The freshly-minted rsETH cascaded into lending protocols accepting rsETH as collateral. Compound, Euler, and Aave all paused rsETH integrations; Aave froze rsETH markets and blocked new deposits or borrows.
• LayerZero's response acknowledged the single-DVN configuration risk and reiterated its multi-DVN documentation.
• DeFi TVL across the broader ecosystem fell approximately $13 billion in the days following the disclosure as users withdrew from any protocol with rsETH exposure or LayerZero-bridged tokens.
• No public recovery. The Lazarus laundering routes followed the standard playbook: Tornado Cash, cross-chain bridges, conversion to BTC.

Why it matters

KelpDAO is the most expensive lesson to date in how cross-chain bridge configurations matter as much as the bridge software itself. LayerZero's protocol was working as designed; the DVN architecture is explicitly modular precisely so that protocols can configure the number and identity of verifiers based on their security requirements. KelpDAO chose the weakest possible configuration, and the attacker who could compromise one DVN ended up draining $292M.

The structural lessons:

1. "Use a bridge" is not a complete security statement. Every bridge is a set of trust assumptions; protocols using bridges must consciously configure those assumptions for their actual risk profile.
2. Multi-DVN / multi-verifier configurations are not optional for high-value cross-chain tokens. The default settings exist for ease of integration, not for security.
3. Downstream cascade risk is real. rsETH was not just KelpDAO's problem — it was the collateral backing many other protocols. A single compromise upstream produced solvency crises across the entire LRT ecosystem.

KelpDAO joined Ronin, Wormhole, and Nomad in the canon of bridge-failure incidents — with the difference that the bridge in this case (LayerZero) was structurally sound; the protocol using it had simply not enabled the security primitives the bridge offered.