Kelp DAO Exploited for $300 Million via LayerZero Bridge

Kelp DAO suffers a $300 million exploit targeting rsETH on Ethereum and Arbitrum. Emergency pauses prevented an additional $100 million in losses.

The transaction was executed through the EndpointV2 function in the LayerZero contract. This triggered the release of assets from Kelp’s bridge contract to an address controlled by the hacker.

Preliminary analysis reveals that the attacker’s wallet was funded approximately 10 hours earlier via Tornado Cash—a well-known tool for concealing the origin of funds in DeFi attacks.

Blockchain analyst ZachXBT first flagged the incident, noting that funds were drained simultaneously across the Ethereum and Arbitrum networks.

Protocol Halt Limits the Damage

Kelp DAO’s response came less than an hour after the attack. The emergency multi-sig wallet activated a full protocol pause, which blocked key components including deposits, withdrawals, and the rsETH token itself.

This intervention proved critical. Two subsequent attempts to drain additional funds—totaling roughly 40,000 rsETH (approximately $100 million)—failed after the transactions were reverted by the network.

Had these attacks succeeded, total losses could have reached nearly $400 million, making the incident one of the largest in DeFi history.

Cross-Chain Bridges Under Pressure Again

Initial data suggests the attack targeted LayerZero’s OFT (Omnichain Fungible Token) infrastructure—a key component that enables asset transfers between different blockchains.

The stolen 116,500 rsETH represents about 18% of the total circulating supply of the token, which is used within the liquid restaking ecosystem and deployed across more than 20 networks, including Arbitrum, Base, and Mantle.

The incident once again calls into question the security of cross-chain solutions. These remain a vulnerable point in DeFi infrastructure despite advancements in audits and defensive mechanisms.

Market Reacts With Caution

Following news of the attack, sentiment in the DeFi segment soured as investors began re-evaluating risks surrounding liquid restaking protocols and multichain architectures.

Kelp DAO stated they are working with partners, auditors, and security experts to determine the root cause of the attack while the investigation continues.

The case highlights a central paradox in the crypto industry: as infrastructure becomes more complex and interconnected, the danger of attacks grows—particularly where different networks intersect.