Kelp DAO exploited for $292 million (5 minute read)

Attackers exploited Kelp DAO's cross-chain bridge to drain $292 million in restaked Ethereum tokens by manipulating LayerZero's messaging layer, exposing fundamental vulnerabilities in how decentralized systems verify cross-chain transactions.

What: Hackers, likely North Korean-linked groups, drained 116,500 rsETH tokens (worth $292 million) from Kelp DAO's LayerZero-powered bridge by forging valid-looking cross-chain transfer messages that caused the system to release tokens without actual backing, subsequently depositing the stolen assets into Aave lending markets and creating up to $230 million in potential bad debt.

Why it matters: The attack succeeded not by breaking cryptography but by exploiting trust assumptions in cross-chain infrastructure, where the bridge accepted manipulated data as legitimate instructions, revealing that decentralized cross-chain systems may be vulnerable to data integrity attacks rather than just traditional security breaches.

Takeaway: Developers building or integrating cross-chain infrastructure should verify state independently rather than trusting message authenticity alone, and consider implementing additional validation layers beyond what messaging protocols like LayerZero provide by default.

Deep dive

The exploit targeted Kelp DAO's bridge holding reserves for rsETH tokens deployed across 20+ blockchains, representing 18% of the token's total circulating supply
Attackers manipulated LayerZero's cross-chain messaging layer to create fraudulent transfer instructions that appeared valid, causing the bridge to release 116,500 rsETH without corresponding tokens being burned on sending chains
The system worked exactly as designed but relied on compromised input data, effectively creating unbacked tokens rather than exploiting a code vulnerability or cryptographic weakness
Kelp's emergency multisig froze core contracts 46 minutes after the initial drain at 18:21 UTC, successfully blocking two follow-up attempts worth $100 million each
Rather than dumping tokens, attackers deposited 89,567 rsETH into Aave as collateral and borrowed $190 million in ETH across Ethereum and Arbitrum, creating a bad debt crisis
Aave responded by freezing rsETH markets, setting loan-to-value ratios to zero, and halting new borrowing, but existing loans remain undercollateralized
If Kelp socializes losses across all holders, rsETH would face 15% depegging with $124 million in Aave bad debt; if losses stay isolated to Layer 2 networks, bad debt could reach $230 million
Arbitrum's Security Council successfully froze $71 million of stolen funds based on law enforcement input, moving them to a governance-controlled wallet
The attack follows a pattern of North Korean hacking groups escalating crypto attacks, with over $500 million stolen across two major exploits in just over two weeks
Security experts describe this as an organized procurement schedule rather than opportunistic hacking, with attackers targeting fundamental assumptions in decentralized infrastructure
Polymarket bettors give only 14% odds that Kelp will socialize losses across all rsETH holders, suggesting concentrated pain for affected chains
The incident highlights structural risks in cross-chain bridge designs that assume honest message relaying without independent verification of source chain state

Decoder

rsETH (restaked ether): A liquid receipt token issued by Kelp DAO representing ETH staked through EigenLayer to earn additional yield beyond standard Ethereum staking
LayerZero: Cross-chain messaging infrastructure that enables different blockchains to send verified instructions to each other for token transfers and other operations
Liquid restaking: A DeFi mechanism where users deposit ETH, it gets routed through protocols like EigenLayer for additional staking rewards, and users receive tradeable tokens representing their stake
Aave: A decentralized lending protocol where users can deposit crypto as collateral to borrow other assets
Bad debt: Occurs in lending protocols when the value of borrowed assets exceeds the collateral backing them, typically due to collateral depegging or price crashes
Socializing losses: Redistributing losses from an exploit across all token holders rather than concentrating them on directly affected users or networks
Depegging: When a token that should maintain price parity with another asset (like staked ETH to regular ETH) loses that 1:1 relationship
Loan-to-value (LTV) ratio: The maximum percentage of collateral value that can be borrowed against; setting to zero prevents new borrowing

Original article

Attackers drained 116,500 rsETH worth $292 million from Kelp DAO's LayerZero bridge, exposing Aave to $230 million in potential bad debt. The incident, linked to North Korean hackers, highlights structural vulnerabilities in cross-chain infrastructure as Arbitrum successfully froze $71 million of the stolen assets to mitigate further losses.