TL;DR: On April 18, 2026, attackers drained $292M from Kelp DAO’s LayerZero bridge by forging a cross-chain message through a compromised verifier. The stolen rsETH was dumped into Aave as collateral, borrowing $190M in real ETH before anyone could stop it. A developer had warned about the exact vulnerability 15 months earlier. Nobody acted. Here’s the full breakdown — and where to stake safely instead.
This article is part of our DeFi Yield Safe Alternatives Guide.
My buddy Jake in Sydney sent me a message at 6 AM Canggu time. I was on my second coffee, half-watching the surf, laptop open with my Aave dashboard on one tab. His message was just: “Have you seen what happened to Kelp?”
I had not. I opened Twitter. My coffee went cold.
PassiveYieldLab has been tracking DeFi security events since 2024, and the Kelp DAO attack is the one that genuinely made me reconsider every assumption I had about restaking protocols. Not because it was the biggest hack of 2026 — though it was. But because someone had literally written down exactly how it would happen, posted it publicly, and the DeFi community collectively shrugged.
Here is what actually happened, why it matters for your staked ETH, and what I am doing with my own positions now.
What Is Kelp DAO and Why Should You Care?
Kelp DAO is a liquid restaking protocol built on top of EigenLayer. The idea is straightforward: you deposit ETH, get rsETH in return, and that rsETH earns restaking rewards on top of normal Ethereum staking yield. It was one of the more popular restaking plays heading into 2026 — about $1.6B in TVL before April 18.
The protocol used LayerZero to bridge rsETH across multiple blockchains. That bridge is where everything fell apart.
If you held rsETH anywhere — in your wallet, deposited in a lending protocol, used as collateral — this hack affected you directly. If you were just watching from the sidelines, it still matters, because the same vulnerability applies to 47% of all LayerZero-powered applications according to post-exploit analysis.
One-liner: Understanding this attack is the price of admission for doing DeFi in 2026.
How Did the Kelp DAO Attack Actually Work?
The attack did not break any smart contracts. There was no code exploit, no flash loan manipulation, no oracle attack. The attacker broke the off-chain infrastructure that LayerZero uses to validate cross-chain messages.
Here is the sequence:
Step 1 — The target: Kelp DAO’s LayerZero bridge used a “1/1 DVN” configuration. DVN stands for Decentralized Verifier Network — the off-chain nodes that check whether cross-chain messages are legitimate. A 1/1 configuration means only one verifier needs to sign off on a transaction. No second opinion required.
Step 2 — The compromise: Attackers identified the specific RPC nodes LayerZero’s DVN was querying. They gained access to two internal nodes running on separate server clusters, replaced the software with modified versions that fed forged data to the LayerZero DVN while returning truthful data to every other system — including LayerZero’s own monitoring service. The modified nodes were engineered to self-destruct after the attack window, wiping logs and configurations clean.
Step 3 — The forge: With the verifier compromised, the attacker sent a forged cross-chain message instructing the bridge to mint 116,500 rsETH. At ~$2,500 per rsETH, that is $292M created from nothing. The single DVN signed off on it. No second check existed to flag the forgery.
Step 4 — The cashout: The forged rsETH landed in wallets the attacker controlled. Within minutes, it was deposited into Aave V3 as collateral. Against that collateral, the attacker borrowed over $190M in real WETH — actual Ethereum that had been deposited by real users.
Step 5 — The fallout: Kelp’s emergency multisig froze the protocol 46 minutes after the drain completed. Two follow-up attempts (each targeting another ~$100M) were blocked. But the damage was done. Aave held $190M+ in worthless rsETH collateral against loans that would never be repaid. Bad debt estimates reached $230M.
Forty-six minutes. That is how long it took to drain what took years to build.
The Warning Nobody Acted On
Here is the part that should keep every DeFi developer up at night.
In January 2025 — fifteen months before the attack — a developer posted on the Aave governance forum. The message was specific: Kelp’s 1/1 DVN configuration was a critical single point of failure. One compromised validator signature could trigger the bridge to release funds. Multiple DVN verifications were necessary to prevent exactly this kind of forgery.
LayerZero had even launched a CryptoEconomic DVN Framework with Eigen Labs in October 2024, specifically designed to address 1/1 DVN vulnerabilities. The tooling existed. The warning existed. The configuration never changed.
I am not here to assign blame. But I will say this: in my own portfolio, I have started treating “audited smart contracts” and “safe protocol” as two completely different things. The smart contracts were fine. The off-chain infrastructure was the problem, and that is a lot harder to audit from the outside.
Confession moment: I had $3,000 worth of rsETH sitting in a position I had forgotten to rebalance. Not a life-changing amount, but enough to make me stare at my laptop in a Canggu café at 6 AM with a knot in my stomach. I got out before things got worse, but only because Jake texted me. That is not a risk management system. That is luck.
What Happened to Aave — And Everyone Else
The direct theft was $292M. But the cascade was bigger.
Aave V3 ended up holding rsETH collateral that was effectively worthless against real ETH loans. Bad debt estimates settled around $177M–$230M depending on how the collateral was valued post-exploit. The Aave community governance forum lit up with proposals and recriminations.
Lido’s EarnETH product had $21.6M in rsETH deposits. Those withdrawals were frozen pending resolution. Ethereum stakers using Lido saw their rsETH exposure crystallize overnight from “minor cross-protocol risk” to “locked and uncertain.”
Total DeFi TVL dropped $13.21B in the days following the attack. Not all of that was direct losses — most was users withdrawing from protocols out of fear. The fear was rational.
Arbitrum’s Security Council, coordinating with law enforcement, managed to freeze over 30,000 ETH of downstream attacker funds. The attribution — North Korea’s Lazarus Group — came quickly. Recovery of the funds is a different story.
Safe ETH Staking Alternatives Right Now
So where does that leave stakers in late April 2026?
The honest answer: there is no risk-free yield. But there is a meaningful difference between protocols with transparent, well-understood risk and protocols with single-point-of-failure bridge configurations nobody audited properly.
Here is what I am actually holding right now (as of April 29, 2026 — rates fluctuate and this is not financial advice):
| Protocol | Type | APY (approx.) | Key Risk |
|---|---|---|---|
| Lido (stETH) | Liquid staking | 3–4% | Smart contract, governance |
| Rocket Pool (rETH) | Decentralized liquid staking | ~3.3% | Smart contract, liquidity |
| Native ETH validator | Direct staking | 3.5–4% | 32 ETH minimum, slashing |
| Binance ETH staking | Exchange staking | ~3–4% | Custodial, counterparty |
APY fluctuates based on network conditions. Data as of April 2026.
Lido is the largest liquid staking protocol and has been audited by eight independent firms including ChainSecurity and SigmaPrime. It does not use cross-chain bridges for its core staking mechanism. The $21.6M rsETH freeze hurt their EarnETH product, but stETH itself was not directly affected. I still use Lido for a chunk of my ETH exposure. Start here if you want simplicity — get started with Binance staking if you prefer the exchange route.
Rocket Pool is more decentralized than Lido, which I like in principle. rETH appreciates in value rather than distributing new tokens, which has tax advantages in some jurisdictions. APY sits around 3.3% currently. Smaller TVL than Lido, but the decentralized node operator structure is genuinely different from a security standpoint.
Native validator staking requires 32 ETH (~$75K at current prices) and locks your ETH for an unbonding period. If you have that capital and want maximum security — you control the keys, no bridge, no intermediary — this is the cleanest option. Not accessible for most retail stakers.
Exchange staking through OKX or Bybit is custodial but simple. You are trusting the exchange rather than a smart contract. Different risk profile, not necessarily lower risk — but easier to understand for newer users.
What I am avoiding right now: any restaking protocol that uses cross-chain bridges with unverified DVN configurations. That rules out most of the newer restaking plays until they publish transparent multi-DVN setups.
For more on where I moved my stable yield positions after the hack, see Best Stablecoin Yield After the Kelp Hack.
What to Check in Your Own Portfolio
If you have any exposure to LayerZero-powered protocols, here is a quick checklist worth running before you go to sleep tonight:
- Does the protocol publish its DVN configuration publicly? 1/1 = red flag.
- How much of your collateral in lending protocols is restaking tokens (rsETH, weETH, ezETH)?
- What is the emergency pause mechanism? How long would it take to freeze the contract?
- Have the off-chain components (oracles, bridges, DVNs) been independently audited — not just the smart contracts?
None of this guarantees safety. But not asking these questions guarantees you are flying blind.
Also worth reading: our DeFi Risk Alert Bot guide — I built a basic monitoring setup that pings me when unusual collateral deposits hit Aave. Would have gotten me out faster on April 18.
One-liner: The DeFi protocol is only as secure as its weakest off-chain dependency.
FAQ
How did the Kelp DAO attack happen? Attackers compromised two LayerZero verifier nodes (DVNs) to forge a cross-chain message, minting 116,500 rsETH worth ~$292M. They deposited the fake rsETH into Aave as collateral and borrowed $190M in real WETH before the protocol could respond.
How much did the exploit cost DeFi? The direct theft was $292M. Aave faced ~$230M in bad debt. Total DeFi TVL dropped $13.21B in the aftermath as users fled related protocols.
Was the Kelp DAO vulnerability known beforehand? Yes. A developer posted on the Aave governance forum in January 2025 — 15 months before the attack — explicitly warning that Kelp’s 1/1 DVN configuration was a single point of failure. The configuration was never changed.
Is stETH or rETH safe after this hack? Lido (stETH) and Rocket Pool (rETH) do not use cross-chain bridges for their core staking. The specific bridge vulnerability that caused the Kelp DAO hack does not apply to them. They carry smart contract risk like any DeFi protocol, but it is a different and more well-understood risk.
What is a DVN? DVN stands for Decentralized Verifier Network. It is the off-chain component that validates cross-chain messages in LayerZero. A 1/1 DVN configuration means only one verifier approves each transaction — so a compromised verifier can forge any message with no backup check.
Should I avoid all restaking protocols now? I am not avoiding restaking entirely, but I am only using protocols that publish multi-DVN configurations and have clear emergency mechanisms. The concept of restaking is sound. The execution risk varies wildly between protocols.
The Bottom Line
The Kelp DAO attack was not inevitable. It was predictable — someone literally predicted it. The $292M drain, the $230M in Aave bad debt, the $13B TVL wipeout: all of it traces back to a configuration decision that took five minutes to make and fifteen months to exploit.
I am not telling you DeFi is dead. I am telling you that “audited smart contracts” is not the same as “safe protocol.” The off-chain stuff matters just as much, and most users — myself included — were not paying enough attention to it.
The best version of this story is that we learn from it. Tighter bridge configurations, mandatory multi-DVN requirements, more rigorous off-chain audits. The worst version is that we forget in six months when yields get juicy again.
Check your positions. Diversify your risk. And maybe set up an alert for unusual Aave collateral movements.
This is what I do, not what you should do. Not financial advice — just a dad with a spreadsheet and a surfboard trying to not lose his shirt in the process.
Risk disclaimer: DeFi protocols carry significant risks including smart contract vulnerabilities, bridge exploits, oracle manipulation, and total loss of funds. APY rates are approximate and fluctuate constantly. Always do your own research before depositing funds into any protocol.
Join the Discussion