What Happened
At 17:35 UTC on Saturday, April 18, 2026, an attacker drained 116,500 rsETH from Kelp DAO's cross-chain bridge. The bridge held reserves backing rsETH deployments on more than twenty blockchains. The exploit worked by tricking LayerZero's cross-chain messaging layer into believing a valid instruction had arrived from another network. Kelp's bridge, configured to trust validated LayerZero messages, released the reserves to an address controlled by the attacker. Kelp paused rsETH contracts across Ethereum mainnet and several layer-2 networks within hours, but the tokens were already moving through laundering infrastructure.
Kelp DAO is a liquid restaking protocol. Users deposit ETH, Kelp routes it through EigenLayer to earn restaking yield on top of standard Ethereum staking rewards, and issues rsETH as a tradeable receipt. LayerZero is the cross-chain messaging layer that allows different blockchains to send verified instructions to each other. The rsETH on non-Ethereum networks was wrapped against reserves held by the bridge. Those reserves are now gone.
The Contagion Moved Faster Than the Pause
The bridge held the collateral backing rsETH on every chain where the token traded. Once the reserves were drained, the wrapped rsETH on layer-2s and other networks became effectively uncollateralized. That created a feedback loop: panic redemptions on L2s pressured the unaffected Ethereum supply, which could force Kelp to unwind restaking positions to honor withdrawals, which would depress the price of rsETH further. Markets started moving before the protocols could respond. The structural failure is one step above the smart contract layer: the bridge was treated as a custody layer by every downstream protocol that accepted wrapped rsETH. That assumption failed at scale.
Aave froze rsETH markets on V3 and V4 within hours. Founder Stani Kulechov confirmed publicly that the exploit was external and Aave's contracts were not compromised, but the freeze was necessary to prevent attackers from using rsETH as collateral to borrow against already-illiquid pools. The utilization rate on a core Aave lending pool spiked to 100%, meaning users who had deposited ETH and wrapped ETH had little to no liquidity to withdraw. By early Sunday, net withdrawals from Aave reached $6.2 billion. AAVE fell about 20% over 25 hours. SparkLend and Fluid froze their own rsETH markets. Lido paused deposits into earnETH, which holds rsETH. Ethena paused its LayerZero OFT bridges from Ethereum mainnet purely as a precaution, clarifying it has no rsETH exposure.
The Attribution and the Pattern
LayerZero publicly linked the exploit to a subgroup of North Korea's Lazarus Group. Kelp DAO's own post-mortem framed it as a LayerZero breach. The two protocols are now publicly trading blame over whether the attack exploited the bridge's trust assumptions or the messaging layer's validation. The technical distinction matters for future bridge design. The attribution matters for what comes next.
On April 1, attackers drained approximately $285 million from Solana-based perpetuals protocol Drift through a different mechanism: a fake token deposit, a stolen admin key, and a 2-of-5 multisig with zero timelock. TRM Labs attributed that exploit to DPRK actors. Between the two incidents, over $500 million has been siphoned from DeFi in 2.5 weeks. April 2026 has logged approximately $606 million in total crypto hack losses, roughly four times all of Q1 combined. What once looked like isolated breaches now reads as a sustained campaign, almost certainly driven by a sanctioned state's need for hard currency. The Lazarus Group is evolving beyond isolated hacks, shifting tactics from social engineering to exploiting structural weaknesses in crypto infrastructure at the bridge layer.
What This Means for You
Wrapped tokens, bridge-issued receipts, and liquid staking derivatives all share a structural property: you do not hold the underlying asset. You hold a claim on a reserve maintained by a protocol. Ownership of a receipt is not ownership of the underlying. When the reserve is drained, the receipt becomes worthless regardless of what the smart contract says. This is true for rsETH holders on layer-2s today. It was true for stETH holders during the 2022 depeg. It was true for holders of wrapped Bitcoin on chains that lost their bridge collateral. The architecture is fragile at the bridge layer, and that layer is where the sophisticated attackers now focus. The risk is not only the smart contract you trust, but the entire interoperability stack behind the token: the bridge, the messaging layer, the reserve accounting, and the governance response when something breaks.
The practical implication for Bitcoin holders: self-custody of native BTC on the Bitcoin network is not subject to this category of risk. A Bitcoin UTXO you control through your own keys is not backed by a reserve that can be drained. It is the reserve. Wrapped BTC on Ethereum, tokenized BTC on any sidechain, and any BTC exposure through a custodian or bridge introduces the same reserve-risk profile that took down rsETH on twenty chains this week. Self-custody only means something when you hold the native asset on the native chain, or a structure you fully understand. The sovereignty thesis is not abstract. It is the specific difference between holding an asset and holding a claim on a reserve that holds the asset. The Kelp exploit is the current illustration of what that distinction is worth.
What to Watch
Watch whether Arbitrum's Security Council recovers the frozen $71 million through governance action, and whether any other chain-level interventions succeed in freezing additional attacker funds. Watch Kelp's redemption mechanics in the coming weeks: if panic redemptions on Ethereum force unwinding of restaking positions, rsETH's peg will break and the cascade will extend. Watch LayerZero's post-mortem for technical details on whether the attack exploited a genuine vulnerability in the messaging layer or a misconfiguration in how Kelp trusted it. And watch for the next bridge exploit, because the pattern suggests there will be one.