2026's Biggest Crypto Exploit: $292 Million Gets Drained From Kelp DAO with Wrapped Ether Stranded Across 20 Chains

The Kelp DAO protocol, built on the EigenLayer restaking model, issues rsETH as a liquid receipt for ETH that has been redelegated to earn additional yield. Its LayerZero‑powered cross‑chain bridge holds the reserve that backs wrapped rsETH on more than twenty Layer‑2 networks. On April 18, an attacker manipulated LayerZero’s messaging to convince the bridge that a valid transfer instruction had arrived, siphoning 116,500 rsETH—about $292 million at current prices—equivalent to roughly 18 % of the token’s circulating supply.

The breach sent shockwaves through the DeFi market. Aave froze its rsETH markets on both V3 and V4, and its native token dropped about 10 % as investors priced in potential bad debt. SparkLend, Fluid and Upshift also halted trading, while Lido paused deposits into its earnETH product, which carries rsETH exposure. Kelp’s emergency multisig acted within 46 minutes, and subsequent attempts to drain another $100 million were blocked, but the incident raises immediate concerns about liquidity on L2 chains that rely on the drained reserve.

The exploit underscores the systemic risk inherent in cross‑chain bridges that serve as the connective tissue of modern DeFi. As LayerZero’s OFT standard becomes more widely adopted, auditors and developers are likely to face heightened scrutiny and calls for formal security audits. Regulators may also view the incident as a catalyst for tighter oversight of bridge protocols. For market participants, diversifying exposure away from single‑point‑of‑failure bridges and monitoring real‑time audit reports will be essential to mitigate future losses.