Approximately $292 million flowed out through the Kelp DAO rsETH bridge, triggering a cascading shock across DeFi. On April 18, 2026, it was reported that 116,500 rsETH tokens (worth approximately $292 million) were stolen from Kelp DAO’s rsETH bridge. In response, Kelp temporarily paused its core contracts, while multiple protocols including Aave were forced to freeze related markets or initiate emergency measures. The incident rapidly spread through the DeFi ecosystem, causing a significant decline in the sector’s total value locked (TVL). ([https://t.co/Va84G2Hlol](https://t.co/VBY2VJqV4L)) The technical core of the attack appears to have exploited LayerZero’s omnichain bridge (OFT). Initial analysis suggests the attacker forged cross-chain messages, exploiting a misconfiguration in a single verification network (DVN). LayerZero indicated that multiple RPC nodes may have been compromised to overwhelm legitimate nodes via DDoS, resulting in the acceptance of fraudulent messages. The company also suggested involvement by the North Korea-linked hacking group “Lazarus.” ([https://t.co/Va84G2Hlol](https://t.co/D7hAO1rqsp)) A portion of the stolen funds flowed into secondary markets and lending protocols, exposing issues with rsETH-related borrowing and collateral at Aave. Reports indicate that billions of dollars in assets were withdrawn from Aave within a short period, prompting assessments of the protocol’s solvency and potential bad debt. Additionally, Arbitrum’s Security Council announced the freezing of 30,766 ETH (approximately $71.1 million) linked to the attacker’s addresses, halting further transfers until governance approval. These measures aim to mitigate losses and prevent secondary damage. ([https://t.co/Va84G2Hlol](https://t.co/u43aqh1RTc)) The incident has sparked a dispute between Kelp DAO and LayerZero over responsibility. Kelp emphasized that the compromised DVN configuration was provided as a default by LayerZero, while LayerZero highlighted the risks of single-point configurations. Both projects are collaborating with audit teams, external security firms, and law enforcement to investigate the root cause and trace the stolen funds. The community is closely watching for future recovery negotiations and potential bounty proposals. ([https://t.co/Va84G2Hlol](https://t.co/tslg5pmoZ7)) On the market side, estimates suggest that hacking losses exceeded $600 million in April alone, accelerating short-term risk-averse behavior. While DeFi’s interconnectedness is a key advantage, this event has once again exposed how a single point of failure can destabilize the entire ecosystem. This situation remains dynamic, with further updates expected based on official statements from involved parties and ongoing on-chain investigations. ([https://t.co/C6n830tuky](https://t.co/lxGqDnmJhG))