On April 18, 2026, an attacker drained 116,500 rsETH — approximately $293.7 million — from KelpDAO's LayerZero-powered cross-chain bridge. The largest DeFi exploit of 2026. This is the full technical breakdown: what happened, how it worked, why every security layer failed, and what pre-transaction detection looks like in practice.
On April 18, 2026 at 17:35 UTC, an attacker exploited a validation flaw in KelpDAO's LayerZero OFT bridge, draining 116,500 rsETH — approximately $293.7 million, roughly 18% of rsETH's entire circulating supply. The attacker then deposited stolen tokens as collateral on Aave V3, Compound V3, and Euler — borrowing over $236M in WETH and creating irrecoverable bad debt. It is the largest DeFi exploit of 2026.
KelpDAO is a liquid restaking protocol on Ethereum. Users deposit liquid staking tokens (stETH, cbETH) into KelpDAO's rsETH adapter and receive rsETH — a tradeable receipt usable as collateral across DeFi while earning EigenLayer staking rewards. rsETH is deployed across 20+ networks, with LayerZero's OFT standard handling cross-chain movement.
The attack was first flagged by on-chain investigator ZachXBT via Telegram at ~19:44 UTC, listing six attacker wallet addresses. Security firm Cyvers independently confirmed the hack. KelpDAO's emergency multisig paused core contracts at 18:21 UTC — 46 minutes after the drain. Two follow-up attempts at 18:26 and 18:28 UTC (targeting another ~$100M) were blocked by the pause.
KelpDAO is the largest DeFi exploit of 2026 — surpassing the Drift Protocol's $285M hack on April 1, later linked to North Korea-affiliated actors.
The attacker executed a multi-phase operation planned at least 10 hours in advance, exploiting the trust assumptions of LayerZero's cross-chain messaging layer.
lzReceive function on LayerZero's EndpointV2 contract. Off-chain simulation confirmed the exploit path before any on-chain activity began.lzReceive on EndpointV2 with a crafted cross-chain message — tricking KelpDAO's bridge into releasing 116,500 rsETH to an attacker-controlled address.The attacker began preparing 10 hours before the exploit fired. Every monitoring system was silent for the entire preparation window.
The five-phase attack chain, from wallet funding to cross-chain exit.
Phases 01 and 02 leave no on-chain trace. Every monitoring system was silent through the entire preparation window. By the time any alert fired, the attacker was already at phase 04.
A zero-day attack in DeFi is an exploit targeting a previously unknown vulnerability — one with no existing signature, blacklist entry, or audit finding. The KelpDAO exploit qualifies: the specific lzReceive message spoofing technique had never been used in a prior attack. No detection system had a pattern to match against it.
In DeFi, zero-days include any novel transaction behavior — a spoofed cross-chain message, an untested code path, an edge-case permission flow — that existing tools have no behavioral model for.
Every major security category failed by structural design. Audits can't predict novel cross-chain attacks post-deployment. Signature detection required a prior example that didn't exist. Blacklists had no entry for fresh Tornado Cash wallets. Post-transaction monitoring triggered 2+ hours after $293.7M was already gone.
| Security Approach | Stop It? | Why It Failed |
|---|---|---|
| Smart contract audits | ✗ No | One-time code review. Cannot predict novel cross-chain attacks post-deployment. |
| Signature-based detection | ✗ No | Requires a prior example. No signature existed for this lzReceive spoofing technique. |
| Address blacklists | ✗ No | Attacker used fresh Tornado Cash wallets — no blacklist entry existed. |
| Post-transaction monitoring | ✗ No | ZachXBT flagged at 19:44 UTC — 2+ hours after the drain. |
| Emergency pause | ✗ Partial | Paused 46 minutes after the drain. Primary $293.7M already gone. |
| Web3Firewall | ✓ Yes | Pre-execution simulation flags the lzReceive anomaly before broadcast. Policy engine blocks before funds move. |
Audits tell you what the contract was supposed to do. They cannot tell you what an attacker will make it do via a spoofed cross-chain message months later.
Yes — but only with pre-transaction enforcement. The lzReceive call carried clear anomaly signals: a first-time caller, unusual cross-chain message structure, abnormal value transfer — all detectable through behavioral simulation before broadcast. Systems that operate only after execution cannot prevent this by definition.
Prevention must happen in the window between a transaction being formed and it being broadcast. In that window a purpose-built system can:
You cannot prevent zero-day attacks with historical data alone. The lzReceive spoofing technique had never been used before — no blacklist, no signature, no alert existed. Detection must happen against behavior in real time.
Web3Firewall is one of the only systems in Web3 operating as a pre-transaction prevention layer — not a monitor, not an audit, not a blacklist. In the KelpDAO scenario, the lzReceive anomaly would have been flagged at phase 03, before a single token moved.
Every transaction — including cross-chain bridge calls — simulated before broadcast. Behavioral anomalies identified in milliseconds.
Behavioral baselines built for wallets, contracts, and protocols — deviations detected at runtime, even for attack patterns never seen before.
Real-time Allow / Deny / Escalate decisions based on custom risk policies per organization, protocol, or contract.
The KelpDAO attacker prepared for 10 hours pre-exploit. Continuous monitoring catches this preparation window.
Acts before broadcast, not after damage
Catches novel threats with no prior examples
Real-time blocking, not post-incident reports
Learn more about Web3Firewall's pre-transaction simulation engine and how it applies to DeFi protocols, exchanges, and custodians.
$293.7 million drained in a single transaction. Audits, blacklists, and monitoring all in place — all irrelevant. Not because they were poorly implemented, but because they were built for a threat model that no longer represents the majority of DeFi attacks.
Without pre-broadcast simulation, behavioral anomaly detection, and policy-based blocking, zero-day DeFi exploits will continue to succeed. With Drift ($285M), CoW Swap, Zerion, Rhea Finance, and Silo Finance all exploited in the same month, KelpDAO is not an edge case — it is the new baseline threat for 2026.
