Kelp DAO's rsETH Bridge Exploited for $292M in LayerZero Attack on Ethereum

Kelp DAO's liquid staking protocol lost approximately $292 million in a sophisticated bridge exploit targeting its rsETH token infrastructure. The attack leveraged LayerZero's cross-chain messaging system to drain funds from the protocol's Ethereum-based bridge contracts.

The exploit combined a liquidity-pull mechanism with a smart contract vulnerability, allowing the attacker to manipulate the bridge's validation process. The hacker successfully extracted the funds before protocol defenders could react, demonstrating the speed advantage attackers maintain in DeFi exploits.

Kelp's emergency pauser multisig responded within 46 minutes of the successful drain, freezing the protocol's core contracts. This rapid response prevented two subsequent attack attempts, limiting the damage to the initial $292 million loss. The pause mechanism proved crucial in containing what could have been a complete protocol drain.

The incident highlights ongoing risks in cross-chain bridge infrastructure, particularly those using LayerZero's messaging protocol. rsETH holders face immediate depegging risk as the market processes the significant loss of backing collateral.

Traders should monitor rsETH's peg stability and avoid the token until Kelp provides a detailed post-mortem and recovery plan. The exploit adds to 2026's growing list of nine-figure DeFi losses, reinforcing the need for enhanced bridge security audits and emergency response systems.