Kelp DAO’s rsETH bridge apparently exploited for roughly $292 million in LayerZero-based attack
The Block·60-word summary·1 min read
Kelp DAO’s rsETH bridge was exploited in a LayerZero-based attack, resulting in an estimated loss of approximately $292 million. The breach occurred on April 17, 2026, prompting Kelp’s emergency pauser multisig to freeze the protocol’s core contracts within 46 minutes, effectively halting two subsequent attack attempts. The incident highlights ongoing security challenges in cross-chain bridges.
LayerZero attributes a $290 million exploit to North Korea’s Lazarus group, blaming Kelp’s setup for the breach. The company stated that attackers compromised two RPC nodes and DDoS’d others, exploiting Kelp’s failure to follow multi-verifier security recommendations. The attack highlights vulnerabilities in decentralized infrastructure and the ongoing threat from state-sponsored cybercriminals.
Hackers impersonated the eth.limo team to hijack its domain in a sophisticated social engineering attack. EasyDNS CEO Mark Jeftovic confirmed the breach and stated that the company is investigating how the attack occurred. The incident highlights ongoing security vulnerabilities in domain management within the Web3 space, emphasizing the need for enhanced protective measures.
A $13 billion DeFi wipeout occurred over two days, beginning with the KelpDAO attack. Multiple lending and yield protocols experienced significant declines in total value locked (TVL), with some dropping by double digits. Despite the TVL losses, token prices remained relatively stable, highlighting the severity of the security breach and its impact on the DeFi ecosystem.
Gunvor has warned of potential turbulence in oil prices due to ongoing Iran conflict and the closure of the Strait of Hormuz, which could disrupt supply chains and impact global markets. The geopolitical tensions, ongoing since April 2026, highlight risks to energy security and economic stability amid rising geopolitical risks in the region.
AAVE's total value locked (TVL) decreased by $8.4 billion following the KelpDAO exploit, contributing to a broader $13.2 billion decline in DeFi TVL. The incident, which exposed systemic vulnerabilities, raises concerns over security and could impact investor confidence and future growth in the decentralized finance sector. The event occurred in April 2026.
European gas prices surged 11% amid escalating US-Iran tensions, highlighting vulnerabilities in global energy markets. The increase, reported on April 20, 2026, underscores how geopolitical conflicts can impact supply chains and energy costs, potentially affecting broader economic stability. This development comes amid ongoing geopolitical tensions involving the US and Iran, with ripple effects felt across global markets.
