News
20 Apr 2026, 12:19
Justin Sun launches KelpDAO intervention as inside job rumors grow

The founder of Tron, Justin Sun, has publicly appealed to the hacker behind the $293 million KelpDAO drain. According to his X tweet, Justin Sun asked the hacker to strike a deal with KelpDAO not to inflict additional harm on the restaking platform and the lending protocol Aave, where the funds had been leveraged as collateral. “You can’t spend $300 million anyway,” Sun noted, highlighting the practical challenges of laundering or liquidating such a massive sum in today’s tracked blockchain environment. KelpDAO’s hack leads to an ongoing fallout The hack unfolded on April 18 after the hackers attacked the KelpDAO LayerZero bridge , draining 116,500 rsETH tokens from the pool. This represents liquid restaking derivatives for the staked Ether. KelpDAO is a multicoin liquidity staking protocol with $1.5 billion in value locked at the time. KelpDAO acted swiftly, suspending all its multisig governance functions, deposit pools, withdrawal pools, oracles, and even the rsETH token on the mainnet and Layer-2 networks. Inquiries into the LayerZero network have begun to uncover the underlying reason for the hack, which is said to have stemmed from a single DVN deployment that resulted in a critical flaw. From there, the attacker moved the illegal rsETH tokens as collateral on Aave and borrowed large sums of actual ETH, causing bad debts to accrue. Contagion set in: Aave’s users began withdrawing funds at a rapid pace, with estimates exceeding $54 billion in assets being pulled from liquidity markets. Justin Sun was also able to recover about 65,584 ETH ($154 million). At the time of writing, the protocol is still frozen despite the decreasing TVL numbers in DeFi. Sources told Cryptopolitan that L1 rsETH is completely collateralized, and the pertinent Aave market is “completely solvent.” In a particular message, it was reported that weETH was unaffected, that liquid vaults were functioning normally, and that LiquidETH and LiquidUSD customers would not experience drawdowns, since any losses from higher borrowing expenses in Aave would be offset. KelpDAO’s hack tied to an insider job Adding fuel to the fire of the KelpDAO fiasco is the emerging suspicion that the hack could very well have been an insider job. Crypto community observers suggest that KelpDAO was warned 15 months prior to the attack in their governance forums about the 1/1 DVN issue in LayerZero. KelpDAO’s hack is being rumored to be an inside job. Source: X The protocol’s decision to deploy the weakest possible security setup—a single verifier for a bridge holding hundreds of millions—despite its scale has raised eyebrows. Traders have traced a similar pattern from previous hacks, now flagged as insider jobs. For example, the BTER exchange breach in 2014. DeFi hacks terrorize 2026 crypto traders The KelpDAO hack is the biggest attack on DeFi in 2026 to date, following close on the heels of an even bigger hack. On April 1, Drift Protocol , a Solana-based perpetual exchange, was hacked for $285 million, according to security analysts, who linked the attack to a complex six-month social engineering operation carried out by hackers affiliated with North Korea (UNC4736, or Lazarus Group). Hackers allegedly gained access to Drift Protocol’s internal Telegram channels and employed malware to steal users’ funds before moving them to Ethereum. Also, in April, other hacks have been reported on Hyperbridge, Grinex Exchange, and Rhea Finance. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
20 Apr 2026, 12:17
AAVE Gets Embroiled in Existential Liquidity Crunch as KelpDAO Hacked for $293 Million

On April 19, 2026, a $293 million hack of KelpDAO triggered a chain reaction that sent shockwaves through the DeFi ecosystem, with AAVE being hit hard.
20 Apr 2026, 12:12
Ripple CTO Flags Bridge Security Gaps After $290M Kelp Exploit

David Schwartz, Ripple’s CTO Emeritus, said the Kelp DAO exploit reflects a wider problem in cross-chain infrastructure. He said many bridge systems offer strong protections, yet teams are often encouraged to use simpler setups that reduce operational costs. His comments came after Kelp DAO’s rsETH bridge was exploited on April 18, with about 116,500 rsETH drained in one of the largest DeFi losses of 2026 so far. The remarks placed fresh attention on how bridge operators balance speed, cost, and security when deploying products tied to large pools of value. Ripple CTO Links RLUSD Review to Bridge Security Choices David Schwartz said he evaluated multiple DeFi bridging systems while reviewing options for RLUSD, with most of his focus placed on risk and security. He wrote that many of the systems appeared well designed and included mechanisms that could address the type of failure seen in the Kelp DAO case. He added that the problem was not always the absence of security tools. Instead, providers often promoted ease of deployment and rapid chain expansion in ways that assumed projects would avoid the strongest protections. In the latest XRP news tied to Ripple’s stablecoin planning, Schwartz framed that trade-off as a recurring weakness across bridge deployments. Kelp DAO Exploit Renewed Focus on LayerZero Setup Kelp DAO’s rsETH bridge was exploited on April 18, with a loss of roughly $290 million to $292 million. Public reporting and incident analysis said the attacker drained 116,500 rsETH through LayerZero-related bridge activity, with the exploit becoming the biggest DeFi breach of 2026 to date. Technical reviews published after the attack pointed to a weak verification setup as a central issue. One widely cited analysis said the bridge configuration relied on a one-of-one verifier model, creating a single point of failure that allowed a forged message to release assets from escrow. That structure has become central to the discussion around whether the breach stemmed from optional security settings not being fully used. Following the Kelp DAO exploit, Aave’s total value locked fell sharply as attackers reportedly used stolen rsETH as collateral to borrow wETH on Aave v3. Aave then froze several rsETH and wETH markets after the incident left the protocol exposed to an estimated $195 million in bad debt. Ripple Executive Points to Convenience Over Safety Schwartz said he had a “funny feeling” that part of the problem could involve Kelp DAO not using key LayerZero security features for the sake of convenience. His remarks aligned with broader concerns that some bridge teams adopt lighter configurations during early growth stages and delay stronger controls until later. That view adds another layer to current XRP news coverage because RLUSD is still being evaluated with infrastructure risk in mind. Schwartz’s comments suggest Ripple’s internal review gave heavy weight to how bridging systems are configured in practice, not only how they look on paper. Therefore, the exploit has triggered a wider debate over who should bear responsibility for safe bridge design. Some developers argue that applications need flexibility to choose their own verification model, while critics say that freedom can create pressure to adopt weaker defaults that are easier to launch and maintain.
20 Apr 2026, 11:35
LayerZero Pins $292M KelpDAO Bridge Hack on North Korea’s Lazarus Group

Attackers forged a cross-chain message, came within minutes of a second drain, and wiped their tracks on the way out.
20 Apr 2026, 11:29
DeFiLlama Co-Founder Suggests 3 Paths to Resolve $293M KelpDAO Hack Fallout

The $293 million KelpDAO hack on April 18 has left Aave, rsETH holders, and the wider DeFi ecosystem staring at a hole nobody quite knows how to fill. But on Sunday, DeFiLlama co-founder 0xngmi laid out three realistic options on the table and ran the numbers on each. Three Scenarios, None of Them Clean 0xngmi’s first option is to spread the pain. According to them, if KelpDAO socializes losses across all users, it would work out to an 18.5% haircut. There are some 666,000 rsETH sitting across Aave deployments, and most mainnet positions are looped close to the maximum loan-to-value ratio (LTV), so 0xngmi’s model assumes they are essentially at liquidation. Wiping out all equity in those positions leaves roughly $216 million in bad debt, and Aave’s Umbrella ETH coverage would absorb $55 million of that, while the protocol’s treasury could cover another $85 million, which would leave a gap of about $76 million. To close it, 0xngmi suggested that Aave could either take out a loan or liquidate its AAVE treasury tokens. That stash is currently worth around $51 million. Option two is much uglier, as it would mean “rugging” rsETH holders on layer 2 chains. This would leave Aave with $359 million of rsETH supply, and assuming it was all looped at maximum LTV, it would create $341 million of bad debt across lending markets. But since Umbrella covers none of it, 0xngmi said Aave would have to pick which markets to salvage and which to abandon, with Arbitrum, Mantle, and Base most likely to suffer the biggest losses. The third option, while most technically appealing, could be the hardest to pull off. It involves going back to a pre-hack snapshot and trying to make only the direct victims whole. This would mean paying back the $124 million the hacker is said to have taken from Aave and another $18 million from Arbitrum. But the problem is that, since the hack, the money has moved around a lot across pooled protocols, making it difficult to cleanly separate one depositor’s funds from another. OneKey founder Yishi also pushed for a fourth path that sits outside 0xngmi’s framework: negotiate with the hacker first, offering them a 10% to 15% bounty, and try to get most of the money back before any of the harder decisions need to be made. If that fails, Yishi argued that LayerZero’s ecosystem fund should carry most of the bill, given its resources and long-term interest in preserving the OFT ecosystem. How $293M Left in Two Transactions Cyvers founder Meir Dolev reconstructed the on-chain timeline for the KelpDAO attack , and it moves fast. The attacker’s wallet was funded through Tornado Cash about 10 hours before anything happened. Then, at 17:35 UTC on April 18, two transactions occurred: commitVerification on LayerZero’s ReceiveUIn302, followed 24 seconds later by IzReceive on EndpointV2. That second transaction drained 116,500 rsETH, valued at about $293.5 million, in one shot. KelpDAO’s multisig responded at 18:23 UTC by blacklisting the attacker’s recipient address on rsETH, and it worked. A second attempt, 3 minutes later, which would have taken another 40,000 rsETH worth around $100 million, hit the blacklist and reverted. According to Dolev, the root cause was quite simple: KelpDAO’s Unichain-to-Ethereum bridge required only one DVN attestation to release funds. Forging that one verification allowed the hacker to move $293 million. LayerZero also published its own statement attributing the attack to Lazarus Group’s TraderTraitor unit. The company said the protocol worked as designed and also pointed directly at KelpDAO’s 1-of-1 DVN configuration as the cause, noting it had previously recommended multi-DVN setups to all integration partners. Security researcher Andy was blunter, calling KelpDAO’s decision to run a single DVN while holding $1.5 billion in user funds “extremely irresponsible” and warning that dozens of other protocols are running the exact same setup right now. The post DeFiLlama Co-Founder Suggests 3 Paths to Resolve $293M KelpDAO Hack Fallout appeared first on CryptoPotato .
20 Apr 2026, 11:24
Nearly $1 billion in bitcoin ETF inflows power bull case as Kelp hack fuels DeFi jitters

What you need to know for April 20, 2026










































