DeFi Hit by $293M Exploit, Exposing Core Weakness

DeFi Suffers Massive $293 Million Exploit, Revealing Architectural Flaw

On April 18, 2026, a single function call on a Layer Zero contract triggered a devastating exploit. An attacker drained 116,500 RS ETH, valued at approximately $293 million, from Kelp DAO. This event marks the largest decentralized finance (DeFi) exploit of the year so far, sending shockwaves through the crypto market.

Within minutes, the stolen assets were used to borrow another $250 million in clean ETH from platforms like Aave, Compound, and Oiler. This led to a panic, with users withdrawing over $6 billion in liquidity from Aave alone. Withdrawals were frozen across the DeFi ecosystem, and more than $10 billion in Total Value Locked (TVL) vanished.

Kelp DAO and Liquid Restaking Tokens Under Scrutiny

Kelp DAO is a liquid restaking protocol built on the Eigen Layer network. Its main product, RS ETH, represents ETH deposited and staked across various security services to earn layered yields.

Liquid restaking tokens (LRTs) became incredibly popular in 2024 and 2025, drawing billions in deposits. Users trusted these tokens because they assumed their underlying ETH collateral could always be recovered.

The 116,500 RS ETH stolen from Kelp’s bridge represented about 18% of the total RS ETH supply. Crucially, each RS ETH token was supposed to be backed one-to-one by ETH held in the protocol’s reserves. To move RS ETH between the Ethereum mainnet and other chains like Uni Chain, Kelp used an omni-chain fungible token (OFT) adapter from Layer Zero, a leading cross-chain messaging protocol.

Layer Zero’s Security Model Under Fire

The security of this bridge relied heavily on a Decentralized Verifier Network (DVN). These are independent validators that confirm transactions across different blockchains.

Layer Zero allows protocols to set the number of DVN signatures needed to verify a cross-chain message. This system can be configured to require just one signature from a single validator.

Despite holding nearly $300 million in bridged assets, Kelp DAO had configured its bridge with a one-of-one DVN setup. This means the entire security of the bridge depended on a single signing key controlled by one entity.

Security firm Slowmist called this the weakest setting available in the Layer Zero framework. This risk had been publicly noted for over a year, with warnings appearing in Aave governance forums as early as January 2025.

The Mechanics of the Exploit

The attack unfolded with precision. Hours before the exploit, the attacker funded nine separate wallets through Tornado Cash, a privacy tool, using about 0.0978 ETH for gas in each.

At the time of the attack, the perpetrator used a compromised signing key to submit a forged attestation to the DVN verifier contract. This fake message claimed a deposit had occurred on Uni Chain.

Seconds later, the attacker called the LZ receive function on Layer Zero’s contract. This sent a message that mimicked a deposit instruction from Kelp’s contract on the source chain.

The adapter on the mainnet saw what looked like a fully verified message and released the stolen RS ETH from escrow to the attacker’s address. No actual ETH was locked or burned on Uni Chain; the tokens were effectively created out of thin air.

Sophisticated Laundering Strategy

Instead of immediately selling the newly minted tokens on an exchange, which would have crashed the price and alerted monitoring systems, the attacker employed a more complex strategy. The entire stolen position was deposited as collateral into Aave v3, Compound v3, and Oiler simultaneously. Against this collateral, the attacker borrowed over $236 million in Wrapped ETH (WETH).

This move allowed the attacker to walk away with clean, usable ETH while leaving the unbacked RS ETH as bad debt for the lending protocols. This method of laundering stolen assets through lending markets is becoming a common tactic for sophisticated DeFi exploits. It turns illiquid, compromised collateral into easily transferable capital.

Kelp DAO’s Response and Contagion Effect

Kelp DAO’s emergency team executed a pause function 46 minutes after the first malicious transaction. This action froze the deposit pool, withdrawal module, oracle, and the RS ETH token across multiple networks. This move was critical, as it blocked two subsequent attempts by the attacker to drain another $200 million worth of RS ETH.

Security analysts traced the flow of funds, warning that the incident had quickly become a cross-protocol contagion event. The exploit highlighted how a single failure can violently cascade across interconnected DeFi protocols.

Aave’s governance had previously approved RS ETH as collateral with a loan-to-value ratio of about 93%. This small buffer means liquidators normally have a chance to step in if collateral value drops.

Bank Run and Market Impact

However, when the underlying value of the RS ETH evaporated due to the bridge compromise, there was no incentive for liquidators to act. The buffer disappeared instantly, leaving Aave with a deficit.

This triggered a bank run on Aave, with users withdrawing between $5.4 billion and $6.6 billion in ETH within hours. This pushed pool utilization to 100%, temporarily freezing withdrawals for legitimate users.

Aave’s TVL dropped from $26.4 billion to around $20 billion, a $6 billion loss in one trading session. Estimated bad debt across Aave, Compound, and Oiler reached over $250 million. The AAVE token price fell by over 20% in two days, significantly underperforming the broader ETH market.

Justin Sun’s Controversial Actions

During the panic, Justin Sun, founder of Tron, withdrew approximately $154 million worth of ETH from Aave. This withdrawal contributed to the utilization spike that blocked other users.

While his withdrawal was processing, Sun publicly addressed the attacker on X, asking how much they wanted and suggesting it wasn’t worth the damage to Aave and Kelp DAO. His actions placed him in the unusual position of being both a major liquidity remover and a potential mediator.

Underlying Architectural Weaknesses Exposed

The exploit was not due to a smart contract bug, frontend vulnerability, or governance attack. Instead, it stemmed from an architectural choice: entrusting the security of significant collateral to a single signing key. This was compounded by lending protocols accepting the resulting tokens with minimal safety buffers.

Every liquid restaking token in a DeFi lending market inherits the security of its minting bridge. Any bridge using the OFT standard with minimal DVN configuration is a potential target. Lending protocols that accept LRTs as collateral with thin safety margins have assumed their underlying redemption guarantees would always hold, even if the redemption system itself was compromised.

Composability’s Double-Edged Sword

The composability of DeFi, where one protocol’s output becomes another’s input, is what makes it powerful. However, this same feature allows a single bridge failure to cause a multi-billion dollar collapse across the entire ecosystem in a matter of hours. This incident, following the $285 million Drift Protocol exploit on April 1st, has led to over $600 million in losses within three weeks.

Kelp DAO has opened a 24-hour negotiation window with the attacker, a common practice offering a percentage of stolen funds for their return. However, the fundamental issue remains: the implicit safety assumptions for LRTs as collateral have been publicly disproven. While surviving protocols may implement stricter security measures like multi-DVN configurations and more conservative collateral onboarding, the cost of this lesson falls on the depositors who believed the system was secure.

Kelp DAO has initiated a 24-hour negotiation period with the attacker, a standard procedure offering a portion of the stolen funds in exchange for their return. Whether this leads to a recovery or silence is uncertain. The core problem is that the underlying safety assumptions for using LRTs as collateral have been publicly invalidated.

Source: This Hack Just Broke DeFi… And Exposed Everything (YouTube)