KelpDAO blames LayerZero in $294M hack, freezes contracts after RPC/DVN breach

Published: 2026-04-21 16:23:07 |

KelpDAO said it was hit by a $294M exploit due to LayerZero’s infrastructure, not because Kelp’s own systems were compromised. KelpDAO pointed to two LayerZero-hosted RPC nodes being accessed by attackers and a third RPC node suffering a DDoS attack that distorted node performance. The liquid staking protocol responded by freezing all related contracts on Arbitrum and Ethereum mainnet. It also blocked wallets linked to the attacker and launched SEAL 911, a 24/7 hotline to connect victims with security experts. KelpDAO added that a second attempt was made to drain an additional 40,000 rsETH (about $95M) using “illusory tricks,” but the funds were protected after KelpDAO secured the system in time. KelpDAO’s frustration centres on the security design it relied on since 2024: a 1-of-1 DVN (Decentralized Verifier Network) setup for LayerZero cross-chain message verification. Kelp argued that 1-of-1 configurations create a single point of failure; if compromised, attackers can bypass protections. In parallel, Arbitrum’s Security Council froze 30,766 ETH (~$71M) tied to the KelpDAO exploit. Aave also froze rsETH/wrsETH markets, constrained WETH activity, and lowered borrowing rates across multiple networks. Aave said its smart contracts were not compromised, but the event could still leave bad debt estimated between $177M and $290M. ZRO price reportedly remained unaffected at around $1.63 (+5.57% in 24h).

Neutral

Neutral. The immediate trading impact is likely contained because KelpDAO, Arbitrum and Aave have taken decisive risk controls (freezing contracts/markets and related assets). That reduces near-term spillover into broader on-chain liquidity and may limit liquidation cascades. However, the $294M size of the incident and the implied LayerZero “single point of failure” (1-of-1 DVN) risk can still weigh on sentiment for cross-chain and liquid staking sectors in the short run. Historically, major bridge/cross-chain incidents often trigger sharp, short-lived sell-offs in affected ecosystems, followed by stabilization once: (1) funds are frozen/protected, and (2) counterparties clarify whether their core contracts were compromised. Here, Aave said its smart contracts were not compromised (though bad debt risk remains), which is consistent with that pattern. Longer-term, traders may reprice risk around LayerZero-dependent verification designs and require more conservative configurations, potentially increasing volatility in liquid-staking tokens (rsETH/wrsETH) and related DeFi assets. ZRO’s reportedly limited move suggests the market may be differentiating between LayerZero token exposure and the infrastructure risk itself, keeping the overall market reaction more moderate than the absolute exploit size would imply.