Blog Post

Kelp DAO Hack Simplified: When One Forged Message Broke a $290M DeFi Stack

April 27, 2026

1) What Happened

The DeFi industry has been in panic mode the entire week. On April 18, 2026, Kelp DAO suffered a ~$290 million exploit involving its rsETH token. The attacker triggered a forged cross-chain message through LayerZero, causing the protocol to release 116,500 rsETH from its bridge escrow on Ethereum—without any corresponding deposit or burn on the source chain.

Technically, the exploit did not rely on a smart contract vulnerability. Instead, it abused the verification layer. Kelp DAO’s bridge relied on a 1-of-1 verifier configuration (DVN), meaning a single verifier could approve a cross-chain message. Attackers manipulated the verifier’s inputs—likely through RPC poisoning and infrastructure compromise—so the system accepted a non-existent transaction as valid. Once verified, execution via lzReceive() was permissionless, and funds were released.

The attacker then moved downstream into Aave, depositing the compromised rsETH as collateral and borrowing ETH. This converted synthetic or illegitimate value into real liquidity. As part of the response, Arbitrum froze approximately 30,000 ETH tied to the attacker through an emergency governance action.

The KelpDAO exploit wasn’t a smash-and-grab. It was a Lego tower with one invisible defect. Every block looked correct. Every connection held. But one piece—the cross-chain message—was fake. And the system believed it.

2) Key Players

  • Kelp DAO — Issues rsETH, a liquid restaking token built on EigenLayer. Source of the exploited asset.
  • LayerZero — Cross-chain messaging layer. Verification failure enabled the exploit.
  • Aave — Lending protocol used to extract ETH from compromised collateral.
  • Arbitrum Blockchain — Executed emergency freeze of attacker funds.
  • Lazarus Group (suspected) — Likely attacker based on tradecraft; not fully confirmed.

3) KelpDAO Attack Timeline

Step 0 — Pre-funding (Tornado Cash)

  • Time: 2026-04-18 12:00–17:00 UTC
  • Attacker wallet (0x4966…) receives ETH via Tornado Cash to obfuscate origin and stage gas + execution capital prior to the exploit.

Figure: Attacker wallet 0x4966 funded by Tornado Cash, as shown on AnChain.ai platform: https://ciso.anchainai.com/s/5A0JvcmR88e

Step 1 — Infrastructure Compromise

  • Time: < 2026-04-18 17:35 UTC
  • RPC endpoints feeding LayerZero DVN are manipulated; some nodes likely compromised or degraded (e.g., DDoS). This corrupts the observation layer with no on-chain signal.

Step 2 — Data Poisoning

  • Time: ~2026-04-18 17:34 UTC
  • Verifier ingests falsified blockchain state (fake deposit / PacketSent event). No corresponding transaction or burn exists on the source chain.

Step 3 — Message Verification

  • Time: 2026-04-18 17:35 UTC
  • DVN signs forged cross-chain message as valid. KelpDAO uses a 1-of-1 verifier configuration, with no redundancy or independent validation.

Step 4 — Execution (Exploit Trigger)

  • Time: 2026-04-18 17:35 UTC
  • Bridge contract executes lzReceive() and releases 116,500 rsETH (~$290M) to the attacker. The transaction follows intended logic and is not a smart contract exploit.

Step 5 — DeFi Cash-out (Aave)

  • Time: 2026-04-18 17:40–17:50 UTC
  • Attacker supplies ~27,999 rsETH into Aave as collateral and borrows ~74,000 ETH. Funds are consolidated (~52,440 ETH) across attacker-controlled wallets.

Step 6 — Emergency Response

  • Time: 2026-04-18 18:21 UTC
  • KelpDAO executes multisig pause actions ~46 minutes after the exploit. Bridge pathway is disabled, but primary funds have already been extracted.

Step 7 — Post-Exploit Containment

  • Time: ~2026-04-21 UTC
  • Arbitrum governance intervenes and freezes ~30,765 ETH linked to attacker addresses.

4) Smart Contract Forensics: Decode the message

A key transaction reveals the LayerZero mechanism, which is the $290M smart contract transaction: 

Tx: 0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222

LayerZero/OFT (Omnichain Fungible Token)-style packed _message as shown on etherscan: 

0x0000000000000000000000008b1b6c9a6db1304000412dd21ae6a70a82d60d3b0000001b1ff0ed00

Decoded:

  • Receiver: 0x8b1b6c9a6db1304000412dd21ae6a70a82d60d3b
  • Amount SD / uint64: 0x0000001b1ff0ed00
  • Amount decoded: 116,500,000,000 (amountSD)

Interpretation: this looks like a LayerZero OFT transfer message containing a 32-byte left-padded destination address plus an 8-byte shared-decimals amount. LayerZero OFT commonly uses amountSD as uint64, then converts to local decimals on the destination chain. 

Nothing about the payload is malicious. That is precisely the problem. This is where traditional auditing fails. Code can be correct, yet the DeFi can still be compromised.

Professional DeFi investigators can gain more productivity with Anchain.ai SCREEN smart contract risk platform, which can unpack the details of this malicious internal transaction, in a user friendly way. 

5) 2026 DeFi Crisis vs. 2008 Subprime Crisis

The KelpDAO crisis closely mirrors the 2008 subprime crisis in economic structure: both systems build successive layers of financial claims on top of a base asset, then amplify returns through leverage.

DeFi flow:
ETH → stETH via Lido → rsETH via KelpDAO → collateral on Aave → leverage (looping)

Subprime flow:
Mortgages → MBS → CDO → repo financing → leverage

In both systems, each transformation appears rational. The goal is to increase yield and capital efficiency by stacking claims on the same underlying asset. Stability depends on one assumption: the asset—and every layer built on it—accurately reflects real value.

The failure begins when that assumption breaks.

In the subprime crisis, the weakness was at the foundation. Mortgage defaults eroded the value of MBS and CDOs, and the structure collapsed from the bottom up. In DeFi, the base asset can remain sound, but failure can emerge in the middle of the stack. In the KelpDAO case, a forged cross-chain state introduced a false layer that the system accepted as real. Everything built on top inherited that error.

The propagation is identical. Once trust in collateral is questioned, leverage unwinds, liquidity disappears, and the system destabilizes.

The key differences are speed, transparency, and response.

  • Speed: Subprime unfolded over months; DeFi crises propagate within minutes.
  • Transparency: DeFi is observable on-chain; subprime exposures were largely opaque.
  • Response: Traditional finance relied on central bank intervention; DeFi relies on automated liquidations and protocol governance.

The underlying lesson is unchanged. When leverage is built on layered and reused collateral, the system’s stability depends entirely on the credibility of its assumptions. When those assumptions fail, the collapse is not local—it cascades

6) DeFi Investigation: From Tracing to Smart Contract Forensics

DeFi investigations can no longer rely on crypto tracing alone. Tracking fund flows shows where value moved, but not how it was created at the smart contract level. In incidents such as KelpDAO and KyberSwap, this limitation makes traditional tracing incomplete.

Smart contract forensics is now essential. Investigators must reconstruct execution paths, decode internal calls, and analyze cross-protocol interactions. The objective is not just to follow assets, but to determine whether a state transition is logically and economically valid.

At AnChain.AI, this is the problem addressed by SCREEN (https://www.anchain.ai/screen). SCREEN enables investigators to unpack complex contract behavior, decode internal transactions, and surface implausible state transitions—cases where execution is correct, but the outcome violates system reality. In the KelpDAO case, a cross-chain message via LayerZero appeared valid, yet triggered asset release without a corresponding source-chain event. That inconsistency is the signal.

As cross-chain messaging and off-chain infrastructure increasingly influence on-chain outcomes, investigators must move beyond transactions and assess the integrity of system state. DeFi forensics is evolving from tracing assets to validating reality.

7) Fixing the Broken Composable DeFi Lego Tower

DeFi works like a Lego tower—modular, composable, and powerful. The KelpDAO incident showed how it fails: not from broken blocks, but from a false connection that everything else trusted.

Fixing this requires shifting focus from code to system integrity:

  • Redundant verification: eliminate single points of truth in cross-chain validation
  • State validation: check that outcomes are plausible, not just transactions valid
  • Cross-protocol risk controls: don’t accept collateral without provenance checks
  • End-to-end observability: monitor on-chain, cross-chain, and off-chain signals together

This is where AnChain.AI comes in. With SCREEN Smart Contract Risk Platform (https://www.anchain.ai/screen) and expert-led investigations, AnChain enables smart contract forensics, state validation, and cross-chain risk analysis. 

👉 Explore SCREEN: https://www.anchain.ai/screen
👉 Work with AnChain experts to secure your DeFi systems: https://www.anchain.ai/demo

Sign Up For Our Newsletter

Thank you for signing up!
Something went wrong! Please try again.

© 2026 AnChain.AI. All Rights Reserved | Privacy Policy