- The Kelp DAO attackers moved roughly 75,700 ETH, price roughly $175 million, in three transactions immediately.
- The attacker minted 116,500 reETH on KelpDAO’s bridge to borrow WETH from Aave/Compound, inflicting dangerous debt.
- The funds are usually not being moved, however may very well be laundered into Ethereum. This exploit raises safety considerations for DeFi.
On April 21, 2026, KelpDAO attackers moved 75,700 Ethereum (ETH) price roughly $175 million from mainnet holding addresses throughout three massive transactions at $2,316 per ETH. The attackers exploited a vulnerability in KelpDAO’s rsETH bridge protocol and minted 116,500 rsETH, a part of a complete lack of $293 million.
Kelp DAO attacker strikes $175 million in ETH in 3 transactions
The Kelp DAO attacker moved 75,701 ETH price $175 million from the primary Ethereum holding tackle at a value of $2,316 per ETH in three massive transactions on the Ethereum mainnet.
50,700 price roughly $117.48 million, in accordance with on-chain knowledge ETH is transferred to 2 newly created pockets addresses 0x62c72510016732333e68177d388a8111643FC64E and 0xD4B87bAB0ee142182f7F6DA030AeFe3E7f171530.
Moreover, 25,000 ETH price roughly $57.9 million was moved from the first tackle 0xF9802c5EB6b972Ba686aFa7CA615910Ea8310b85 managed by the attackers.
sauce: arkham intelligence
This exercise follows earlier within the day, when Arbitrum’s Safety Council froze 30,766 ETH price $71 million in reference to the latest $293 million KelpDAO bridge exploit involving rsETH on the L2 community. The 75,700 ETH remaining on mainnet was absolutely extracted earlier than the extra freeze was utilized.
How the attacker minted 116,500 rsETH from KelpDAO’s bridge
On April 19, 2026, Kelp DAO attackers exploited a vulnerability in KelpDAO’s rsETH bridge. The underlying vulnerability was within the bridge’s 1-of-1 Distributed Verification Community (DVN) configuration, a single verifier setup that gives minimal redundancy.
The attacker referred to as the lzReceive perform with a crafted packet that disguised a legit cross-chain message. The bridge mistakenly accepted it as legitimate and minted 116,500 rsETH, leading to a complete lack of roughly $293 million, marking the fourth largest exploit of 2026.
The attackers then borrowed WETH and ETH by collateralizing their freshly issued rsETH into main lending protocols akin to AAVE and Compound, creating important NPL threat throughout these platforms.
In accordance with sources, the extracted funds, roughly 106,466 ETH, had been initially deposited at tackle 0x5d3…57Ccc earlier than being clustered below Arkham Intelligence’s unified “KelpDAO Attacker” entity.
sauce:×
Kelp DAO’s emergency multisig efficiently suspended core rsETH contracts throughout mainnet and a number of L2s simply 46 minutes after the preliminary drain, blocking any follow-up makes an attempt that might have withdrawn an extra $200 million. The crew additionally instantly started a joint root trigger evaluation (RCA) with LayerZero, Unichain, its auditors, and unbiased safety companies.
What are the implications for DeFi safety and on-chain threat?
Particularly, LayerZero’s 1-of-1 DVN flaw created a single level of failure that affected 40% of the protocol, froze the rsETH market, precipitated $124 million to $230 million in Aave dangerous debt threat, suspended over 20 chains, and accelerated the transition to multi-verifier, natively issued cross-chain belongings.
This fast laundering via splits and early THORChain routing raised considerations of MEV congestion, oracle value volatility, and contagion to protocols holding bridged LSD collateral. Whereas on-chain threat scores now assign larger likelihood to “mint-then-borrow” vectors, wrapped rsETH on L2 faces structural depegging strain.
Aave Governance fashions two loss socialization paths (full vs. L2 separation) to resolve NPLs, whereas Kelp weighs bridge positions versus partial haircuts for mainnet holders. The protocol is dedicated to full transparency by publishing a joint root trigger report with LayerZero by Could 5, 2026. This might assist strengthen DVN and make clear legal responsibility requirements throughout the business.
Associated: KelpDAO exploit disrupts DeFi lending market, places Aave below pressure
Disclaimer: The data contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any type. Coin Version shouldn’t be liable for any losses incurred on account of using the content material, merchandise, or companies talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.