Attackers drained roughly $292 million from KelpDAO’s bridge this month, then used the released tokens as collateral on lending protocols that were never originally hacked. The result is a textbook example of how one failure can spread through DeFi — and why that matters as more tokenised assets move into wider markets. On April 18, 2026 attackers exploited KelpDAO’s cross-chain bridge and drained roughly $292 million in rsETH, a liquid restaking token. The attack is being described as the largest DeFi exploit of the year to date — just the latest in a series of incidents to have earned April its place as the worst month of the year so far for the sector, with losses estimated at over $600 million. The theft itself, however, was only the start. Within hours, the stolen tokens were being used as collateral across some of DeFi’s biggest lending protocols — protocols that had nothing to do with the original attack and are now left holding collateral that no longer represents what the market once assumed. This is what makes the Kelp episode much more than just another bridge exploit. It is, in fact, a textbook example of how quickly damage can move through DeFi once an asset that still looks valid on-chain enters the wider system. It also shows just how difficult it can be to judge the real soundness of a token when the proof of that soundness sits on another protocol. For institutions increasingly exploring DeFi, tokenisation and on-chain settlement, the structural warning is clear: the weakest point may not sit in the market you can see, but in the infrastructure hidden beneath the surface. KelpDAO’s Single Point of Failure KelpDAO , a restaking protocol, issues rsETH, a liquid restaking token representing ETH staked through EigenLayer . To move rsETH between chains, it used LayerZero’s messaging infrastructure. The exploited route relied on a 1-of-1 Decentralised Verifier Network (DVN) setup, meaning a single verifier was responsible for approving cross-chain messages before tokens were released on Ethereum. Rather than attacking Kelp’s core restaking contracts, the attackers targeted the infrastructure feeding data into that verifier. They compromised two RPC nodes used by the DVN and replaced their software with versions that reported false transaction data. They then launched a distributed denial-of-service (DDoS) attack against the remaining clean nodes, forcing the verifier into failover so that it was reading only the poisoned sources. That, in effect, caused the verifier to accept a forged message claiming rsETH had been burned on the source chain and could be released on Ethereum. Kelp’s bridge contract then released 116,500 rsETH — roughly 18% of circulating supply — to an attacker-controlled address, despite there being no corresponding backing. Within hours, they were being moved into other parts of DeFi. Kelp and LayerZero are still publicly disputing responsibility . LayerZero says it warned KelpDAO to adopt a multi-verifier setup. KelpDAO says the 1-of-1 verifier configuration matched LayerZero’s own default documentation and quickstart guide. LayerZero has since said it will no longer sign messages for any application using a single-verifier configuration. That debate matters for governance and for the narrower question of who should bear the losses. It doesn’t, however, change the fact that the unbacked rsETH still looked valid on-chain and was able to be moved, deposited and accepted by other protocols. rsETH’s credibility depended on infrastructure that ordinary market checks failed to capture. The token had liquidity, a price and integration across major protocols. What it did not have was enough redundancy in the layer that determined whether the ETH it represented was actually there. That is where the exploit stopped being a Kelp problem and became a headache for the wider market. Where the Damage Landed Once the tokens had been released, the attacker did not simply dump them into the market. They used them as collateral. Aave , DeFi’s largest lending protocol, appears to have been the most exposed. The attacker proceeded to use the unbacked rsETH there to borrow roughly $190 million in wrapped ether (WETH) , triggering a sharp withdrawal of liquidity once the scale of the problem became clear. The key distinction is that Aave itself was never hacked. Its contracts actually worked exactly as designed. Even so, it was left holding collateral that no longer represented what it appeared. An incident report from Aave Labs and LlamaRisk estimates bad debt on Aave will run to between $123.7 million and $230.1 million, depending on how the shortfall is ultimately allocated. If losses are spread across all rsETH holders, the damage will be smaller but shared more widely. If they are instead isolated to Layer 2 networks, the losses there will be concentrated and severe. However the fallout is managed, one of the key lessons is that once bad collateral enters the wider market, the final outcome is no longer just about code. How Kelp Became Everyone Else’s Problem DeFi’s composability is usually presented as one of its main strengths — the idea that one protocol’s output becomes another’s input, allowing assets to move across venues and capital to be reused more efficiently. Kelp shows the flip side of that design. rsETH was not an obscure token sitting at the edges of the market. It was integrated across multiple protocols, accepted by risk frameworks, priced by oracles and used by depositors in various leveraged strategies. Once the bridge released unbacked rsETH, every venue that treated it as a valid representation of staked ETH inherited exposure to something that no longer existed. In many ways, composability worked exactly as designed, just in the wrong direction. Sound inputs make the system more efficient but when an input breaks the damage inevitably flows across the same connections. Lending is in the spotlight this time because the exploit targeted lending protocols, and lending is where broken assumptions about a token create the fastest and most measurable losses. The underlying failure is bigger than lending, though. It began earlier, at the point where the token stopped representing what the market thought it did. Why It Matters Beyond DeFi The immediate losses of the KelpDAO exploit sit with DeFi-native participants. The failure mode Kelp exposed, however, is not exclusive to DeFi lending. Any tokenised asset carries an implicit claim: that the token represents the asset behind it. That claim only holds if the infrastructure linking the token to its backing remains sound. In rsETH’s case, that link broke, even though the token still appeared valid on-chain. The appeal of tokenised markets lies precisely in things like programmable collateral, faster settlement and round-the-clock liquidity. But they also require more value to move across shared rails and through infrastructure layers that many markets still treat as secondary. This will matter increasingly beyond DeFi-native markets, and there are already suggestions that the fallout may slow institutional tokenisation efforts as security risks are reassessed. That is not surprising — after all, tokenised bonds, deposits and other real-world assets are moving into environments where participants, especially institutions, need to trust that the token actually stands for what it says it does. The process of damage control is already spreading beyond Aave. Arbitrum, another of the Layer 2 networks affected by the fallout, moved this week to freeze roughly 30,766 ETH linked to the attack through action by its Security Council. That may help reduce final losses, but it’s also a reminder that once failures like this spread, the outcome is no longer shaped by code alone, but also by governance and emergency intervention — decisions that remain highly contentious in systems that claim to be decentralised. While the KelpDAO exploit does not show that tokenised assets are inherently unsound, it does show that the credibility of any token ultimately rests on infrastructure that often sits below the level most markets actively assess. Once that infrastructure fails, the damage does not stay local. It spreads through composable markets, lands in venues that were never directly attacked and is then shaped by sometimes questionable governance decisions. As more value moves on-chain, the hidden layers beneath the assets themselves are going to become much harder to ignore. The post What the KelpDAO Exploit Reveals About DeFi’s Hidden Risks appeared first on Bitfinex blog .
