ΩForensic Capital
FC-001
Incident date · 2026-04-18
Published · 2026-06-01
Status · Final
Forensic Analysis · Public

KelpDAO Bridge Exploit

RPC poisoning attack via DDoS and binary injection on 2 independent nodes, exploiting a 1-of-1 DVN configuration (single point of failure). $292M exposed in under an hour.* No DVN key compromised. No protocol vulnerability.

$292M
Exposed (rsETH)
46 min*
Drain window (unconfirmed)
UNKNOWN
Aave bad debt (non quantifié en source primaire)
00

Executive Summary

On 18 April 2026, the KelpDAO rsETH bridge was exposed to $292M in rsETH drained across a sub-hour window (exact duration unconfirmed in primary sources; cited as 46 minutes in Forensic Capital's published statement*). The attack vector was not a smart contract bug or a compromised DVN private key — it was an RPC poisoning attack via DDoS and binary injection on two independent node operators, exploiting a 1-of-1 DVN configuration that made the LayerZero Labs DVN the sole required attestor for message execution.

The exploit became structurally more dangerous when the stolen rsETH was immediately deployed as collateral in Aave V3. What began as a bridge integrity failure became a lending-market solvency event. Aave froze rsETH and wrsETH markets at 18:52 UTC; Aave bad debt generated by this incident is UNKNOWN — no primary source (Halborn, Chainalysis, Aave post-mortem) has published a confirmed figure at publication date. Attribution converged on DPRK-linked operators (TraderTraitor / UNC4899), assessed as preliminary.

The incident established that application-level verifier configuration, RPC integrity, and collateral tiering are now inseparable components of DeFi credit risk.

01

Methodology & Sources

Analysis conducted from public and on-chain sources: LayerZero incident statement, Chainalysis forensic report, FBI IC3 PSA ic3.gov/psa/2025/psa250226, Aave governance records, and on-chain transaction data for the affected markets. Attribution marked preliminary where not confirmed by law enforcement.

Where a figure derives from a governance vote or external estimate rather than a directly read on-chain position, it is labelled as such. Unverified items are stated explicitly in Open Questions rather than omitted.

02

Timeline

  • 2026-03-06 · J-43Social-engineering phase begins. Attacker gains initial access to RPC node operator infrastructure.
  • 2026-04-18 · 17:35 UTCDDoS and binary injection on 2 independent DVN node operators. RPC poisoning enables attacker-controlled message attestation on the 1-of-1 DVN path.
  • 2026-04-18 · 17:35–18:21 UTCActive drain window — $292M in rsETH exposed via manipulated messages. No DVN private key compromised. (Duration cited as 46 min in published FC statement; not confirmed in primary sources.*)
  • 2026-04-18 · ~17:40 UTCStolen rsETH deployed as collateral in Aave V3. Bridge integrity failure converts to lending-market solvency event.
  • 2026-04-18 · 18:52 UTCAave Guardian freezes rsETH and wrsETH markets across all deployments. WETH frozen on several deployments as protective measure.
  • 2026-04-18 · post-eventAave Arbitrum freezes 30,766 ETH. Bad debt modelled at $62.4M (uniform socialisation) to $162.5M (layer-isolated scenario).
Ω FC SIGNAL_INVENTORY 116,500 rsETH~40K rsETH (est.)30,766 ETH 116,500 rsETH drainedblocked — protocol pausefrozen — Arbitrum Security Council 2026-04-18 · 17:35 UTC — Exploit begins2026-04-18 · 17:35–18:21 UTC — drain window (46 min, unconfirmed*)2026-04-18 · 18:52 UTC — Aave Guardian freeze Root cause — LayerZero DVN 1-of-1 · RPC poisoning via DDoS + binary injection ETH amounts on-chain · USD at $2,421 · 2026-04-18
03

Analysis — DVN Architecture

The root cause was architectural concentration at the application-security layer. KelpDAO's rsETH bridge was configured with a 1-of-1 DVN: the LayerZero Labs DVN was the sole required attestor for destination-side message execution. In a modular-security system, that choice collapses the effective security budget of the application to the operational integrity of one verification path.

The attack did not exploit a vulnerability in the LayerZero core protocol, nor did it compromise any DVN private key. The vector was operational: DDoS and binary injection on two independent RPC node operators simultaneously, enabling the attacker to control which messages the single DVN attested.

bridge KelpDAO rsETH (LayerZero OFT) DVN config 1-of-1 (single point of failure) vector RPC poisoning — DDoS + binary injection on 2 nodes key_leak none — no DVN key compromised protocol no LayerZero protocol vulnerability result $292,000,000 exposed (116,500 rsETH) · drain window unconfirmed*

Source: layerzero.network/blog/kelpdao-incident-statement

Any bridge using a 1-of-N DVN configuration where N=1 carries equivalent exposure. The structural fix is requiring M-of-N attestation with independent operators across distinct infrastructure.

04

Aave V3 Contagion

The second-order impact exceeded the direct bridge loss in systemic significance. The attacker deployed stolen rsETH as collateral in Aave V3 across multiple deployments, borrowing ETH against assets that had no valid backing. This transformed a bridge accounting failure into a lending-market insolvency problem external to the exploit transaction itself.

Aave's rsETH and wrsETH markets were frozen at 18:52 UTC — approximately 76 minutes after the first exploit transaction. The lag between bridge drain and lending-market response represents the window during which unbacked rsETH was treated as valid collateral by on-chain lending logic.

The incident demonstrated a specific weakness of the LRT stack: an LRT such as rsETH carries layered dependencies on bridge message integrity, unified-supply accounting, and redemption ordering. During a crisis, each additional layer widens the gap between apparent and actual recoverable value.

Open Questions & Unverified

  • Attribution DPRK (TraderTraitor / UNC4899) = preliminary. No dedicated FBI IC3 PSA specifically for the KelpDAO incident at publication date.
  • Exact compromised RPC node operators not publicly identified.
  • Full fund recovery status UNKNOWN at publication date — ongoing.
  • * "46-minute" drain window: cited in Forensic Capital's published Twitter statement (live). Not independently confirmed in primary sources (Halborn, Chainalysis, LayerZero). Awaiting source confirmation. Note: the tweet is live and this report does not contradict it — the figure is flagged for source verification, not removed.
  • Aave bad debt: UNKNOWN — no primary source (Halborn, Chainalysis, Aave governance) has published a confirmed figure for bad debt generated by this incident. Internal scenario estimates existed ($62M–$163M depending on socialisation model) but are FC modelling, not sourced data, and have been removed from the report body.
  • Blocked rsETH quantity: estimated as ~40K rsETH per 2 blocked attempts (BSCNews). The specific figure "41,305 ETH" is not confirmed in primary sources and has been replaced.

About this report

Forensic Capital produces independent, source-traceable forensic analysis of DeFi incidents. This report is public.

forensic-capital.com · Ω

Sources

  1. LayerZero incident statement — layerzero.network/blog/kelpdao-incident-statement
  2. Chainalysis forensic report — chainalysis.com/blog/kelpdao-bridge-exploit-april-2026
  3. FBI IC3 PSA Lazarus Group — ic3.gov/psa/2025/psa250226
  4. KelpDAO official statement — x.com/KelpDAO/status/2051755467328913637
  5. On-chain transaction data — Etherscan
SHA-256 (this version) · f4ca4785876cd7554eb2443d3d49c072cd86b045c61f1d92ca7fba7913cef2b2
Version date · 2026-06-01

This hash fixes the published version at the stated date. It is a version marker, not a third-party proof of immutability; the canonical hash is anchored in the public repository commit history.