KELPDAO: 46 MINUTES
$292M GONE, AND THE RISK DEFI WON’T PRICE
David Z. Morris here, taking the wheel from Austin to indulge my particular unhealthy obsession: the degenerate, non-Euclidean space known as “Decentralized Finance.”
That segment has seen better days. On April 18, hackers compromised a poorly-secured cross-chain “bridge” connecting an Ethereum service called KelpDAO to an Ethereum “Layer 2” called Unichain. Hackers spoofed the bridge into printing around $292 million worth of counterfeit rsETH, a wrapped and multiply-hypothecated restaking token, back to Ethereum mainnet.
Those assets were then used as loan collateral on lending platforms, leaving some of the most important pillars of the DeFi ecosystem, most notably the lending protocols AAVE and Compound, at risk of insolvency. This was compounded by the nature of rsETH: Liquid restaking tokens are widely used in highly leveraged carry trades that “loop” derivatives like rsETH through lending platforms to juice returns, and also risk.
The hack should be a wake-up call for DeFi on several levels. It highlights two inconvenient truths that could be existential threats to the overall DeFi project if not addressed head-on. DeFi wants to provide trustworthy financial tools, starting with trading and lending, to the entire world, using decentralization to navigate (or sometimes, ignore) jurisdictions and local regulation.
This cross-border functionality and regulatory defiance were meant to be achieved by building DeFi with immutable smart contracts with fixed rules and no central administrator to pressure or prosecute. The KelpDAO hack highlights how little progress has been made towards that ideal, with both hackers and defenders leveraging centralized control to fight over funds.
Further, in a world with many independent blockchains, cross-chain bridges have become, all too literally, the weakest link. The role of leverage and collateral in the KelpDAO incident highlights the inherent risk of an ecosystem that is deeply interdependent, yet lacks any cohesive, transparent overall governance and risk system.
LAYERZERO BRIDGE HEIST
The technical details of a hack are never fun to wade through, but this is a typical case where a real mastery of decentralized blockchain markets requires drilling down to bare metal.
KelpDAO, and the most important “bridges” between blockchains, make assets from one blockchain tradable on another chain. XOften, this process involves provably “locking up” a certain amount of an asset like ETH on its base chain, then generating a “mirror” derivative on another chain.
KelpDAO’s Unichain bridge relied on what’s called an RPC Node, for Remote Procedure Call. Basically, they’re off-chain servers that coordinate data between blockchains. Blockchains can’t talk to each other natively in any reliable way, so many services that connect blockchains rely on RPC or similarly vulnerable targets, but this method does not fulfill the goals of decentralized resilience that should define blockchains. Building interchain communications this way creates, in various senses, a weak link.
One stage of the attack involved the attackers taking over two RPC nodes and using them to transmit false bridge data from Unichain to the Ethereum mainnet, generating the counterfeit rsETH. As a failsafe, RPCs are usually redundant; each server is one ‘node’ of many. But the attackers in this case coordinated the injection of malicious code into two nodes while simultaneously DDoSing others. This created a failover state that gave them unilateral control through the only (corrupted) nodes left standing.
Attackers then spoofed a message confirming the “burning” of 116,500 rsETH on Unichain over the KelpDAO bridge. This enabled the “minting” of an equivalent amount on Ethereum Mainnet.
But the rsETH on Unichain had never existed in the first place. Which now meant that the rsETH on the Ethereum mainnet was not backed by any actual Ethereum that had been locked up in KelpDAO’s vaults. (An excellent, concise technical rundown is included with AAVE’s incident report
AAVE FOR A COLLATERAL EXIT
So now the KelpDAO hackers had about $292 million worth of fake rsETH on Ethereum Mainnet. Lazarus’ final goal in any crypto hack is to convert digital assets into real currency, which is done through a mix of shady East Asian crypto exchanges and OTC desks affiliated with organized crime.
But the same vulnerability that led to the hack: KelpDAO’s effectively centralized nature, which also meant rsETH was vulnerable to freezing, and so not a great asset to hold on to long enough to sell.
So instead, the hackers used decentralized lending platforms, depositing their fake rsETH into protocols like AAVE, then using it to borrow truly decentralized and uncensorable assets like ETH. Naturally, they had no intention of paying back the loans.
This led to a massive outflow of liquidity in a very short amount of time, including in assets the hackers themselves weren’t borrowing.
“Aave V3 WETH available liquidity on Ethereum Core collapsed from $689M at 17:00 UTC to $1.5M by 19:00 UTC as utilization reached 100%. USDT and USDC followed within 12 hours as stranded depositors panic borrowed to exit”
WHAT IS RSETH?
To call rsETH an “exotic instrument” would be a wild understatement. KelpDAO allows users to deposit ETH derivatives including the Liquid Staking Tokens stETH (Lido staked ETH), rETH (Rocketpool staked ETH), and cbETH (Coinbase staked ETH). These are liquid, tradeable assets that “wrap” ETH staking emissions with underlying ETH into a single asset.
In return, depositors to KelpDAO receive rsETH, which adds re-staking revenues from EigenLayer to the mix. EigenLayer is frankly a doozy to describe, but you could say it financializes a portion of Ethereum’s staking security and creates a market for secondary buyers.
This makes rsETH already something like a fourth-degree derivative, and the reason there’s a market for the token on platforms like AAVE is that you could get up to all sorts of other leveraged action with it. KelpDAO had about $1 billion in TVL (not trivial) with rsETH issued on mainnet ETH and bridged out to other chains, including Arbitrum, Mantle, Plasma, and Unichain.
When you hear people talk about crypto “degens,” by the way, this is what that looks like in 2026. There was a moment for day trading, and a few die-hard brainlet trenchers might still be looking for hundred-baggers on Pump dot Fun. But since roughly the $MELANIA dump of early 2025, the center of activity has shifted back to elaborate DeFi strategies.
These include innocuous, even utopian things like providing direct, permissionless liquidity to DeFi pools. I personally have some little positions that I check on every once in a while at HypurrFi and Hyperliquid core. They’re like a financial Tamagotchi.
But this is crypto, so of course we wind up with too much of a good thing.
If the suicide-runner of 2023 was mortgaging his house to go all in on a memecoin with a particularly good dog illustration, the most maniacal player on the blockchain in 2026 has figured out a way to loop $500 worth of ETH into $2 million in long exposure.
In very broad strokes, this involves using LSTs like rsETH to borrow ETH* from a protocol like AAVE, then using that ETH to buy more derivatives, then use those to buy more ETH, etc.
Technically, what you borrow is called WETH. Weirdly, ETH isn’t actually compatible with ERC-20 systems like AAVE, so the tradeable asset is “wrapped” into a token.
Another important detail is that rsETH is non-rebasing, which means its price reflects accumulated staking and restaking rewards, rather than being pegged to the underlying ETH price. This means ETH and rsETH prices are not comparable.
RPC - VALIDATOR DOUBLE TAP
The attack on the RPC system on its own wouldn’t have been enough to compromise the KelpDAO bridge. The off-chain data still had to be digitally “signed” on-chain. LayerZero’s bridges use what it calls “decentralized validator networks” (DVN) to validate data and transactions.
Unfortunately, in addition to pwning the RPC system, Lazarus compromised KelpDAO’s validator set. Except it wasn’t a set: it was just one validator.
LayerZero’s DVN architecture previews where things went wrong:
“Applications built on LayerZero may choose any DVN (or combination of DVNs) to verify messages going between chains. The selected configuration of DVNs is part of an application’s Security Stack.”
KelpDAO’s DVN set was the worst possible use of this flexibility: a “one of one” signing setup that could be knocked over by the compromise of a single instance.
“It’s the same kind of decentralization theatre that leads to a lot of ‘DeFi’ hacks.”
And that’s what happened: the DVN signer was compromised in coordination with the off-chain RPC compromise, so that both failed at the exact right time to enable the fraudulent rsETH printing.
The precision orchestration of the hack and the ability to identify the interlocking vulnerabilities in the Unichain instance of the bridge, specifically, have led some to speculate that the attack was aided by artificial intelligence.
But AI can’t be blamed for this painful failure of basic good sense: simply requiring more than one validator would have made the hack much harder, and maybe prevented it. After the attack, LayerZero and KelpDAO briefly engaged in a blame game. LayerZero emphasized that, as the client, KelpDAO had total control over its validator setup and that LayerZero consistently advised clients against 1-of-1 setups. KelpDAO responded, reasonably enough, by pointing out that LayerZero was actually running the DVN setup for KelpDAO, so it can’t easily pawn off responsibility for the bad setup.
General consensus has been that LayerZero comes off looking a bit worse than KelpDAO in the fight, but thankfully, the conflict never escalated to a real legal battle. That would have left AAVE and other impacted platforms illiquid for months or even years, with catastrophic implications for the broader system. Instead, though, the DeFi sector has pulled together to bail out those platforms through DeFi United, and left blame for later.
A critical point here is that it doesn’t have to be this way. There are more reliable and trustless ways to do bridging between chains. But builders have long defaulted to the kind of convenient but imperfect solution that leads to constant bridge hacks.
For a while there, everyone was making so much money that the cost of slowing down was higher than the cost of the hacks. But it’s not going to be like that forever, if it ever is again.
THE BIG CHILL
In addition to AAVE and Compound, the hackers tried to dump their counterfeit rsETH on Arbitrum users. On April 20, the Arbitrum Security Council, a 9-of-12 multisig elected through a governance process, froze 30,766 ETH, worth about $71M, that was “connected to” the hacker, apparently based on consultation with law enforcement.
This has triggered understandable controversy: a truly decentralized platform should not be able to freeze, seize, or take any other unilateral action against users’ funds. The very existence of a Council with emergency powers to bend the protocol’s rules suggests that law enforcement and governments have someone to lean on to do their bidding.
Worse, given how good North Koreans have proven at acing job interviews and other social engineering hacks, the long-term integrity of this sort of executive entity can’t be guaranteed. In substance, there is no difference between the existence of such a Council and the existence of a “back door” to encrypted messages that is “only” given to law enforcement. Both will be compromised in some way: it’s a question of when, not if.
All of that may be true in principle, but it doesn’t seem that “unilateral freeze by an executive council” is what really happened. Griff Green, a veteran of no less defining a moment than the DAO hack, told Unchained that events would be more accurately described as a “hack back.”
The effort was apparently spearheaded by Taylor Monahan, another legend of blockchain and a leading member of the Seal 911 incident response team.
STATE OF PLAY: DEFI UNITED
The issues highlighted by the hack won’t be fixed by what Dragonfly’s Haseeb Qureshi recently called a “rainbows and unicorns” moment: the DeFi United community bailout to repair the holes left by all that fake rsETH.
The bailout is being led by institutions like Consensys (which is chipping in 30,000 ETH), but with significant participation from tens of thousands of individual crypto wallets. As of this writing on May 5, the amount committed is $327 million. That’s more than the initial hack, though some of the pledged money may still be awaiting governance or legal approval. The bailout is clearly working, with liquidity and prices almost back to normal on impacted platforms.
On the surface, this looks like a feel-good story, and to a significant degree, it is. As much money as DeFi now represents, it’s still a bold and often dangerous experiment (learn more about Roman Storm here, for instance) that depends on community collaboration to meet challenges.
But for most donors, this isn’t philanthropy or charity; it’s enlightened self-interest. It might even be argued that the generosity has reflected the severity of the fundamental issues with DeFi that the hack highlighted, and the severity of the potential fallout if AAVE and the like were simply allowed to go under. The issue isn’t merely financial, it’s fundamental: without DeFi, Ethereum loses its most compelling use case.
So Consensys’ 30,000 ETH donation doesn’t seem so huge when set against the roughly 868,000 ETH held by SharpLink, a Digital Asset Treasury firm backed by Consensys, not to mention the unknown but very large amount held by Lubin personally.
There are similar hints of self-interest in smaller donations to DeFi United: you’ll note I said donations had come from tens of thousands of wallets, not people. If you go to the DeFi United page, you’ll see clusters of equally-sized small donations, for $2.06 or $3.41. As Qureshi also pointed out, these are probably “airdrop farmers,” so hopeful of a potential reward for their generosity that they’re effectively Sybil attacking the fund drive, spinning up multiple wallets to make many small donations instead of one big one.
PRICE IN TECH INFRA RISK
There are a lot of lessons to be learned from the KelpDAO incident, though a lot of them are lessons that shouldn’t have been necessary, like “don’t let a single validator control your $1 billion bridge.”
But the deeper and more confounding lesson was pointed out by Tom Schmidt of Dragonfly Capital on The Chopping Block. Rationally, DeFi assets (and perhaps especially bridged assets) should be priced for technological risks, such as hacks. But according to Schmidt, pricing for tech risk would eliminate competitive advantages across the space, including some of the very looping strategies implicated in the current situation.
More broadly, the finance industry just doesn’t want to have to think about platform risk.
“Would you invest with Fidelity if a North Korean hacker who stole your password could seize control of your 401k permanently? Because that’s what KelpDAO makes DeFi seem like.”
It’s not even really clear to me how pricing for tech risk would work. I don’t think it’s reasonable to expect traders or financial operators to have some kind of live, transparent insight into what assets are built on a healthy validator network and who’s running a 1-of-1. So instead, L2s, bridges, DEXes, and their kindred live in a state of convenient delusion, where there’s no price for the risk of a hack, right up to the moment one happens.
