- The Kelp DAO attackers moved roughly 75,700 ETH, price roughly $175 million, in three transactions at the moment.
- The attacker minted 116,500 reETH on KelpDAO’s bridge to borrow WETH from Aave/Compound, inflicting dangerous debt.
- The funds should not being moved, however could possibly be laundered into Ethereum. This exploit raises safety issues for DeFi.
On April 21, 2026, KelpDAO attackers moved 75,700 Ethereum (ETH) price roughly $175 million from mainnet holding addresses throughout three giant transactions at $2,316 per ETH. The attackers exploited a vulnerability in KelpDAO’s rsETH bridge protocol and minted 116,500 rsETH, a part of a complete lack of $293 million.
Kelp DAO attacker strikes $175 million in ETH in 3 transactions
The Kelp DAO attacker moved 75,701 ETH price $175 million from the primary Ethereum holding handle at a worth of $2,316 per ETH in three giant transactions on the Ethereum mainnet.
50,700 price roughly $117.48 million, in response to on-chain information ETH is transferred to 2 newly created pockets addresses 0x62c72510016732333e68177d388a8111643FC64E and 0xD4B87bAB0ee142182f7F6DA030AeFe3E7f171530.
Moreover, 25,000 ETH price roughly $57.9 million was moved from the first handle 0xF9802c5EB6b972Ba686aFa7CA615910Ea8310b85 managed by the attackers.
sauce: arkham intelligence
This exercise follows earlier within the day, when Arbitrum’s Safety Council froze 30,766 ETH price $71 million in reference to the latest $293 million KelpDAO bridge exploit involving rsETH on the L2 community. The 75,700 ETH remaining on mainnet was totally extracted earlier than the extra freeze was utilized.
How the attacker minted 116,500 rsETH from KelpDAO’s bridge
On April 19, 2026, Kelp DAO attackers exploited a vulnerability in KelpDAO’s rsETH bridge. The underlying vulnerability was within the bridge’s 1-of-1 Distributed Verification Community (DVN) configuration, a single verifier setup that gives minimal redundancy.
The attacker known as the lzReceive perform with a crafted packet that disguised a professional cross-chain message. The bridge mistakenly accepted it as legitimate and minted 116,500 rsETH, leading to a complete lack of roughly $293 million, marking the fourth largest exploit of 2026.
The attackers then borrowed WETH and ETH by collateralizing their freshly issued rsETH into main lending protocols reminiscent of AAVE and Compound, creating vital NPL threat throughout these platforms.
In accordance with sources, the extracted funds, roughly 106,466 ETH, had been initially deposited at handle 0x5d3…57Ccc earlier than being clustered below Arkham Intelligence’s unified “KelpDAO Attacker” entity.
sauce:×
Kelp DAO’s emergency multisig efficiently suspended core rsETH contracts throughout mainnet and a number of L2s simply 46 minutes after the preliminary drain, blocking any follow-up makes an attempt that would have withdrawn an extra $200 million. The crew additionally instantly started a joint root trigger evaluation (RCA) with LayerZero, Unichain, its auditors, and impartial safety companies.
What are the implications for DeFi safety and on-chain threat?
Particularly, LayerZero’s 1-of-1 DVN flaw created a single level of failure that affected 40% of the protocol, froze the rsETH market, induced $124 million to $230 million in Aave dangerous debt threat, suspended over 20 chains, and accelerated the transition to multi-verifier, natively issued cross-chain property.
This speedy laundering by splits and early THORChain routing raised issues of MEV congestion, oracle worth volatility, and contagion to protocols holding bridged LSD collateral. Whereas on-chain threat scores now assign increased chance to “mint-then-borrow” vectors, wrapped rsETH on L2 faces structural depegging strain.
Aave Governance fashions two loss socialization paths (full vs. L2 separation) to resolve NPLs, whereas Kelp weighs bridge positions versus partial haircuts for mainnet holders. The protocol is dedicated to full transparency by publishing a joint root trigger report with LayerZero by Could 5, 2026. This might assist strengthen DVN and make clear legal responsibility requirements throughout the business.
Associated: KelpDAO exploit disrupts DeFi lending market, places Aave below pressure
Disclaimer: The knowledge contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any sort. Coin Version will not be answerable for any losses incurred because of using the content material, merchandise, or providers talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.