KelpDAO $290 Million Bridge Exploit Linked to Lazarus Group Triggers $13 Billion DeFi Deleveraging
22 Apr 2026 · 21:15 UTC · Crypto.News RSS Feed · Original source
Read original at Crypto.News RSS Feed →
Summary
A $290 million exploit of KelpDAO's cross-chain bridge on April 18 has been attributed to North Korea's Lazarus Group, according to LayerZero analysis. The attack unleashed cascading liquidations and withdrawal panics across interconnected DeFi protocols. Within 48 hours, more than $13 billion in total value locked (TVL) was withdrawn from DeFi as investors reassessed bridge infrastructure security. The breach highlighted critical vulnerabilities in cross-chain bridges, which serve as essential connectors for asset transfers across blockchains but remain prone to sophisticated attacks. The attribution to Lazarus Group—a state-sponsored cyber operation entity—amplified systemic concerns about DeFi security posture and prompted renewed scrutiny of bridge mechanisms across the broader ecosystem. The incident demonstrates that even established DeFi protocols remain vulnerable to advanced persistent threats and highlights the ongoing tension between DeFi innovation and security adequacy.
Why it matters
Immediate causation: the $290M exploit drains critical liquidity, triggering cascading liquidations across protocols using or integrating with the bridge. Broader contagion reflects risk repricing—sophisticated attackers targeting state-level sophistication raise confidence in an attack vector previously assumed manageable. Altcoins absorb primary pressure due to concentrated DeFi exposure and high leverage; Bitcoin's insulation stems from reduced operational dependency but erodes via sentiment spillover. Timeframe gradient follows classical shock dynamics: sentiment panic in minutes, information dissemination and institutional response in hours, fundamental reassessment in daily, and normalization by weekly as recovery narratives emerge. Key assumptions: attribution to Lazarus is accurate (difficult to prove definitively); $13B decline is predominantly hack-driven (though concurrent market conditions likely amplify); affected protocols lack rapid recovery solutions. Uncertainties include bridge repair timelines, whether other bridges implement emergency security measures, regulatory backlash timing, and persistence of reputational damage. Attribution to nation-state actors increases risk perception asymmetrically—not just a protocol failure but evidence of advanced persistent threats targeting DeFi infrastructure.
Expected impact
The $290 million KelpDAO bridge exploit triggers acute contagion across DeFi and secondary risk-aversion in broader crypto markets. Altcoins face direct, severe downward pressure through cascading liquidations and withdrawal panics, with peak volatility concentrated in the first 6 hours as news disseminates and traders execute emergency deleveraging. Bitcoin experiences softer downward pressure from sentiment deterioration rather than direct operational impact. The reported $13 billion TVL decline within 48 hours reflects both forced liquidations and ecosystem-wide deleveraging as investors reassess bridge security risks. Recovery trajectory begins daily, with gradual stabilization by weekly timeframes as protocol responses and post-incident analysis provide narrative stabilization. The Lazarus Group attribution amplifies systemic security concerns, as cross-chain bridges remain critical but vulnerability-prone DeFi infrastructure. Altcoin pressure peaks minute-to-hour and sustains through daily; Bitcoin's secondary impact declines faster, with near-neutral directional expectations by weekly timeframes.