Kelp DAO's rsETH bridge loses approximately $292 million, triggering chain reaction across DeFi On April 18, 2026, it was reported that 116,500 rsETH (approximately $292 million) were drained from Kelp DAO's rsETH bridge. Kelp subsequently temporarily paused its core contracts, while multiple protocols including Aave were forced to freeze related markets or implement emergency responses. The incident rapidly spread across the DeFi ecosystem, causing a significant drop in the sector’s total value locked (TVL). ([https://t.co/Va84G2Hlol](https://t.co/VBY2VJqV4L)) The technical core of the attack appears to involve an omnichain bridge (OFT) leveraging LayerZero. Initial analysis suggests the attacker forged cross-chain messages, exploiting a vulnerability in a single verification network (DVN) configuration. LayerZero noted the possibility that multiple RPC nodes were compromised and legitimate nodes were overwhelmed via DDoS, resulting in the acceptance of fraudulent messages. The company also indicated that the North Korean-linked hacking group “Lazarus” may be involved. ([https://t.co/Va84G2Hlol](https://t.co/D7hAO1rqsp)) A portion of the stolen funds flowed into secondary markets and lending protocols, exposing issues with rsETH-related borrowing and collateral on Aave. Reports indicate that billions of dollars were withdrawn from Aave within a short timeframe, prompting evaluations of the protocol’s solvency and potential bad debt. Additionally, Arbitrum’s Security Council announced the freezing of 30,766 ETH (approximately $71.1 million) linked to the attacker’s addresses, halting fund transfers until governance approval. These measures aim to mitigate losses and prevent secondary damage. ([https://t.co/Va84G2Hlol](https://t.co/u43aqh1RTc)) The incident has sparked a dispute between Kelp DAO and LayerZero over responsibility. Kelp emphasized that the compromised DVN configuration was provided as a default by LayerZero, while LayerZero highlighted the risks of single-point configurations. Both projects are collaborating with audit teams, external security firms, and law enforcement to investigate the cause and trace funds; future recovery negotiations and potential bounty proposals are being closely watched. ([https://t.co/Va84G2Hlol](https://t.co/tslg5pmoZ7)) On the market side, estimates suggest that hacking losses exceeded $600 million in April alone, intensifying short-term risk-averse behavior. While DeFi’s “interconnectedness” is a strength, this event has once again exposed its vulnerability: a failure at a single point can cascade across the entire system. This incident remains ongoing, with further updates expected based on official announcements from involved parties and on-chain tracking developments. ([https://t.co/C6n830tuky](https://t.co/lxGqDnmJhG))