Catenaa, Saturday, April 25, 2026-Kelp DAO has pushed back against claims that it was primarily responsible for a $292 million cross-chain exploit tied to the LayerZero ecosystem, as DeFi protocols and lending platform Aave assess potential ripple effects, including large-scale bad debt scenarios across multiple networks.
The incident, which unfolded on April 18, involved the loss of 116,500 rsETH tokens, marking the largest decentralized finance exploit of the year. The attack has raised renewed concerns about cross-chain bridge security, validator design choices and systemic risks in liquid staking token infrastructure.
Kelp DAO said Monday that it does not accept full responsibility for the exploit, arguing that its system configuration was based on default settings provided within LayerZero’s infrastructure documentation.
The exploit was carried out through a vulnerability in a LayerZero-powered cross-chain bridge architecture. According to initial findings shared by LayerZero, attackers believed to be linked to North Korea’s Lazarus Group gained access to RPC node lists used by LayerZero Labs’ decentralized verification network. The attacker then manipulated two RPC nodes and launched a distributed denial-of-service attack that caused the system to accept a fraudulent cross-chain message.
This allowed the attacker to trigger an unauthorized transaction and drain rsETH liquidity across connected chains, resulting in losses estimated at $292 million.
LayerZero said Kelp DAO used a “1-of-1 DVN configuration,” meaning transaction verification relied on a single validator setup rather than a diversified set of independent verification nodes. The company argued this created a structural weakness that made the system more vulnerable to manipulation.
LayerZero also said it had previously recommended broader validator diversification to reduce risk, but Kelp DAO opted to maintain the simpler configuration.
Kelp DAO rejected that framing, stating that the 1-of-1 setup was part of default deployment documentation and had been used since the protocol launched on LayerZero infrastructure in early 2024. The protocol added that it had ongoing communication with LayerZero teams and that the configuration had been confirmed as acceptable during its expansion to layer-2 networks.
The protocol also said it had taken immediate containment steps, including pausing affected contracts and blacklisting wallets linked to the attacker. Kelp DAO is now evaluating recovery strategies and protocol adjustments.
The exploit has quickly escalated beyond Kelp DAO, drawing in major decentralized lending protocol Aave, where a large portion of the stolen assets was deposited as collateral.
According to Aave’s internal assessment, the attacker supplied more than 89,000 rsETH valued at roughly $221 million and used it to borrow large amounts of wrapped Ether and staked Ether derivatives. These positions now carry extremely low health factors, increasing liquidation risk and exposing the protocol to potential systemic losses.
Aave has developed two hypothetical bad debt scenarios based on how rsETH accounting may be resolved. The outcomes vary depending on whether losses are distributed evenly across chains or isolated to layer-2 environments.
In one scenario, a uniform distribution of losses could lead to a 15% depeg in rsETH and roughly $123 million in bad debt exposure for Aave. In this case, Ethereum-based markets would absorb the largest absolute losses but remain relatively stable due to deeper liquidity reserves.
In a second scenario, losses are concentrated on layer-2 deployments, which would result in a far sharper impact, including a potential $230 million in bad debt across Arbitrum, Base and Mantle markets.
The incident highlights growing systemic risks in cross-chain DeFi infrastructure, particularly where liquid staking tokens are used as collateral across multiple ecosystems.
Cross-chain bridges remain one of the most complex and vulnerable components in decentralized finance. Their design requires coordination between multiple validators, messaging layers and execution environments, making them attractive targets for sophisticated attackers.
The case also raises questions about default infrastructure settings and whether protocol teams fully understand the risk profiles of out-of-the-box configurations provided by major interoperability frameworks.
For Aave, the situation underscores how rapidly contagion can spread when high-value collateral is reused across multiple lending markets. Even if the initial exploit is isolated, downstream borrowing activity can amplify risk exposure across the system.
DeFi researchers have noted that the exploit reflects a broader pattern in cross-chain attacks, where attackers exploit not only code vulnerabilities but also configuration weaknesses and operational assumptions.
Some analysts argue that reliance on default validator setups creates hidden centralization risks, even in systems that claim to be decentralized. Others point out that communication gaps between infrastructure providers and protocol builders remain a persistent issue in the ecosystem.
Aave has stated that it maintains a strong financial position, with reserves exceeding $180 million and additional commitments from ecosystem partners to support potential losses if they materialize. The protocol is currently monitoring market conditions and awaiting decisions on rsETH valuation adjustments.
LayerZero is one of several interoperability protocols designed to connect different blockchain networks and enable asset transfers across chains. These systems rely on decentralized verification networks to confirm transaction validity.
Kelp DAO operates within the liquid staking sector, where users deposit staked assets and receive derivative tokens that can be used in DeFi applications. These tokens often circulate across multiple blockchains, increasing their exposure to cross-chain infrastructure risks.
Aave is one of the largest decentralized lending platforms in the crypto ecosystem, allowing users to deposit assets as collateral and borrow against them. Because of its scale, it is often considered a systemic pillar of decentralized finance.
The aftermath of the exploit is likely to drive renewed scrutiny of cross-chain design standards, validator configurations and the use of liquid staking derivatives as collateral.
Kelp DAO, LayerZero and Aave are now all facing pressure to clarify responsibility, improve risk controls and restore confidence in cross-chain financial infrastructure.
The broader DeFi ecosystem may also see tighter design constraints and more conservative collateral frameworks as protocols reassess exposure to similar vulnerabilities.
