$292 Million Drained from Kelp DAO: LayerZero Bridge Exploit Details
19 Apr 2026 · 07:01 UTC · CoinCentral RSS Feed · Original source
Read original at CoinCentral RSS Feed →
Summary
Kelp DAO's LayerZero-powered bridge suffered a major security breach, resulting in the theft of 116,500 rsETH tokens valued at approximately $292 million. The attacker exploited vulnerabilities in LayerZero's messaging layer to redirect funds to an attacker-controlled address. Approximately $250 million of stolen funds were converted to Ether, with the attacker utilizing a Tornado Cash-funded address to obscure transaction trails. In response, at least nine major DeFi protocols including Aave and SparkLend implemented emergency freezes on rsETH markets to prevent further contagion and protect remaining user funds. The incident highlights critical vulnerabilities in cross-chain bridge infrastructure and raises significant concerns about LayerZero's security practices and interconnected DeFi protocol risk management.
Why it matters
Market impact operates through multiple transmission channels: (1) direct rsETH price collapse as holders panic-sell, (2) contagion across DeFi protocols exposed to rsETH, (3) increased risk premium on all bridge tokens and cross-chain solutions, (4) broader risk-off sentiment reducing altcoin appetite. LayerZero's messaging layer vulnerability suggests systematic rather than isolated failure, amplifying perceived infrastructure risk. Protocol freezes mitigate immediate damage but reinforce DeFi fragility perception. Bitcoin's indirect exposure moderates its response, though broader risk sentiment flows through. Key uncertainties: regulatory response intensity toward bridge protocols, user confidence recovery timeline post-remediation, contagion extent to other cross-chain infrastructure, potential for sector-wide DeFi capitulation. The Tornado Cash connection and scale of theft ($250M+ ETH conversion) may extend regulatory pressure beyond immediate technical recovery window, sustaining negative sentiment longer than typical security incidents.
Expected impact
The Kelp DAO exploit represents a critical DeFi security failure with immediate market implications. The $292 million theft from the LayerZero bridge creates an acute confidence crisis across interconnected DeFi protocols. Altcoins, particularly rsETH and bridge-related tokens, face immediate sell-off pressure as nine major protocols including Aave and SparkLend froze rsETH markets to contain contagion. The incident exposes systemic vulnerabilities in cross-chain infrastructure and elevates regulatory scrutiny risk. Bitcoin experiences secondary bearish sentiment flow but remains less directly impacted. Near-term volatility spike is expected across altcoin markets with potential for cascading liquidations. Medium-term recovery depends on LayerZero's security response and regulatory developments. The use of Tornado Cash for fund mixing adds legal complexity and may trigger enhanced monitoring of bridge protocols.