defirisk.co
rubric v1.7.0

Kelp DAO (rsETH liquid restaking): Forged cross-chain message via LayerZero EndpointV2 lzReceive — exploitation of 1/1 DVN (single-validator) configuration

An attacker forged a single LayerZero message to drain $292M in rsETH from Kelp DAO's mainnet bridge reserve, then weaponized the unbacked tokens as Aave collateral to borrow $196M in ETH — all inside the 46-minute window before Kelp could pause.

Occurred 2026-04-18 Loss $292M Status closed

Summary #

Kelp DAO (rsETH liquid restaking) suffered a Liquid Restaking Token (LRT) / Cross-Chain Bridge on 2026-04-18, resulting in a loss of approximately $292M.

What happened #

An attacker forged a single LayerZero message to drain $292M in rsETH from Kelp DAO's mainnet bridge reserve, then weaponized the unbacked tokens as Aave collateral to borrow $196M in ETH — all inside the 46-minute window before Kelp could pause.

Linked factors #

  • RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Likely unaudited or out-of-scope code (bridge contracts excluded from bug bounty; audit coverage of lzReceive configuration unconfirmed)]
  • RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: N — the 1/1 DVN configuration had been in place at least since Jan 2025 (when flagged); this was a long-latent misconfiguration, not a new d...] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: N — the 1/1 DVN configuration had been in place at least since Jan 2025 (when flagged); this was a long-latent misconfiguration, not a new d...]
  • RD-F-090 — illustrative : Mixer withdrawal → protocol interaction [via realtime_signals/Pre-exploit on-chain signals: Six attacker wallets funded via Tornado Cash ~10 hours before exploit (07:35 UTC); no documented anomalous rsETH-bridge or OFTAdapter activi...]
  • RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: N — the 1/1 DVN configuration had been in place at least since Jan 2025 (when flagged); this was a long-latent misconfiguration, not a new d...]
  • RD-F-148 — causal : Bridge validator count (M) — LayerZero DVN sub-field [via cross-hack: Factor 80: DVN / Multi-Validator Configuration on Cross-Chain Messages]
  • RD-F-149 — related : Bridge validator threshold (k-of-M) [via cross-hack: Factor 80: DVN / Multi-Validator Configuration on Cross-Chain Messages]