Crime

Inside the KelpDAO Bridge Exploit: How ~$292 Million in rsETH Was Released Against a Non-Existent Burn

April 23, 2026 | by Chainalysis Team

TL;DR

  • On April 18, 2026, attackers linked to North Korea’s Lazarus Group stole ~$292 million (116,500 rsETH) from KelpDAO’s LayerZero bridge. Crucially, this was not a smart contract hack, but a sophisticated attack on off-chain infrastructure.
  • The attackers compromised internal RPC nodes and DDoS’d external nodes to feed false data to a single-point-of-failure verification network (a 1-of-1 DVN setup). This tricked the Ethereum contract into releasing funds based on a phantom token “burn” on the source chain.
  • Traditional security tools missed the attack because every on-chain transaction looked completely valid. Spotting this type of exploit requires cross-chain invariant monitoring — continuously verifying that tokens released on a destination chain mathematically match tokens burned on the source chain.
  • Rapid intervention prevented further damage. KelpDAO successfully paused contracts to block a second $95 million theft, and the Arbitrum Security Council, coordinating with law enforcement, froze over 30,000 ETH of the attacker’s downstream funds.

 

On-chain, the transactions looked clean. Messages were relayed, signatures verified, and 116,500 rsETH — worth roughly $292 million — moved out of a LayerZero-based bridge contract on Ethereum. Nothing about the calldata itself signaled an exploit. Yet, locked rsETH was illegitimately released from KelpDAO’s bridge escrow, and a community of restakers was left holding tokens whose peg assumptions had quietly been broken. Tuesday, three days after the hack, the Arbitrum Security Council moved to freeze a significant portion of the attacker’s downstream funds, an intervention that closed some of the windows these types of exploits usually target.

This was not a smart contract vulnerability. There was no reentrancy bug, no missing access check, no price oracle sleight-of-hand. The KelpDAO incident is something arguably more dangerous: an attack on the off-chain verification layer on which many cross-chain protocols depend.

Chainalysis investigates many of the world’s largest crypto hacks and is proud to have worked closely with partners in law enforcement and industry on Arbitrum’s landmark disruption of criminal activity. Here’s what we know so far, what the on-chain evidence shows, and why this class of exploit requires a different kind of monitoring.

What happened

On April 18, an attacker drained approximately $290 million worth of rsETH from KelpDAO’s LayerZero bridging adapter by forging a cross-chain message. The target of the attack was not KelpDAO’s own contracts nor the LayerZero contracts themselves. It was rather the off-chain infrastructure that LayerZero Labs operated to watch the source chain on KelpDAO’s behalf.

To move rsETH between chains, KelpDAO relied on LayerZero’s bridging infrastructure. On LayerZero, every cross-chain message has to be verified by one or more Decentralized Verifier Networks (DVNs) before the destination chain will act on it. rsETH was configured with a single verifier: the LayerZero Labs DVN. No second DVN had to agree. Kelp has stated that this 1-of-1 setup was the default configuration shipped for new deployments at the time of its L2 expansion; LayerZero has since said it has recommended a multi-DVN setup to Kelp. Either way, in practice it meant that if the LayerZero Labs DVN could be made to believe something false, there was no independent party to catch the mistake.

The attackers went after exactly that seam. They did not break into KelpDAO nor did they break the LayerZero protocol. They instead targeted the RPC nodes the LayerZero Labs DVN used to read source-chain state — the plumbing that tells the verifier what is actually happening on the other chain. Kelp’s own systems were not involved in building or operating that infrastructure.

LayerZero’s DVN was designed with some redundancy: it reads from a mix of internal RPC nodes that LayerZero Labs hosts itself and external RPC nodes operated by third parties. The attackers broke the internal side and knocked out the external side at roughly the same time: 

  • Two RPC nodes hosted by LayerZero were compromised. The attackers obtained the list of RPCs the DVN was querying, gained access to two independent internal nodes running on separate clusters, and swapped out the software running them. The modified nodes fed forged data to the LayerZero DVN while continuing to return truthful data to other systems querying them, including LayerZero’s own monitoring service. They were also engineered to self-destruct once the window for the attack closed, wiping the malicious binaries, logs, and configs behind them.
  • A simultaneous Distributed Denial of Service (DDoS) attack was launched against one of the external RPC nodes the DVN relied on. With the external path unreachable, the DVN failed over to the only nodes it could still talk to: the two internal ones controlled by the attackers. From that moment forward, the DVN’s view of the source chain was whatever the attackers wanted it to be.

The poisoned internal nodes reported blocks that showed rsETH being burned on the source chain (Unichain) when no such burn had occurred. The LayerZero Labs DVN, reading only from those nodes, confirmed the corresponding cross-chain message as valid. On that false confirmation, the Ethereum-side contract released 116,500 rsETH — roughly $292 million — to an attacker-controlled address. However, there was no matching burn anywhere upstream. The system executed a correct transaction on top of a falsified view of reality.

LayerZero has attributed the operation to the Democratic People’s Republic of Korea (DPRK)’s Lazarus Group, and specifically the sub-group known as TraderTraitor. The affected RPC nodes have since been deprecated and replaced.

Kelp detected the anomaly shortly after it began, paused the relevant contract on Ethereum and its L2 deployments, blacklisted the attacker’s addresses, and engaged SEAL-911. Those actions blocked a follow-up attempt in which the exploiter tried to drain an additional 40,000 rsETH (~$95 million) using a second forged ‘phantom’ packet.

As depicted in the above Reactor graph, the attacker moved funds through a large handful of addresses to one consolidation address before the Arbitrum Security Council froze funds.

Why this attack worked

It’s worth examining the reason traditional on-chain defenses missed this.

At the transaction level, every step of the exploit was indistinguishable from normal bridge activity. The validator’s signature was valid. The message format was valid. The release function behaved exactly as designed. A transaction-by-transaction audit — the kind most protocol monitoring relies on — would not have flagged a single call.

The failure was structural. Bridges are, by definition, two-sided systems. Their correctness cannot be evaluated by looking at one chain in isolation. The KelpDAO exploit is a textbook example of what happens when a cross-chain protocol’s off-chain infrastructure (e.g. RPC endpoints, validator nodes, signer sets) becomes the softest point in the stack, and when quorum design gives an attacker a single node to compromise rather than a meaningful set.

In this incident, rsETH was released on Ethereum against a burn that never occurred. That is not a transaction problem. It is a system-state problem — and detecting it requires monitoring at the level of invariants, not individual calls.

The Broken Invariant

Every bridge rests on a deceptively simple accounting rule: assets released on the destination chain must equal assets burned or locked on the source chain.

The rsETH released on Ethereum had no matching burn anywhere upstream. The result was unbacked supply entering circulation — the same fundamental failure, at the system level, that the Ronin, Nomad, and Multichain incidents produced through very different mechanisms. The common thread is not the vulnerability; it’s the invariant violation.

Once that invariant breaks, downstream effects are mechanical. rsETH holders on Layer 2s are suddenly claiming against collateral that doesn’t exist. Peg deviation follows. Liquidity fragments. Contagion risk spreads to any protocol that accepts the token as collateral.

Detecting a Trust-Layer Failure in Real Time

This is where on-chain invariant monitoring matters, and where Hexagate — now part of Chainalysis — has been focused.

The attack, while difficult to catch at the transaction level, is straightforward to catch at the invariant level. The moment the Ethereum-side bridge contract released rsETH, a monitoring system watching for the matching burn event on the source chain would have seen nothing. No burn, no lock, no corresponding state transition — yet funds leaving the bridge.

Hexagate’s Gate framework is built around exactly this kind of check:

  • Real-time invariant enforcement. Track cross-chain flows, match burn release events, and continuously verify bridge accounting.
  • Cross-chain event reconciliation. Ensure that LZ (or any other messaging-layer) events are consistent across the chains they touch.
  • Custom bridge monitors. The same approach already deployed for Solana → Ethereum LZ reconciliation generalizes to any LZ-based bridge or cross-chain messaging system.

A relatively simple Gate monitor encodes the logic:

Funds released on L1 → look for a matching burn on the source chain → if none exists, fire.

In the KelpDAO case, the main theft was executed in a single release. An invariant alert cannot undo that first release. What it can do, however, is collapse the time between the release and the defender’s first action to something close to zero: the moment funds are released on Ethereum without a matching burn upstream, the alert fires, and anyone with the authority to pause the affected contracts can act before the next forged message clears.

That is essentially what played out: Kelp detected the anomaly, paused the relevant contracts on Ethereum and its L2 deployments, and blacklisted the attacker’s addresses — fast enough that a follow-up attempt to drain another 40,000 rsETH (~$95M) via a second forged “phantom” packet never succeeded. The first release could not be prevented, but the rsETH contract could have been paused before the exploiter had a chance to swap out the 116,500 rsETH or deposit it into lending markets.

The Arbitrum Security Council’s freeze of 30,766 ETH of the attacker’s downstream funds is a reminder that fast, coordinated governance and law-enforcement action can recover ground that real-time monitoring was unable to hold.

What this means for DeFi security

The KelpDAO exploit is a reminder that smart contract audits, while necessary, do not inoculate a protocol from failures originating outside the contract. Cross-chain systems inherit the security of their weakest off-chain dependency, and “1-of-1” anything — validators, DVN, signers, RPC providers — should now be treated as an active, rather than theoretical, risk.

Three takeaways are worth emphasizing:

  • First, quorum design is security design. A signer or DVN set that relies on one party is not a quorum; it is a single point of failure with extra steps.
  • Second, detection requires multiple layers. Monitoring individual transactions for malicious patterns will not catch an attack in which every transaction is, by itself, valid. Invariant-based monitoring, and specifically watching the relationships between events across chains, is a critical way to see these exploits as they happen.
  • Third, the window to intervene is small but real. Bridges that combine invariant monitoring with a credible pause mechanism can stop the attack before the exploiter is  able to begin swapping to other tokens.

The post-exploit response has been unusually fast. On April 20, the Arbitrum Security Council executed an emergency action to freeze 30,766 ETH held on Arbitrum One at an address tied to the KelpDAO exploiter. The Council acted with input from law enforcement on the exploiter’s identity, and designed the intervention to move the funds to an intermediary wallet without affecting any other Arbitrum users, applications, or chain state. Those funds are no longer accessible to the address that originally held them; they can only be moved by further action from Arbitrum governance, coordinated with relevant parties.

This does not make the bridge whole; rsETH’s invariant break still happened, and the gap between released and burned supply is a separate problem to resolve. But it materially reduces the attacker’s realized proceeds and demonstrates what credible L2 governance, combined with agile law enforcement coordination, can accomplish when it acts within hours rather than days.

Chainalysis is continuing to monitor the situation and will update this post as the investigation develops.

 

This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein. 

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.

Bridge ExploitCrypto crimehackKelpDAOLazarus GroupNorth KorearsETHStolen funds

Recent posts