The Kelp DAO protocol provided a detailed report on the incident that occurred on April 18, when $292 million in the rsETH token was withdrawn from its bridging adapter via a forged cross-chain message.
The team behind LayerZero Labs published a technical report on April 20, where they assured that the direct cause of the hack was a Kelp DAO configuration decision which contradicted the supposed recommendations of the protocol, as reported by CriptoNoticias.
However, the Kelp DAO team highlighted that based on their review, The attack originated in the LayerZero infrastructurewhere two RPC nodes were compromised while a third was simultaneously affected by a denial of service (DDoS) attack. “Kelp Systems was not involved in the creation or operation of such infrastructure,” they said in a statement.
This combination allowed the attackers to execute fraudulent messages between networks and extract the funds. The team stressed that it does not participate in the creation or operation of said infrastructure, although it depends on it for its operations between different cryptocurrency networks.
Kelp DAO ensured rapid performance
In the statement, the team Kelp DAO claimed that After detecting the anomaly, it paused all relevant contracts on both the Ethereum main networkas in layer 2 solutions, by blacklisting addresses linked to the attacker and activating coordination with the SEAL-911 security response team.
These actions made it possible to contain the incident and also neutralize a second attack attempt that sought to extract an additional 40,000 rsETH, equivalent to about $95 million, through a falsely verified package.
Kelp Dao
“Avoid responsibility”
One of the key points in the investigation is the DVN (Decentralized Verifier Network) configuration. Kelp DAO explained that used a 1 of 1 configuration, which is documented and is set by default on new deployments within LayerZero.
The protocol has operated on this infrastructure since January 2024 and, as indicated, maintained constant communication with the LayerZero team, including during its expansion towards layer 2 solutions, “at that time it was confirmed that the default configuration was appropriate,” they assured from Kelp DAO.
Looking ahead, Kelp DAO emphasized that its priority is to protect users and avoid contagion effects within the DeFi ecosystem. The team is currently working alongside key partners such as Aave and other stakeholders to assess the impact of the incident, coordinate mitigation measures and define next steps for an eventual safe resumption of the protocol.
Likewise, they stressed that establishing a clear and shared account of what happened will be essential to implement effective solutions and reinforce the security of the system going forward.
The attack on Kelp DAO did not happen alone. According to industry reports, during the first two weeks of April, at least 13 security breaches were recorded in the ecosystem. On the whole, These incidents already add up to more than 450 million dollars in losses so far in 2026not including the KelpDAO case, making April one of the most critical months in terms of security.