Kelp DAO $290M Hack: How LayerZero Default Settings Failed
On April 18, 2026, the crypto world witnessed one of its most sophisticated infrastructure attacks when North Korea's Lazarus Group drained 116,500 rsETH ($293 million) from Kelp DAO's liquid restaking protocol. What makes this layerzero security vulnerability particularly alarming isn't just the massive scale—it's how the attackers exploited LayerZero's own default configuration settings to compromise what should have been a decentralized verification system.
Key Takeaways:The Kelp DAO hack was caused by attackers compromising LayerZero's RPC nodes and using DDoS attacks to force failover to malicious infrastructure, which forged cross-chain verification messages. According to LayerZero's official post-mortem, the attackers compromised two RPC nodes and pre-compromised backup infrastructure before executing the attack.Kelp DAO's single-verifier configuration (1-of-1 DVN setup) created a critical single point of failure that enabled the exploit. According to CoinDesk, Kelp DAO claims this vulnerable setup was LayerZero's standard onboarding default for new protocols.The attack demonstrates critical cross-chain bridge risks inherent in single-point-of-failure verification systems. Multi-DVN configurations requiring verification from multiple independent providers would have prevented this exploit entirely.DeFi protocols suffered $15 billion in outflows post-hack, with Aave alone losing $9 billion in Total Value Locked as users fled trusted intermediaries. The contagion effect spread across protocols on different blockchains, including Solana-based platforms like Kamino.LayerZero's network spans 80+ blockchains with 35+ active Decentralized Verifier Networks, but default onboarding configurations created dangerous security gaps that allowed single-verifier deployments. This highlights the critical importance of secure-by-default infrastructure choices.
Table of Contents
- Attack Timeline and Attribution
- LayerZero's Cross-Chain Architecture
- The Multi-Layer Exploit Mechanism
- Configuration Failure: 1-of-1 vs Multi-DVN
- The Trusted Intermediaries Problem
- Technical Transaction Flow Analysis
- Ecosystem-Wide Impact and Contagion
- Prevention Strategies and Best Practices
- Frequently Asked Questions
Attack Timeline and Attribution
The Kelp DAO exploit unfolded with military precision over approximately 10 hours of preparation followed by a swift 46-minute execution window. Understanding the timeline reveals the sophisticated planning behind what LayerZero Labs attributed to North Korea's Lazarus Group with "preliminary confidence."
Pre-Attack Phase (April 18, 07:35 UTC)
The attackers began by pre-funding six wallets through Tornado Cash approximately 10 hours before the main drain. This preparation phase involved:
- Infrastructure positioning: Compromising LayerZero's RPC nodes that would later serve as verification sources
- Backup infiltration: Pre-compromising backup nodes to ensure successful failover exploitation
- Stealth maintenance: Ensuring compromised nodes continued serving accurate data to monitoring systems while preparing malicious payloads
Execution Phase (April 18, 17:35 UTC)
The primary drain occurred at 17:35 UTC when 116,500 rsETH worth $293 million was released from Kelp DAO's Ethereum bridge contract to attacker-controlled addresses. The technical precision is evident in transaction 0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222, which shows the Ethereum-side release came from legitimate bridge inventory despite no corresponding debit on the Unichain source.
Failed Follow-Up Attempts
At 18:26 and 18:28 UTC—exactly 46 minutes after Kelp DAO's emergency pause—the attackers attempted two additional drains that would have netted approximately 40,000 rsETH ($100 million) each. These failures demonstrate both the attackers' persistence and Kelp DAO's relatively swift incident response.
LayerZero's Cross-Chain Architecture
To understand how the layerzero security vulnerability manifested, we need to examine LayerZero's omnichain protocol architecture. LayerZero operates as a cross-chain communication protocol spanning 80+ blockchains, using a system of endpoints, libraries, and Decentralized Verifier Networks (DVNs) to facilitate message passing between chains.
Core Protocol Components
LayerZero Endpoints: Smart contracts deployed on each supported blockchain that serve as the protocol's communication hubs. For the Kelp DAO hack, the critical endpoints were:
- Unichain endpoint:
0x6F475642a6e85809B1c36Fa62763669b1b48DD5B - Ethereum endpoint:
0x1a44076050125825900e736c501f859c50fE728c
Send/Receive Libraries: These handle the cryptographic packaging and verification of cross-chain messages. The Unichain-to-Ethereum path used send library 0xC39161c743D0307EB9BCc9FEF03eeb9Dc4802de7 and receive library 0xc02Ab410f0734EFa3F14628780e6e695156024C2.
Decentralized Verifier Networks (DVNs): Independent entities that verify cross-chain messages by monitoring both source and destination chains, providing cryptoeconomic security through the CryptoEconomic DVN Framework. LayerZero's network includes 35+ active DVNs, including major providers like Google Cloud.
Message Flow Architecture
The standard LayerZero message flow follows this pattern:
- Initiation: User calls the source chain endpoint with a cross-chain message
- Packaging: Send library packages the message with cryptographic proofs
- Verification: Configured DVNs verify the message independently
- Consensus: Destination chain endpoint waits for required verification threshold
- Execution: Receive library unpacks and executes the message on the destination chain
The kelp dao hack 2026 exploited step 3 by compromising the verification layer, demonstrating how cross-chain bridge risks multiply when verification becomes centralized. This attack showed that architectural options are only as secure as the defaults protocols choose to deploy.
The Multi-Layer Exploit Mechanism
The attackers executed a sophisticated three-phase attack that exploited both infrastructure vulnerabilities and configuration weaknesses. This wasn't a traditional smart contract exploit—it was an infrastructure compromise that maintained stealth while subverting the verification process.
Phase 1: RPC Node Poisoning
The attackers compromised two of LayerZero's own RPC (Remote Procedure Call) nodes that Kelp DAO's verifier relied upon. The technical sophistication lies in how they maintained operational stealth:
- Selective data poisoning: Compromised nodes fed false transaction data to the verifier while serving accurate data to all other observers
- Monitoring evasion: LayerZero's own monitoring systems received correct data, making the attack invisible to standard surveillance
- Malicious software replacement: Complete replacement of node software with malicious versions that could discriminate between different query sources
Phase 2: Failover Exploitation via DDoS
Simultaneously, the attackers launched a distributed denial-of-service (DDoS) attack on backup infrastructure. This forced the system to failover to backup nodes—which had been pre-compromised before the attack began.
The failover mechanism is designed as a security feature, but became a vulnerability when both primary and backup infrastructure were under attacker control. This demonstrates a fundamental problem with trusted intermediaries defi solutions: even redundancy can become a liability if all backup systems share common trust assumptions.
Phase 3: Message Forgery and Asset Release
With the verification layer compromised, the attackers could forge cross-chain messages that appeared legitimate to Kelp DAO's bridge contracts. The forged message convinced the Ethereum bridge that 116,500 rsETH had been locked on Unichain, triggering the release of an equivalent amount on Ethereum.
Critically, blockchain analysis by security researcher Banteg shows that "the Ethereum-side 116,500 rsETH release came out of real, pre-funded bridge inventory on the Ethereum adapter, but it does not appear to be backed by any legitimate source-side debit on Unichain."
Attack Vector Analysis
| Attack Component | Technical Method | Impact |
|---|---|---|
| RPC Node Compromise | Malicious software replacement with selective data serving | Verifier receives false transaction confirmations |
| DDoS Failover | Distributed denial-of-service on primary infrastructure | Forces system to rely on pre-compromised backups |
| Message Forgery | False cross-chain transaction verification signals | Bridge releases $293M without legitimate backing |
| Stealth Maintenance | Accurate data to monitoring, false data to verifier | Attack remains invisible to surveillance systems |
Configuration Failure: 1-of-1 vs Multi-DVN
The root cause of this layerzero security vulnerability lies in Kelp DAO's verification configuration: the protocol used a 1-of-1 DVN setup, meaning a single verifier could approve cross-chain messages and create a catastrophic single point of failure.
Kelp DAO's Configuration (As Deployed)
Kelp DAO's rsETH bridge operated with the following verification setup:
- Verification threshold: 1-of-1 DVN (single verifier approval required)
- DVN address:
0x282b3386571f7f794450d5789911a9804fa346b4(Unichain) /0x589dedbd617e0cbcb916a9223f4d1300c294236b(Ethereum) - Redundancy: None—single verifier controlled the entire cross-chain message flow
- Security assumption: Trust in one entity's infrastructure and operational security
This configuration created what security researchers call a "god mode" vulnerability—complete protocol control through compromise of a single component.
LayerZero's Recommended Multi-DVN Configuration
LayerZero's security best practices recommend multi-DVN setups that would have prevented this attack:
- Verification threshold: N-of-M DVN (multiple independent verifiers required)
- DVN diversity: Selection from 35+ active providers including Google Cloud, independent operators
- Infrastructure separation: Different DVNs use different RPC providers, monitoring systems, and operational procedures
- Cryptoeconomic security: DVNs stake assets that can be slashed for malicious behavior under the CryptoEconomic DVN Framework launched with Eigen Labs in October 2024
The Default Configuration Controversy
The central dispute between Kelp DAO and LayerZero revolves around whose responsibility the vulnerable configuration represents. According to CoinDesk's reporting, Kelp DAO claims:
- The compromised verifier was LayerZero's own infrastructure, not a third-party provider
- The single-verifier setup was LayerZero's standard onboarding default for new protocols
- LayerZero provided this configuration as part of their integration process
This raises critical questions about default security configurations in cross-chain protocols. Even if multi-DVN setups are available, defaults matter—especially for protocols handling hundreds of millions in user funds. The fact that a $293 million protocol operated with this risky configuration reveals systemic gaps in how cross-chain infrastructure handles onboarding security.
The Trusted Intermediaries Problem
The Kelp DAO exploit exemplifies the broader trusted intermediaries defi problem that plagues cross-chain infrastructure. While DeFi protocols aim for decentralization and trustlessness, cross-chain bridges inevitably introduce trust assumptions that create systemic vulnerabilities when default configurations don't enforce proper security practices.
Trust Assumptions in Cross-Chain Bridges
Every cross-chain bridge must solve the "verification problem"—how to prove that an event occurred on one blockchain to smart contracts on another blockchain. This creates unavoidable trust assumptions:
- Oracle trust: Relying on external entities to report cross-chain state accurately
- Infrastructure trust: Depending on RPC providers, monitoring systems, and communication networks
- Operational trust: Trusting that verifiers follow protocols correctly and maintain security
- Cryptoeconomic trust: Assuming economic incentives align with honest behavior
LayerZero vs Alternative Bridge Designs
Different bridge architectures handle trust assumptions differently:
| Bridge Type | Trust Model | Example | Vulnerability |
|---|---|---|---|
| Custodial Bridges | Trust custodian with private keys | WBTC | Single entity controls all funds |
| Multi-Sig Bridges | Trust committee of signers | tBTC (threshold signatures) | Signer collusion or compromise |
| Optimistic Bridges | Trust fraud proof mechanism | Across Protocol | Challenge period vulnerabilities |
| Light Client Bridges | Trust cryptographic proofs | Teleswap (SPV proofs) | Light client consensus attacks |
| Oracle Networks | Trust verifier network | LayerZero DVNs | Verifier infrastructure (as seen in Kelp) |
Teleswap, a non-custodial Bitcoin bridge using SPV (Simplified Payment Verification) light client proofs, takes a different approach by verifying Bitcoin transactions directly on-chain without requiring trusted intermediaries. This cryptographic verification inherits Bitcoin's security model rather than introducing new trust assumptions. However, each bridge approach involves trade-offs between security, decentralization, and operational complexity.
The Decentralization Spectrum
The kelp dao hack 2026 demonstrates that "decentralized" verification networks can still have centralized failure modes. LayerZero's 35+ DVN network appears decentralized, but if protocols can choose single-verifier configurations, the practical security level collapses to the weakest link. This is related to the broader challenges of cross-chain DeFi architecture and why alternative approaches are worth evaluating.
True decentralization requires not just availability of decentralized options, but defaults and incentives that encourage their use. The incident highlights systemic issues with how cross-chain bridge risks are communicated and mitigated across the DeFi ecosystem.
Technical Transaction Flow Analysis
The technical mechanics of the exploit become clearer when examining the actual transaction flows and smart contract interactions. Banteg's detailed blockchain analysis provides the most comprehensive technical breakdown available.
Source Chain Analysis (Unichain)
On Unichain, the rsETH OFT (Omnichain Fungible Token) contract at 0xc3eacf0612346366db554c991d7858716db09f58 should have recorded a debit of 116,500 rsETH when the cross-chain transfer was initiated. However, blockchain analysis shows no corresponding transaction that would justify this massive outflow.
The investigation found:
- Missing source transaction: No legitimate burn or lock of 116,500 rsETH on Unichain
- Message origin spoofing: The cross-chain message appeared to originate from valid Unichain contracts but without backing transactions
- Verification bypass: The single DVN approved the message despite the absence of source-side backing
Destination Chain Analysis (Ethereum)
On Ethereum, the bridge contract at 0x85d456b2dff1fd8245387c0bfb64dfb700e98ef3 processed what appeared to be a legitimate cross-chain message. The critical transaction 0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222 shows:
- PayloadVerified event: Triggered at 2026-04-18 17:33:35 UTC
- Message execution: Completed at 17:35:11 UTC
- Asset release: 116,500 rsETH transferred to attacker address at 17:35:35 UTC
The two-minute delay between verification and execution is normal LayerZero protocol behavior, but in this case, the verification was based on compromised data.
Message Structure and Cryptographic Elements
LayerZero cross-chain messages contain several cryptographic elements designed to ensure authenticity:
- Nonce sequencing: Messages include sequence numbers to prevent replay attacks
- Payload hashing: Message contents are cryptographically hashed
- Source verification: DVNs verify the message originated from the correct source chain contract
- Block confirmation: DVNs wait for sufficient block confirmations before verification
The attackers didn't break these cryptographic protections—instead, they convinced the DVN that valid messages existed by providing false blockchain state data through compromised RPC nodes. This distinction is crucial: the mathematics remained sound, but the data inputs were poisoned.
Emergency Response Analysis
Kelp DAO's response timeline reveals both strengths and weaknesses in their incident response:
- Detection delay: 46 minutes between initial drain and contract pause
- Response mechanism: Emergency multisig successfully paused core contracts
- Attack continuation: Two additional attempts at 18:26 and 18:28 UTC were blocked
- Asset recovery: No recovery mechanism available for already-drained funds
The 46-minute response time, while relatively fast for a weekend incident, highlights the challenge of real-time monitoring for cross-chain protocols operating across multiple time zones and blockchain networks.
Ecosystem-Wide Impact and Contagion
The Kelp DAO exploit triggered broader confidence crisis across DeFi, demonstrating how cross-chain bridge risks can create systemic contagion effects. According to DL News reporting, investors pulled more than $15 billion from DeFi protocols in the days following the hack.
Total Value Locked (TVL) Impact
The immediate market reaction showed how deeply integrated rsETH had become across the DeFi ecosystem:
| Protocol | TVL Before Hack | TVL After Hack | Outflow Amount | Impact Reason |
|---|---|---|---|---|
| Aave | ~$40.5 billion | $17.5 billion | $9 billion | rsETH integration exposure |
| Morpho | Unknown | Unknown | $1.7 billion | rsETH collateral concerns |
| Sky (formerly MakerDAO) | Unknown | Unknown | $600 million | rsETH exposure |
| Kamino (Solana) | Unknown | Unknown | $280 million | Cross-chain contagion |
Notably, even protocols on different blockchains like Kamino on Solana experienced outflows, demonstrating how trust in cross-chain infrastructure affects the entire DeFi ecosystem. This event also raised questions about the related category of cross-chain DEX security more broadly.
Liquid Staking Token (LST) Contagion
rsETH represents staked ETH across multiple protocols (Ethereum staking, EigenLayer restaking, etc.), making it a critical piece of DeFi's yield-generating infrastructure. The hack created broader questions about:
- LST redemption mechanisms: Can users exit positions if the underlying bridge is compromised?
- Cross-protocol risk: How do failures in one layer affect the entire staking stack?
- Liquidity assumptions: What happens when major LSTs become illiquid or depeg?
Regulatory and Institutional Impact
The scale of the loss—$293 million from a single protocol—raises questions about institutional DeFi adoption:
- Custody standards: How do institutional investors evaluate cross-chain bridge risks?
- Insurance coverage: Traditional DeFi insurance typically doesn't cover bridge exploits
- Regulatory scrutiny: Large-scale hacks attract regulatory attention to DeFi infrastructure
Prevention Strategies and Best Practices
The Kelp DAO exploit offers several lessons for preventing similar layerzero security vulnerability incidents. Both protocol developers and users can implement specific measures to reduce cross-chain bridge risks.
Protocol-Level Security Measures
Multi-DVN Configuration Requirements: Protocols should mandate minimum verification thresholds:
- Require at least 2-of-3 or 3-of-5 DVN verification for production deployments
- Use geographically and operationally diverse DVN providers
- Implement automatic failover only to pre-approved, independently operated DVNs
- Regular rotation of DVN sets to prevent long-term compromise
Infrastructure Diversification: Eliminate single points of failure:
- Use multiple RPC providers from different organizations
- Implement independent monitoring systems that don't share infrastructure
- Deploy circuit breakers that halt operations when unusual patterns are detected
- Maintain air-gapped verification systems for high-value transactions
Operational Security Protocols: Human processes matter as much as code:
- 24/7 monitoring with multiple global incident response teams
- Regular security audits of infrastructure components, not just smart contracts
- Penetration testing of RPC nodes, monitoring systems, and operational procedures
- Incident response playbooks with pre-authorized emergency actions
User Protection Strategies
Individual users can reduce their exposure to cross-chain bridge risks through several approaches:
- Bridge verification: Before using a cross-chain protocol, verify its DVN configuration and security assumptions
- Asset diversification: Don't concentrate large positions in single cross-chain tokens
- Native token preference: When possible, use native assets rather than bridged versions
- Monitoring integration: Follow protocols' security updates and incident response channels
Alternative Cross-Chain Solutions
For Bitcoin-specific cross-chain needs, light client approaches like Teleswap, a non-custodial bridge using SPV (Simplified Payment Verification) proofs, offer different security trade-offs. Teleswap verifies Bitcoin transactions directly on destination chains through cryptographic proofs, eliminating the need for trusted intermediaries defi solutions typically require. This approach inherits Bitcoin's security model rather than introducing additional trust assumptions.
However, each bridge design involves trade-offs:
- Speed vs Security: Light client bridges may be slower but eliminate oracle risks
- Complexity vs Trust: More complex cryptographic solutions reduce trust requirements
- Cost vs Decentralization: Fully decentralized verification can be more expensive
Industry-Wide Improvements
The broader cross-chain infrastructure needs systemic improvements:
- Default security standards: Industry guidelines for minimum security configurations
- Standardized risk disclosure: Clear communication of trust assumptions and risks
- Insurance mechanisms: DeFi-native insurance for cross-chain bridge failures
- Emergency coordination: Cross-protocol incident response coordination
Frequently Asked Questions
What exactly caused the Kelp DAO $290 million hack?
Attackers compromised LayerZero's RPC nodes and used DDoS attacks to force failover to pre-compromised backup infrastructure, enabling them to forge cross-chain verification messages that convinced Kelp DAO's single-verifier configuration that legitimate transactions had occurred on the source chain when they hadn't. The attackers didn't break cryptographic protocols or steal private keys—instead, they poisoned the data inputs that the verification system relied upon.
Why didn't LayerZero's security systems detect the attack?
The compromised RPC nodes selectively served accurate data to monitoring systems while feeding false data to the verifier, making the attack invisible to standard surveillance. This sophisticated approach allowed the attackers to maintain operational stealth while subverting only the verification path that mattered for the exploit. Monitoring systems showed everything was normal while the actual verification process received poisoned data.
Could this attack have been prevented with different configuration settings?
Yes, using a multi-DVN configuration requiring verification from multiple independent verifiers would have prevented this attack entirely. LayerZero supports 35+ DVN providers, and requiring verification from at least 2-of-3 or 3-of-5 independent sources would have made it exponentially harder for attackers to compromise the entire verification process since they would need to simultaneously compromise multiple independent infrastructure systems.
Who is responsible—Kelp DAO or LayerZero?
Both parties dispute responsibility, with Kelp DAO claiming the vulnerable 1-of-1 DVN configuration was LayerZero's default onboarding setup using LayerZero's own infrastructure. This dispute highlights critical questions about whose responsibility it is to ensure proper security configuration for protocols handling hundreds of millions in user funds. The controversy underscores systemic issues with how default configurations are handled in cross-chain protocols.
How does this compare to other cross-chain bridge exploits?
At $290-293 million, the Kelp DAO hack is the largest cross-chain exploit of 2026 and represents a new category of infrastructure-layer attacks rather than smart contract vulnerabilities. Unlike typical bridge hacks that exploit code bugs, this attack compromised the verification infrastructure itself through RPC node poisoning and DDoS attacks. This represents a more sophisticated approach targeting infrastructure rather than logic flaws.
What makes cross-chain bridges inherently risky?
Cross-chain bridges must solve the verification problem—proving that events occurred on one blockchain to smart contracts on another—which inevitably introduces trust assumptions about oracles, infrastructure providers, or cryptographic schemes. Every bridge design involves trade-offs between security, decentralization, and operational complexity, with different failure modes and attack vectors. The Kelp DAO hack demonstrates that even well-designed protocols can fail when deployed with insecure default configurations.
Are there more secure alternatives to LayerZero for cross-chain transfers?
Different bridge architectures offer different security models, with light client approaches like Teleswap using cryptographic proofs rather than trusted verifiers for Bitcoin cross-chain transfers. Teleswap verifies Bitcoin transactions directly on-chain through SPV proofs, eliminating oracle risks while introducing different trade-offs around verification speed and computational complexity. Each approach involves different security assumptions, and users should understand the specific risks of any cross-chain solution they use.
What should protocols learn from the Kelp DAO hack?
Protocols should implement multi-DVN verification requirements by default, not offer it as an optional upgrade, and use geographically diverse infrastructure providers to eliminate correlated failure modes. Default security configurations matter more than available options—if single-point-of-failure setups are available as defaults, protocols will inevitably deploy them. Additionally, protocols need to audit not just smart contract code but also the infrastructure components that verification systems depend on.
The Kelp DAO exploit serves as a stark reminder that cross-chain infrastructure remains one of DeFi's most challenging security frontiers. While the immediate cause was a configuration vulnerability, the broader lesson is about the complexity of maintaining security across multiple blockchains and the importance of defense-in-depth strategies.
As the DeFi ecosystem continues to evolve toward multi-chain architectures, protocols must prioritize robust verification systems, diverse infrastructure, and transparent risk communication. Understanding these risks becomes essential for making informed decisions about where to deploy capital in an increasingly interconnected but still experimental financial system.
For developers working on cross-chain solutions, consider exploring different architectural approaches and their security trade-offs. Learn more about alternative bridge designs and security best practices at academy.teleswap.xyz.
