Attackers stole about $292 million from the KelpDAO bridge this month, using tokens originally released for a lending protocol that had never been hacked as collateral. The result is a textbook example of how a single failure can spread through DeFi, and why this is important as more tokenized assets move into the broader market.
On April 18, 2026, attackers exploited KelpDAO’s cross-chain bridge to exfiltrate approximately $292 million in RSETH, a liquid re-staking token. The attack is being described as the biggest DeFi exploit of the year. April was the latest in a series of incidents that have made it the worst month of the year for the sector, with losses estimated at more than $600 million.
But the theft itself was only the beginning. Within hours, the stolen tokens were being used as collateral in some of DeFi’s biggest lending protocols. This protocol had nothing to do with the original attack and now holds collateral that no longer represents what the market had assumed.
This is what makes the Kelp episode more than just a bridge exploit. In fact, this is a textbook example of how quickly damage can travel through DeFi when an asset is still damaged. appearance A valid on-chain entry enters the wider system. It also shows how difficult it is to determine the actual soundness of a token when the evidence for its soundness lies in other protocols.
For institutions increasingly exploring DeFi, tokenization, and on-chain payments, the structural warnings are clear. The weakest point may not be in the visible markets, but in the infrastructure hidden beneath the surface.
Single point of failure in KelpDAO
KelpDAO, a re-staking protocol, issues rsETH, a liquid re-staking token representing ETH staked through EigenLayer. We used LayerZero’s messaging infrastructure to move rsETH between chains. The exploited path relied on a 1:1 distributed validation network (DVN). This means that before a token was launched on Ethereum, a single validator was responsible for approving cross-chain messages.
Rather than attacking Kelp’s core reclaim contract, the attackers targeted the infrastructure that feeds data to its validators. They compromised two RPC nodes used by DVN and replaced their software with a version that reported incorrect transaction data. They then launched a distributed denial of service (DDoS) attack against the remaining clean nodes, causing the verifiers to fail over to read only the compromised sources.
As a result, validators ended up accepting a forged message that rsETH had been burned from the source chain and could be released on Ethereum. Kelp’s bridge contract released 116,500 rsETH, approximately 18% of the circulating supply, to attacker-controlled addresses, despite having no corresponding support. Within hours, they were moved to other parts of DeFi.
Kelp and LayerZero are still publicly fighting responsibility. LayerZero said it warned KelpDAO to adopt a multi-validator setup. KelpDAO says its 1-of1 validator configuration is consistent with LayerZero’s own basic documentation and quickstart guide. LayerZero has since stated that it will no longer sign messages for any applications using a single verifier configuration.
These debates are important for the narrower questions of governance and who should bear the losses.
However, this does not change the fact that unsupported rsETH still appeared to be valid on-chain and could be moved, deposited, and accepted on other protocols. The reliability of rsETH depends on infrastructure that general market research fails to capture.
The token has liquidity, price, and integration across major protocols. What it didn’t have was enough redundancy in the layers to determine whether the ETH it represents was actually there.
This is where the exploit became less of a Kelp problem and more of a headache for the broader market.
Where the damage occurred
After tokens are released, attackers don’t simply dump them on the market. They used it as collateral.
Aave, DeFi’s largest lending protocol, appears to be the most exposed. The attackers used unbacked rsETH there to borrow about $190 million worth of wrapped ETH (WETH), triggering a rapid withdrawal of liquidity once the scale of the problem became clear.
The key difference is that Aave itself has never been hacked. The contract actually worked exactly as designed. Nonetheless, you end up with collateral that no longer appears.
Aave’s bad debt is estimated to range from $123.7 million to $230.1 million, depending on how the shortfall is ultimately allocated, according to an incident report from Aave Labs and LlamaRisk. If the loss is spread across all RSETH holders, the damage will be smaller but more widely shared. Instead, when isolated by Layer 2 networks, losses become concentrated and severe.
But even if the fallout is managed, one important lesson is that once bad collateral enters the wider market, the end result is no longer limited to code.
How did kelp become someone else’s problem?
DeFi’s composability is usually presented as one of its key strengths. The idea is that the output of one protocol can become the input of another, allowing assets to move to multiple places and capital to be reused more efficiently.
Kelp shows the other side of the design.
rsETH was not an obscure token on the edge of the market. It is integrated across multiple protocols, approved by risk frameworks, priced by oracles, and used by depositors in a variety of leverage strategies. If a bridge releases unsupported rsETH, any venue that treats it as a valid representation of staked ETH inherits exposure to something that no longer exists.
In many ways, composability worked exactly as designed, but in the wrong way. Sound input makes the system more efficient, but when the input is interrupted, damage inevitably flows through the same connection.
Lending is in the spotlight because this attack targeted the lending protocol, and lending is where incorrect assumptions about tokens lead to the fastest and most measurable losses.
But the fundamental failure is bigger than lending. This started earlier, when tokens stopped expressing what the market thought.
Why It Matters Beyond DeFi
The immediate losses from the KelpDAO exploit fall on native DeFi participants. However, exposed failure mode Kelp is not limited to DeFi lending.
Any tokenized asset carries an implicit claim that the token represents that asset. That claim is only valid if the infrastructure linking the token to its support is sound. In the case of rsETH, the link was broken even though the token appeared to still be valid on-chain.
The appeal of tokenized markets lies in programmable collateral, fast settlement, and 24-hour liquidity. But more value is needed to move through shared rail and an infrastructure layer that is still considered secondary in many markets.
This will become increasingly important beyond the DeFi primary market, and there are already suggestions that the result could slow institutional tokenization efforts as security risks are reassessed. This is not surprising. Eventually, tokenized bonds, deposits, and other real-world assets are moving toward an environment where participants, especially institutions, must trust that the tokens actually mean what they say.
The damage control process is already spreading beyond Aave. Arbitrum, another layer 2 network affected by the fallout, decided this week to freeze approximately 30,766 ETH linked to the attack through action by its security board. This can help reduce the ultimate loss, but when failures like these proliferate, it’s a reminder that outcomes are no longer determined by code alone, but by governance and emergency intervention. This remains a highly controversial decision in a system that purports to be decentralized.
The KelpDAO exploit does not show that tokenized assets are inherently unsound, but it does show that the trustworthiness of any token ultimately rests on infrastructure that is below the level most markets actively value.
When that infrastructure fails, the damage is not limited to a local area. It spreads through composable markets, lands in places that have never been directly attacked, and is sometimes shaped by questionable governance decisions.
As more value moves through the chain, it will become much more difficult to ignore the hidden layers beneath the assets themselves.
