KelpDAO Hack: The full Picture of a $292 Million Disaster

Context Around the KelpDAO Hack

What Is KelpDAO (rsETH)?

Launched in late 2023, KelpDAO quickly established itself as one of the leading liquid restaking protocols in the Ethereum ecosystem. Its core value proposition is straightforward: users deposit Liquid Staking Tokens (LSTs) such as stETH, cbETH, or raw ETH, and in return receive rsETH, the protocol's native liquid restaking token.

The appeal lies in its ability to stack yields. By holding rsETH, users simultaneously collect income from two distinct sources: ETH staking rewards, where validators secure the Ethereum network, and the EigenLayer restaking layer, where that same capital is redeployed to secure additional protocols.

Unlike traditional staking positions, rsETH preserves full DeFi composability: it can be used as collateral in lending protocols, supplied to liquidity pools, or bridged across chains via LayerZero's OFT (Omnichain Fungible Token) infrastructure, all while the underlying capital continues generating yield from both layers.

KelpDAO deployed rsETH on more than 16 blockchains using LayerZero's OFT standard to enable this cross-chain liquidity. At its peak in mid-2025, the protocol attracted over $2 billion in TVL, making it one of the most significant players in the liquid restaking category before the hack.

Of course, every layer of this yield-stacking strategy introduces an additional point of fragility: staking risk, slashing risk, smart contract risk, oracle risk, and cross-chain bridging infrastructure risk. These are all risks that rsETH holders accept implicitly by participating in the protocol.

The LayerZero-KelpDAO Relationship

To make rsETH usable across the multichain ecosystem, KelpDAO integrated with LayerZero, an interoperability protocol that enables cross-chain messaging. Specifically, KelpDAO adopted LayerZero's Omnichain Fungible Token (OFT) standard, which allows tokens native to one chain to be represented on other chains through a lock-and-mint mechanism.

The mechanism is fairly intuitive and follows the same pattern as other OFT tokens issued by LayerZero.

In practice, rsETH is native to Ethereum Mainnet. When a user bridges their rsETH to an L2 such as Arbitrum or Base, the tokens are locked on Ethereum inside the OFT Adapter - a smart contract that acts as the custodian of all "real" rsETH on Ethereum.

Simultaneously, an equivalent amount of rsETH is minted on the destination chain. When the user wants to get back the original rsETH, the process reverses: the rsETH minted are burned on the L2, and the OFT Adapter releases the corresponding rsETH back to the user on Ethereum.

Cross-chain message verification relies on configurable sets of Decentralized Verifier Networks (DVNs) and Executors. The security of this setup depends on the diversity and reliability of the chosen operators, along with their verification methods. Some are cryptographic, others not, as was the case with Kelp.

In LayerZero's architecture, each application developer defines their own security stack with a combination of DVNs that must independently verify every cross-chain message before it is executed. In KelpDAO's case, only one DVN was operational for bridged rsETH. The OFT Adapter releases funds only after receiving confirmation that a valid burn occurred on the source chain.

LayerZero maintains a list of whitelisted DVN providers along with recommendations for protocols. These recommendations explicitly include using multiple DVNs to eliminate single points of failure. KelpDAO, however, opted for a single one DVN operated by LayerZero Labs itself, a detail that would prove consequential. More on that later.

This design places enormous trust in what is known as the bridge invariant: the assumption that the amount of rsETH locked in the Ethereum adapter will always be greater than or equal to the total rsETH minted across all other chains.

How the Attack Happened

To understand how $292 million was drained without any smart contract vulnerability, it is essential to understand how LayerZero's verification infrastructure works and where it failed. The attack of April 18, 2026 was methodical, highly sophisticated, and almost certainly the result of weeks of preparation. It has since been attributed to North Korea, specifically the TraderTraitor branch of the Lazarus Group.

The first visible on-chain trace of the attack came on April 18th, when the attacker's wallet received approximately $230 worth of ETH from Tornado Cash. For a more technical analysis of the attack, we highly recommend reading Banteg’s investigation on his Github.

• The technical aspects of the attack

The attack began in the afternoon. At 17:35 UTC, the attacker called lzReceive which is the LayerZero endpoint responsible for processing incoming cross-chain messages. The attackers had previously obtained a list of RPCs used by the LayerZero Labs DVN, compromised two separate nodes, replaced the op-geth binary, and simultaneously launched a DDoS attack against one uninfected RPC.

This triggered a failover that allowed the DVN to confirm transactions that had never actually occurred. The DDoS attack likely targeted the RPC operated by QuickNode.

DVNs read from RPC nodes that give the blockchain's state and allow external systems to query on-chain data. In a properly secured configuration, multiple independent DVNs (each using different RPC providers with different hosting and infrastructures) would need to independently confirm a burn before the OFT Adapter would release tokens. Had one DVN been compromised, the others would still reject the fraudulent message.

The compromised DVN then verified a forged inbound packet claiming that 116,500 rsETH had been burned on Unichain, a burn that had never taken place. As confirmed by the Aave incident report, "the Unichain outbound nonce remained at 307 while Ethereum accepted nonce 308", a discrepancy that reveals the fabricated nature of the message.

Trusting the DVN's attestation, the OFT Adapter on Ethereum released 116,500 rsETH from its reserves to the attacker. In a single transaction, the adapter's balance dropped from 116,723 rsETH to just 223. A near-complete drain of every real token backing cross-chain rsETH positions. The malware then self-destructed, deleting all traces.

To get you a practical explanation of what happened: the software compromised 2 of 3 communication tools that forged a message transmitted to the DVN and allowed to drain all the backing of rsETH without any proper authorizations.

• Kelp's emergency response

KelpDAO's emergency response team detected the suspicious activity and moved to pause all rsETH contracts. The pause was executed approximately 46 minutes after the initial drain. That window, while narrow, was enough for the attacker to have already secured the funds.

The attacker attempted two additional transactions to drain another 40,000 rsETH, worth close to $100 million. A second packet had already been verified by the same compromised DVN, but reverted at the OFT Adapter level because Kelp had frozen the recipient address. This prevented losses from rising to $391 million. 

• The hacker's strategy for selling stolen funds

Selling such a large amount of rsETH directly on the open market would have been catastrophic for price and easily traced. Instead, the stolen tokens were distributed out from the initial hacker’s wallet across 7 separate addresses, which then proceeded to deposit the rsETH as collateral on DeFi lending protocols, primarily Aave V3 on both Ethereum mainnet and Arbitrum, borrowing liquid WETH and wstETH in exchange.

According to the LlamaRisk’s incident report, 89,567 rsETH were deposited on Aave as collateral, with the attacker borrowing a total of 82,650 WETH and 821 wstETH across the seven attacker addresses. Smaller amounts were also deposited on Euler and Compound, yielding approximately $840,000 and $39.4 million in additional borrows respectively.

The attacker was able to borrow such a large amount of ETH against its collateral because rsETH was integrated in the Aave e-mode, the High Efficiency part of the protocol that selects optimized assets to borrow and lend against. Inclusion in e-mode requires highly correlated asset values (stablecoin-to-stablecoin, or, in this case, ETH-correlated asset to ETH). Aave also offered the deepest liquidity of any available venue, which pushed the attacker toward the protocol over direct swaps.

With the OFT Adapter on Ethereum now nearly empty, every rsETH token on every L2 was mechanically undercollateralized - backed by at most 40,373 rsETH in adapter reserves against total L2 claims of 152,577 rsETH. The 1:1 peg between L2 rsETH and its Ethereum-native counterpart had been broken.

One question remains unanswered: how did the attacker obtain the RPC node list and gain root-level access to production infrastructure? This points to either a prior unreported LayerZero compromise, a breached deployment pipeline, or insider access - rather than any Kelp-side misconfiguration. Neither party's post-incident communications addressed this directly.

The Contagion Across DeFi

The fallout from the KelpDAO exploit did not stay contained within the protocol. Within hours, panic spread across the LayerZero ecosystem as protocols rushed to assess their exposure and preemptively freeze any bridge relying on LayerZero's OFT infrastructure, even those completely unrelated to rsETH.

Aave quickly froze rsETH markets on its V3 and V4 deployments to block new activity, while in response to the news, the AAVE token fell roughly 11%. Compound took equally swift protective steps. Euler, Fluid, Spark, and Morpho all implemented pauses or isolated risk measures for affected positions. Lido Finance halted new deposits into its EarnETH product due to rsETH exposure.

Over the following 24 hours, more than 25 protocols paused their LayerZero bridges as a precautionary measure. These included Ethena (which paused its OFT bridges from Ethereum mainnet while stressing it had "no exposure to rsETH"), EtherFi (which paused LayerZero bridging for weETH and eETH), Curve (which paused CRV bridging), WBTC via both BitGo and Wrapped Bitcoin, Morpho, Pudgy Penguins (PENGU), USDT0, Kamino, Swell, and dozens of others. Some protocols, such as Orderly Network, or f(x) protocol used the crisis as an opportunity to upgrade its own DVN configurations, and timelock parameters respectively.

The indirect exposure through Lido Finance's EarnETH product added another layer of complexity to the contagion. Lido Finance disclosed that "EarnETH has direct exposure to rsETH through an Aave levered rsETH/ETH position amounting to approximately 9% of the vault ($21.6M)."

Deposits and withdrawals into EarnETH were immediately halted, and Lido confirmed that its $3 million first-loss protection mechanism (funded by the Lido DAO treasury) would be applied if needed to cover vault losses. Lido clarified that stETH, wstETH, and the core Lido staking protocol itself were entirely unaffected and the rsETH exposure was limited to a single vault.

DeFi TVL fell 7% in 24 hours to $86 billion following the incident. Aave alone saw approximately $10.1 billion in net outflows as depositors rushed to reduce their exposure, pushing its TVL from roughly $45.8 billion to $35.7 billion. Around 16.5% of the ETH market was reportedly "supported" by rsETH-linked exposure - a figure that underscores just how deeply cross-chain infrastructure and restaking-linked collateral had become embedded in DeFi's liquidity architecture.

Overall, one of the things to note here is the “problem” with DeFi’s composability. KelpDAO was integrated into Lido (the largest liquid staking protocol that ran a earn vault with rsETH exposure), and into Aave (in the most capital-efficient mode, enabling leveraged loops), as well as many other protocols.

Once the panic spread, stablecoins were drawn into the contagion as well, as cautious investors triggered a broader bank run across DeFi protocols. As usual, leveraged positions bore the brunt. Both stETH and sUSDe depegged as DeFi users rushed to unwind their positions on lending protocols. This created a wave of arbitrage opportunities, but also pushed a significant number of lending positions toward liquidation.

Responsibilities of Each Actor

The question of who bears responsibility for the $292 million loss quickly became one of the most contentious debates in the DeFi space. Within 48 hours, three parties were exchanging pointed public statements, each deflecting blame onto the others. As of the time of writing, no party has issued a concrete resolution, and the question of who will ultimately bear the loss remains open.

In this part of the report we will go over the statements issued by the affected protocols.

KelpDAO's Position

KelpDAO's official position, published via their X account, is that the 1-of-1 DVN configuration was not a rogue choice but LayerZero's own default :

"The compromised DVN used LayerZero's own infrastructure. LayerZero hosted two RPC nodes that were compromised, and a third was DDoSed. This is an attack against LayerZero infrastructure. Kelp's own systems were not involved in building or operating this infrastructure. The 1/1 DVN configuration is documented in LayerZero's documentation and is the default setting for all new OFT deployments. During Kelp's L2 expansion, DVN configuration was discussed, and the default configuration was explicitly confirmed as appropriate at that time."

Kelp plans to contest LayerZero's characterization of the "1/1 configuration" as an outlier choice, considering LayerZero's own quickstart guide and default GitHub configuration point to a 1/1 DVN setup. The worst part is that according to compiled data, approximately 32% of protocols using LayerZero currently use the same configuration.

In LayerZero's own V2 OApp Quickstart, the sample layerzero.config.ts wires every pathway with one required DVN and no optional DVNs. According to Kelp, the protocol relied on LayerZero's documentation and defaults when making its configuration decisions, and despite a direct communications channel with LayerZero open since July 2024, no specific recommendation to change the rsETH DVN configuration was ever produced.

This position drew notable support from the security research community. Banteg published a technical review of LayerZero's public deployment code, noting that the reference setup ships with a 1/1 configuration, and flagging that LayerZero routinely asks new operators to use its default setup.

LayerZero's Position

LayerZero's official statement took the opposite view.

"LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration", the company stated. The protocol also argued that the incident was isolated to rsETH, with no broader contagion across other applications or assets.

LayerZero's technical post-mortem emphasized that its core protocol was not compromised: no LayerZero smart contracts were exploited, no private keys were exposed. The failure, it argued, was architectural and application-specific which is a single point of failure that LayerZero's own documentation explicitly warns against. Its integration checklist states: "Do: Use more than one DVN for each production pathway instead of relying on a single DVN" and "Don't: Configure only one DVN for a pathway and treat it as production-ready."

LayerZero has since announced a mandatory policy change: it will stop signing or attesting messages for any application maintaining single-DVN configurations. All projects currently using 1/1 setups must migrate to multi-DVN architectures. LayerZero operates across 80+ blockchains with 35 active DVNs, including providers such as Google Cloud. According to them, best practice calls for multiple independent verifiers checking each cross-chain message, in other words exactly what Kelp didn't implement.

The truth likely lies somewhere between both narratives. LayerZero's documentation does contain a checklist warning against 1/1 configurations but this caveat appears in an integration checklist, not in the default code that new protocol developers encounter first.

In our view, both parties bear meaningful responsibility: KelpDAO for not conducting a more thorough security review of its bridge configuration, and LayerZero for burying the dangers of its default configuration where most developers are unlikely to find them. More fundamentally, a 1/1 DVN configuration should never have been permissible in the first place.

The result, for now, is that DeFi users appear to be the ones absorbing the loss. The various possible scenarios were outlined in the publication posted on the Aave governance forum by LlamaRisk.

Aave's Role

Aave occupies a different position in this story. The protocol was neither a target nor a party to the bridge configuration decisions - it was a composability victim. Aave's contracts, oracle system, and liquidation mechanisms all operated exactly as designed throughout the incident. In fact, the breach did not originate from its own smart contracts.

The issue is not that Aave malfunctioned but it is that Aave's risk framework accepted rsETH as collateral with a loan-to-value ratio of up to 95% without incorporating any analysis of the bridge security architecture underlying rsETH's cross-chain representations. It’s worth noting that in February 2025, during governance discussions regarding the listing of rsETH on Arbitrum and Base, BGD Labs explicitly highlighted the risks of relying on a single DVN and recommended a multi-DVN configuration. Despite these warnings, the recommendations were ultimately disregarded.

When the attacker used stolen, artificially minted rsETH to borrow real WETH, Aave processed those transactions correctly. The protocol had no way of knowing that the collateral was fraudulent since it was approved on the L1 side. By the time the alert was raised and markets were frozen, 89,567 rsETH worth $221 million had already been deposited across Aave's markets, with $193 million in WETH and wstETH borrowed against it.

These positions are now locked with health factors of just 1.01 to 1.03, razor-thin margins that leave Aave with virtually no before bad debt materializes.

This is the essence of DeFi composability risk : Aave is now holding positions it cannot safely liquidate (WETH pools are at 100% utilization, making liquidation technically difficult), against collateral of uncertain value, as an innocent bystander to a failure that originated four protocol layers above it in the stack.

Anyway, as Emilio, VP of Engineering at Aave, explained, the protocol is currently in a "wait-and-see" position, pending responses from LayerZero and Kelp before deciding whether to freeze the affected markets.

"We are doing our best, but our actions depend on others first; without that, our hands are tied from that perspective. We are developing other possibilities that have no dependency on anyone, but those take time", he stated.

According to LlamaRisk’s modeling, the potential bad debt ranges from $123.7 million (uniform socialization) to $230.1 million (losses isolated to L2 rsETH). But once again, at this stage, these remain purely hypothetical scenarios. The ultimate outcome will heavily depend on the strategic decisions made by KelpDAO and LayerZero.

The Situation at Aave

Of the 116,500 rsETH stolen, the Aave incident report confirms that 89,567 rsETH (representing 76.9% of the total amount stolen) were deposited as collateral on Aave V3. The positions are distributed across Ethereum mainnet and Arbitrum via seven attacker addresses, as follows:

Aave's defensive response was swift. The Protocol Guardian began freezing all rsETH and wrsETH reserves across all Aave V3 deployments at approximately 19:00 UTC on April 18. The action set LTV to zero and disabled new supply and borrowing while leaving existing positions eligible for repayment and liquidation.

Eleven markets across Ethereum, Arbitrum, Avalanche, Base, Ink, Linea, Mantle, MegaETH, Plasma, and Zksync were affected. The Risk Steward then adjusted WETH interest rate models on April 19, reducing borrow rates from 8.5-10.5% to 3.0% APR at 100% utilization, to prevent the accruing interest from accelerating the bad debt. On April 20, WETH itself was frozen on Core, Prime, Arbitrum, Base, Mantle, and Linea to prevent further WETH borrows that could compound the exposure.

Aave's smart contracts were not compromised at any point during these events. All protocol logic, including supply, repayment, and liquidation mechanisms, continued to function as designed. The incident originated entirely outside of Aave.

However, a severe secondary problem emerged: WETH reserves across Ethereum, Arbitrum, Base, Linea, and Mantle are all at 100% utilization. Every single WETH deposited into these markets is already out on loan, leaving idle balances of less than $20 per chain.

This creates a practical impediment to liquidations: when a liquidator attempts to seize WETH collateral, the pool cannot pay out WETH directly and instead issues aWETH tokens - keeping the liquidator's capital tied up in the reserve. Llamarisk flagged Base and Arbitrum as the least buffered-markets, with first liquidations triggered at WETH price drops of just 0.77% and 1.77% respectively, given that positions are running at health factors around 1.03.

As of April 20, 2026, the Aave DAO treasury holds $181 million in assets, including $62 million in Ethereum-correlated holdings, $54 million in AAVE tokens, and $52 million in stablecoins. The DAO generated $145 million in total revenue during 2025 and $38 million year-to-date in 2026. Llamarisk confirmed that several indicative commitments from ecosystem participants are already in place to address potential bad-debt scenarios.

Under Scenario 1 (uniform socialization of losses), the Umbrella WETH Safety Module - holding approximately 23,507 aWETH worth $54 million - could partially offset Ethereum Core's bad debt. However, 18,922 aWETH (80% of the module) has already entered the unstaking cooldown, meaning stakers are attempting to exit before the module can be deployed as a backstop. Aave's service providers have recommended pausing the Umbrella module immediately to prevent further capital flight and preserve its coverage capacity.

As of April 21st, the WETH deposits have been unfrozen allowing users to supply WETH to the Ethereum Mainnet instance of the protocol.

Following these events, Aave's TVL has taken a significant hit, with over $10 billion leaving the protocol. Despite Aave's decline, Morpho did not see a meaningful offsetting gain, also experiencing around $1.2 billion in outflows since the hack.

Other protocols, such as Sky, have used the moment to publicly attack Aave's situation and assign blame to the protocol. Meanwhile Spark's TVL gained approximately $825 million, up 22%, since the hack took place.

Is This Contagion Contained?

The surface-level answer is yes: no additional protocol beyond KelpDAO itself was directly exploited. Every protocol that paused its LayerZero bridges did so as a precautionary measure, and most confirmed they had zero direct exposure to rsETH.

As noted earlier in this report, LayerZero will require all operators of OFT tokens on its infrastructure to integrate at least two DVNs going forward.

Blockdaemon, one of LayerZero's DVN infrastructure providers, played a constructive role in the containment. Their team worked with LayerZero to audit and upgrade DVN configurations across at-risk protocols, and their infrastructure tooling was used by multiple protocols to verify their own DVN setups.

The deeper answer, however, is more complicated. The real damage is concentrated in two places: within Aave's markets, where up to $230 million in bad debt may materialize depending on how Kelp allocates losses; and within the rsETH ecosystem on L2s, where the OFT Adapter's near-depletion means that every rsETH token on every L2 is backed by at most 26 cents on the dollar.

Beyond Aave, many protocols had been using rsETH for looping strategies or simple yield deposits. The problem now is pool utilization, with little to no liquidity remaining in affected reserves. Among those yet to disclose the full impact: Upshift, Kiln, World Liberty Financial, TempleDAO, Midas, Resolve Labs, Mellow Finance, and many others that still have not disclosed the impact of the situation on their holdings.

It is also unclear how asset managers and funds are affected by the current scenario. Hyperithm, for instance, had several looping positions on Aave with rsETH as collateral borrowing WETH. Their situation remains as uncertain as the one for the aforementioned protocols - all waiting on KelpDAO and LayerZero communications.

On the infrastructure side, LayerZero Labs has confirmed that all affected RPC nodes have been deprecated and replaced, and that its DVN has resumed normal operations.

On April 21st, the Arbitrum Security Council froze the 30,766 ETH held on its chain. This decision has always been possible on Arbitrum given the power of this council that can be explicitly seen on L2Beat. In practice, this means that the roughly $71.5 million in Arbitrum-side exposition has already been contained. These funds are currently frozen and await resolution from Layer Zero and KelpDAO.

The immediate infrastructure threat is contained. What remains unresolved is the financial fallout: the bad debt sitting on Aave's books, the open question of how Kelp will allocate losses between mainnet and L2 rsETH holders, and the uncertain fate of the attacker's funds.

Who gets the haircut?

The most consequential unresolved question of this incident is deceptively simple: who bears the loss?

The answer hinges on a technical distinction that most rsETH holders likely never considered : Ethereum mainnet rsETH is backed by Kelp's actual ETH staking positions, with real ETH deposits that earn yield and can be redeemed through Kelp's normal withdrawal process. The OFT Adapter has nothing to do with this backing. L2 rsETH, by contrast, is backed exclusively by the Ethereum OFT Adapter, which was almost entirely drained.

The 40,373 rsETH remaining in the adapter after the blocked second attack represents only 26.46% of the 152,577 rsETH currently circulating across all L2s.

The Aave incident report by Llama Risk models two plausible scenarios for how Kelp resolves this discrepancy:

• Scenario 1: Uniform Socialization of Losses.

Under this approach, the 112,204 unbacked rsETH (the gap between what was stolen and what was recovered) dilutes the entire rsETH supply equally - mainnet and L2 holders alike. The math produces a 15.11% depeg, meaning every rsETH retains 84.89% of its pre-hack oracle value.

On Aave, this translates to approximately $123.7 million in total bad debt, concentrated primarily on Ethereum Core ($91.8M). While significant in absolute terms, that represents only 1.54% of its $5.98B WETH reserve. Mantle faces the highest proportional pressure at a 9.54% WETH shortfall. Under this scenario, the Ethereum Core Umbrella WETH module ($54M) could absorb a meaningful portion of the damage.

• Scenario 2: Losses Isolated to L2 rsETH.

Under this approach, mainnet rsETH is treated as fully intact (backed by real ETH), while L2 rsETH is repriced to reflect the actual adapter backing ratio of 26.46%, translating to a 73.54% haircut. The financial consequences are catastrophic for L2 markets.

Total bad debt rises to $230.1 million, entirely concentrated on L2 chains. Mantle faces a 71.45% WETH shortfall, meaning more than 70% of every WETH supplied to Mantle's Aave market could be lost. Arbitrum faces a 26.67% shortfall, and Base a 23.28% shortfall.

The two scenarios expose a profound asymmetry in who bears the pain. Scenario 1 is more equitable but spreads modest damage across all rsETH holders. While scenario 2 seems technically more defensible (L2 rsETH holders face the direct consequences of the bridge failure they were exposed to), it would be catastrophic for Mantle and Arbitrum's Aave markets specifically.

Moreover, the situation has also sparked significant backlash among affected users. Their primary defense rests on LayerZero's own documentation, which stipulates that Omnichain Fungible Tokens (OFTs) benefit from unified liquidity. In these users view, this implies a fungibility that transcends network boundaries: theoretically, rsETH holders on Layer 1 should hold no greater claim or seniority over the underlying liquidity than those holding the asset on Layer 2.

For its part, Kelp has never explicitly addressed a potential hierarchy of claims or seniority in the event of a cross-chain infrastructure failure. Anyway, as of now, the choice is Kelp's to make, and as of the time of writing, no official decision has been published.

Arbitrum's response to the crisis introduced yet another dimension to this story. On April 21st, the Arbitrum security council called a specific type of transaction ArbitrumUnsignedTxType (EIP-2718) that allowed the Arbitrum DAO to transfer 30,776 ETH valued at around $70.6 million from the hacker’s address to the address controlled by the DAO.

These funds will be held pending resolution based on decisions made by the other parties. It’s worth noting that this function has always been part of ArbOS but had never been used until now. Only the 12-member Arbitrum Security Council has the authority to invoke it.

This decision provoked mixed feelings and multiple public debates. While it does set a precedent for this feature to be activated for less important reasons and puts huge weight of responsibility on Arbitrum’s Security Council, it is important to see the consequences for the chain and holders if this decision hadn’t been taken. While many see it as a breaking point for decentralization, the choice for the Security Council was to act quick and save $70M of funds going directly to North Korea, or doing nothing and affecting DeFi users.

While we are, as an industry, finding ourselves in somewhat of a limbo between Decentralized Finance and on-chain finance, we definitely took a step towards something less decentralized that protects users over decentralization. It is also important to highlight that now that this feature has been used once, it will likely dissuade hackers from trying to steal funds on Arbitrum in the future.

What People Should Learn From This Going Forward

The KelpDAO exploit is the largest DeFi hack of 2026. But its significance extends well beyond its size : it reveals a set of structural vulnerabilities that are not specific to KelpDAO. In reality, they are endemic to how cross-chain protocols are designed, deployed, and evaluated by the protocols and users that depend on them.

1. The 1/1 DVN problem is not an isolated case. 

The Dune Analytics dashboard tracking LayerZero DVN configurations we mentioned before revealed in the aftermath of the hack that approximately 32% of LayerZero OApps use minimal DVN security, configurations similar to or as weak as KelpDAO's. The KelpDAO hack was a demonstration of what happens when a single verifier is compromised.

It is, however, important to note that a 2/2 DVN configuration would not have changed much in this specific case. If two separate DVNs rely on the same underlying infrastructure and the same RPCs, the attack would probably have produced similar outcomes at little additional cost to the attacker.

In this case, multiple DVNs should be differentiated by their RPC provider diversification, verification diversity with a potential introduction of zk proofs instead of simple RPCs, as well as a separate key management system that would reduce single points of failure for these DVNs.

2. Infrastructure-layer attacks bypass traditional security models. 

The KelpDAO incident began at the infrastructure layer, not within smart contracts, which allowed it to bypass expected security checks. Attackers targeted the messaging system that verifies cross-chain transfers, rather than the contract logic itself.

Traditional smart contract audits, the primary security tool in DeFi, would not have detected this vulnerability. The attack surface was an off-chain system: the RPC infrastructure feeding data to a DVN. This represents a category of risk that is almost entirely absent from standard protocol risk assessments, and it demands a new discipline of infrastructure-layer security review.

3. DeFi composability is a systemic risk amplifier. 

rsETH was embedded across dozens of protocols, chains, and strategies. Composability, the very feature that makes DeFi so innovative, becomes a systemic liability when a single connected asset is compromised. If a liquid restaking token like rsETH fails, every yield-farming strategy and lending pool utilizing it faces immediate insolvency. Protocols that accepted rsETH as collateral were implicitly accepting the security properties of KelpDAO's bridge, a risk that was never made explicit in their risk frameworks, because the bridge architecture was never scrutinized as a collateral quality factor.

Going forward, collateral onboarding and its cross-chain deployment should be scrutinized thoroughly by risk managers. Whenever an existing asset issuer expands to new chains, risk parameters should be revisited after a proper review of the cross-chain structure and its security.

Aave's smart contracts worked perfectly. Its liquidation mechanisms, interest rate models, and risk steward response were all coordinated. But its risk parameters, specifically, accepting L2 rsETH as collateral with up to 95% LTV without analyzing the bridge invariant, left it exposed to external failures. Going forward, any token whose value depends on a cross-chain bridge invariant should have that bridge's security configuration incorporated into its risk assessment.

A 1/1 DVN-backed token is a fundamentally different risk profile from a multi-verifier or natively bridged token.

Conclusion

Before presenting our own opinion on the situation, we would like to thank the researchers and sources that made this report possible. In particular: Banteg (@banteg), Tay (@tayvano_), Seal911 (_SEAL_Org), LlamaAI (DefiLlama’s AI that was used to gather more sources and data for the report), AlphaFolio (@AlphaFolio), as well as the communications from the various parties involved.

Based on the findings, it is clear that all parties involved and affected by this hack have been attempting to shift blame onto others. LayerZero doesn’t want to take responsibility for its DVN infrastructure failing. KelpDAO doesn’t want to take responsibility for ignoring published guidelines. rsETH holders on Ethereum Mainnet don’t want to get a haircut on their holdings because they never signed up for bridge risk. Aave does not want accountability for integrating rsETH into its e-mode configuration despite a demonstrably weak risk setup on LayerZero's infrastructure.

Arbitrum’s decision to freeze the hacker’s funds has set a precedent for their entire chain and a possible legal liability in a case when another hack happens with no reaction on the Security Council’s end. While it does dissuade hackers from hacking protocols on Arbitrum, it raises questions on whether “decentralisation” is a spectrum rather than a simple black-or-white definition today.

While we await KelpDAO's final decision, chains and protocols such as Mantle and Aave have signaled willingness to support affected users through their treasuries. The full consequences of the hack will only become clear once all parties coordinate an appropriate response.

While the whole DeFi ecosystem is scrambling with a response to the events that unfolded, some DeFi users suggested implementing the same guardrails TradFi has put in place, such as limits, timelocks, frozen assets, etc. While it might seem attractive, it also eliminates what DeFi stands for.

The most important lesson of this hack, just like one that the Ronin Bridge hack or the Wormhole hack have shown in the past, is the issues we have created with interoperability and composability across chains and protocols that affect users that have not signed up to be exposed to this risk.

In the end the question to ask ourselves, as yields in DeFi compress and risks increase is: is the risk worth taking?

One thing is clear for now: LayerZero and cross-chain protocols need to upgrade their standards in order to offer a service that doesn’t compromise user funds, while bearing accountability for the features that they provide.