KelpDAO $292M exploit exposes LayerZero trust failure

On April 20, an attacker used compromised remote procedure call (RPC) endpoints to manipulate LayerZero infrastructure supporting KelpDAO’s rsETH bridge and obtain 116,500 rsETH on Ethereum, Chainalysis reported. The firm estimates the value taken at roughly $292 million.

Chainalysis traced the incident to a 1-of-1 validator configuration used by the bridge. Attackers fed false state into the validator by breaching a small set of RPC endpoints. Those inputs caused the bridge to register a fabricated burn event on the source chain. The bridge then approved the message and released rsETH on Ethereum without any corresponding on-chain burn on the origin chain.

The analytics firm noted that the smart contracts executed as written. Transactions matched the code logic, so standard contract-level safeguards did not stop the minting. Chainalysis described the root cause as a failure in the bridge’s trust assumptions rather than a bug in the contract code.

The incident broke the core invariant bridges use to preserve value parity: tokens burned or locked on the source chain should match tokens issued on the destination chain. Because the bridge accepted manipulated inputs as valid and relied on a single validator and a narrow set of RPC endpoints, attackers found a single point of failure that bypassed broader checks.

Chainalysis wrote, “The ~$292M KelpDAO / rsETH bridge exploit highlights a critical blind spot in DeFi security.” The report also stated, “This attack proves that detecting malicious code isn’t enough; protocols must detect when a system enters an impossible state.” The firm recommended continuous monitoring and tools that check cross-chain consistency in real time to detect discrepancies between locked assets and released funds.

Cross-chain bridges move value by confirming events-such as burns or locks-on one blockchain and issuing matching tokens on another. Validators or relayers verify those events and rely on external data feeds and node endpoints. If data inputs are compromised or not independently verified, a bridge can act on false information even when contracts behave as designed.

Chainalysis pointed to design choices that increase risk, including minimal validator quorums and limited RPC diversity. The firm suggested invariant-tracking frameworks and real-time state validation as additional defenses that could flag impossible states and give operators a chance to halt operations before losses accumulate.