Kelp DAO Bridge Exploit: A Forged Message Drained $292 Million
A cross-chain bridge exists to move assets between blockchains that cannot natively communicate. Ethereum does not know what is happening on Arbitrum. Arbitrum does not know what is happening on Base. A bridge creates a connection: an asset is locked on one chain, a verification system confirms the lock happened, and a corresponding token is issued on the destination chain.
That verification system is the bridge's trust foundation. It is also its attack surface.
How the verification was broken
Kelp DAO is a liquid restaking protocol. Users deposit ETH, receive a token called rsETH representing their staked position, and that rsETH was distributed across more than 20 blockchains through a LayerZero-powered bridge. The bridge relied on a set of nodes to verify cross-chain messages — to confirm that what happened on one chain was real before acting on another.
The attackers, attributed to North Korea's Lazarus Group by multiple investigators, did not find a flaw in the bridge's smart contract code. They attacked the verification infrastructure itself. They compromised the nodes responsible for feeding data to the bridge's verification system, then used a DDoS attack to knock legitimate nodes offline. When only a single verification node remained active, they fed it forged data — a fabricated confirmation that a large deposit had occurred on the source chain.
The bridge, following its rules exactly, issued 116,500 rsETH on the destination chain to an address the attacker controlled. The on-chain transaction looked clean. The forgery happened one layer beneath what any on-chain observer could detect. Kelp's emergency system paused the contracts 46 minutes after the drain began. Two subsequent attempts to steal another $100 million each were blocked. The attacker already had what they came for.
The second move
The attacker did not immediately sell the stolen rsETH. Dumping 116,500 rsETH into the market would have collapsed its price, reducing the value of what they held. Instead, they took a different path — one that revealed a sophisticated understanding of how DeFi protocols connect.
They deposited the rsETH into Aave, DeFi's largest lending protocol, as collateral. Against that collateral, they borrowed approximately $190 million in real ETH — a liquid asset they could move freely without affecting rsETH's price. Aave had accepted rsETH as a legitimate collateral asset. The protocol had no mechanism, in that moment, to know the rsETH was stolen or that the bridge backing it had been compromised. It followed its own rules.
This left Aave holding collateral that was effectively unbacked. When the exploit became known, the implications for Aave were immediate.
How the damage spread
Within hours of the exploit becoming public, Aave's risk teams froze rsETH markets. The freeze was protective — stopping new borrowing against rsETH collateral and preventing additional exposure — but it also meant users with existing rsETH positions could not fully manage them. SparkLend and Fluid followed with their own freezes. Lido announced a pause on deposits and withdrawals for its EarnETH vault, which held approximately $21.6 million in leveraged rsETH positions on Aave. Lido's governance token LDO fell 19% on the day of the announcement.
Over the days that followed, approximately $6 billion in total deposits left Aave. This was not a coordinated attack on Aave — it was users, seeing uncertainty about collateral quality and protocol stability, choosing to withdraw. The rational response of individual users to a single event produced a system-wide liquidity contraction.
Arbitrum's Security Council later froze approximately $71 million of the attacker's funds. The majority of what was taken has not been recovered.
What composability actually means when it fails
DeFi's composability — the ability to combine protocols like building blocks — is one of the features most often cited as making the ecosystem powerful. A user can stake ETH, receive a liquid staking token, bridge that token to another chain, deposit it as collateral, borrow against it, and use the borrowed funds in yet another protocol, all in a connected sequence.
What the Kelp DAO exploit demonstrated is what that same composability looks like from the other direction. When one element in that chain fails, every protocol that accepted the output of that element inherits the problem. Aave did not have a relationship with Kelp DAO's bridge infrastructure. But it had accepted rsETH as collateral, and rsETH's integrity depended on that bridge operating honestly. When the bridge was compromised, Aave absorbed the consequence without having been part of the attack.
The users most affected were not necessarily Kelp DAO users. They were anyone whose positions touched rsETH, directly or indirectly — through Aave, through SparkLend, through Lido's EarnETH vault, through any protocol that had integrated rsETH into its collateral framework. The blast radius of a bridge exploit is not bounded by the bridge.
What this means before you deposit
When you deposit into a DeFi yield product, you are trusting a chain of systems — not just the interface you interact with, but every protocol, bridge, and verification mechanism that sits beneath it. In normal conditions, that chain is invisible. It functions smoothly and nothing surfaces to make you aware of its length or its dependencies.
In a pressure event, the chain becomes visible all at once. The rsETH holders who found their Aave positions frozen on April 18, 2026 had not made an unusual decision. They had followed a common path through a well-regarded ecosystem. What they could not easily see, before that day, was how many layers of trust that path ran through.
Before you deposit into any yield product or bridged asset: how many protocols does your capital pass through to generate that yield? How many bridges verify the integrity of the underlying asset? What happens to your position if one of those verification systems receives false data?
These questions do not have simple answers. But they are the right questions to sit with before you act.