Bridge Exploit attacks in 2026

$292M unbacked rsETH minted after attackers exploited KelpDAO's 1-of-1 LayerZero DVN setup; the largest DeFi hack of 2026, with TVL falling $13B after.

1B bridged DOT minted on Hyperbridge after a missing bounds check in VerifyProof let an attacker forge MMR proofs; realised loss ~$2.5M.

$4.3M drained from IoTeX's ioTube bridge via a validator key compromise; attacker also minted 111M CIOTX and 9.3M CCS. IoTeX pledged full user compensation.