- The Kelp DAO attackers moved roughly 75,700 ETH, value roughly $175 million, in three transactions at this time.
- The attacker minted 116,500 reETH on KelpDAO’s bridge to borrow WETH from Aave/Compound, inflicting unhealthy debt.
- The funds are usually not being moved, however may very well be laundered into Ethereum. This exploit raises safety issues for DeFi.
On April 21, 2026, KelpDAO attackers moved 75,700 Ethereum (ETH) value roughly $175 million from mainnet holding addresses throughout three giant transactions at $2,316 per ETH. The attackers exploited a vulnerability in KelpDAO’s rsETH bridge protocol and minted 116,500 rsETH, a part of a complete lack of $293 million.
Kelp DAO attacker strikes $175 million in ETH in 3 transactions
The Kelp DAO attacker moved 75,701 ETH value $175 million from the principle Ethereum holding handle at a worth of $2,316 per ETH in three giant transactions on the Ethereum mainnet.
50,700 value roughly $117.48 million, in response to on-chain information ETH is transferred to 2 newly created pockets addresses 0x62c72510016732333e68177d388a8111643FC64E and 0xD4B87bAB0ee142182f7F6DA030AeFe3E7f171530.
Moreover, 25,000 ETH value roughly $57.9 million was moved from the first handle 0xF9802c5EB6b972Ba686aFa7CA615910Ea8310b85 managed by the attackers.
sauce: arkham intelligence
This exercise follows earlier within the day, when Arbitrum’s Safety Council froze 30,766 ETH value $71 million in reference to the latest $293 million KelpDAO bridge exploit involving rsETH on the L2 community. The 75,700 ETH remaining on mainnet was totally extracted earlier than the extra freeze was utilized.
How the attacker minted 116,500 rsETH from KelpDAO’s bridge
On April 19, 2026, Kelp DAO attackers exploited a vulnerability in KelpDAO’s rsETH bridge. The underlying vulnerability was within the bridge’s 1-of-1 Distributed Verification Community (DVN) configuration, a single verifier setup that gives minimal redundancy.
The attacker referred to as the lzReceive perform with a crafted packet that disguised a reliable cross-chain message. The bridge mistakenly accepted it as legitimate and minted 116,500 rsETH, leading to a complete lack of roughly $293 million, marking the fourth largest exploit of 2026.
The attackers then borrowed WETH and ETH by collateralizing their freshly issued rsETH into main lending protocols comparable to AAVE and Compound, creating important NPL threat throughout these platforms.
In response to sources, the extracted funds, roughly 106,466 ETH, have been initially deposited at handle 0x5d3…57Ccc earlier than being clustered beneath Arkham Intelligence’s unified “KelpDAO Attacker” entity.
sauce:×
Kelp DAO’s emergency multisig efficiently suspended core rsETH contracts throughout mainnet and a number of L2s simply 46 minutes after the preliminary drain, blocking any follow-up makes an attempt that would have withdrawn a further $200 million. The group additionally instantly started a joint root trigger evaluation (RCA) with LayerZero, Unichain, its auditors, and unbiased safety companies.
What are the implications for DeFi safety and on-chain threat?
Particularly, LayerZero’s 1-of-1 DVN flaw created a single level of failure that affected 40% of the protocol, froze the rsETH market, precipitated $124 million to $230 million in Aave unhealthy debt threat, suspended over 20 chains, and accelerated the transition to multi-verifier, natively issued cross-chain property.
This fast laundering by means of splits and early THORChain routing raised issues of MEV congestion, oracle worth volatility, and contagion to protocols holding bridged LSD collateral. Whereas on-chain threat scores now assign larger likelihood to “mint-then-borrow” vectors, wrapped rsETH on L2 faces structural depegging stress.
Aave Governance fashions two loss socialization paths (full vs. L2 separation) to resolve NPLs, whereas Kelp weighs bridge positions versus partial haircuts for mainnet holders. The protocol is dedicated to full transparency by publishing a joint root trigger report with LayerZero by Could 5, 2026. This might assist strengthen DVN and make clear legal responsibility requirements throughout the business.
Associated: KelpDAO exploit disrupts DeFi lending market, places Aave beneath pressure
Disclaimer: The data contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any sort. Coin Version shouldn’t be answerable for any losses incurred on account of using the content material, merchandise, or providers talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.