Kelp DAO Attacked for $293 Million: Key Lessons from the Biggest DeFi Hack of April 2026
2026-04-20
Bittime - On April 19, 2026, the crypto world was shocked by one of the largest attacks in the history of decentralized finance.
Kelp DAO, a liquid staking protocol with a total value locked (TVL) of $1.57 billion, was successfully exploited, losing $293 million in funds in a matter of minutes. This incident is the largest DeFi hack of 2026 so far.
Although the Kelp team managed to stop all protocol activity within 46 minutes, the damage was done.
The stolen funds were equivalent to 116,500 rsETH (Kelp's Restaked ETH), which was then used as collateral to borrow 106,467 ETH worth approximately $293 million.
Key Takeaways
Kelp DAO loses $293 million in 46 minutes— hackers exploited a vulnerability in the LayerZero bridge to mint 116,500 rsETH and borrow 106,467 ETH.
The impact extended to Aave (down 20%, V3/V4 freeze), LayerZero ZRO (down 22%), and whales lost $2.88 million in Hyperliquid.
Important lesson: limit token approval, avoid high leverage, separate trading wallets from cold storage, and monitor real-time news.
Register at Bittime now and start trading crypto with a fast, safe, and easy process in the app.
How Did LayerZero Become a Gap?
Further investigation revealed that this attack exploited a vulnerability inLayerZero, a popular cross-chain messaging protocol. The hacker successfully sent a seemingly valid instruction to LayerZero, which the system then "believed," leading to the release of 116,500 rsETH from the Kelp DAO bridge.
The impact didn't stop at Kelp DAO. LayerZero's own ZRO token plummeted more than 22% in 24 hours, dropping from over $2 to just $1.52 per token.
The LayerZero team stated that they are in the process of “active remediation” with the Kelp DAO team to address this incident.
Read also:Kelp DAO Bridge Hacked for $292 Million, Affecting rsETH and Aave
Ripple Impact: Aave, Ethena, and Lido Also Affected
This attack triggered a domino effect that crippled parts of the DeFi ecosystem:
Ghost— The Aave team immediately froze Aave V3 and V4 to prevent further damage. The AAVE token dropped more than 20% in 24 hours to $92.06, and several whales began dumping their AAVE holdings.
Ethena (ENA)— Despite claiming no exposure to rsETH, the Ethena team still froze their LayerZero bridge as a precaution. ENA only dropped about 3% — better than most other protocols.
Lido Finance— Follow similar steps by freezing certain activities to prevent further exploitation.
Whale Traders Also Get Trapped
A whale holding a long ZRO position on Hyperliquid lost $2.88 million due to liquidation.
Despite still maintaining his position, he now has an open loss of approximately $750,000, with a total loss of nearly $429 million when calculated from his initial position.
Over $600 Billion Lost in Two Weeks
The attack on Kelp DAO is just the tip of the iceberg. In the past two weeks alone, over $600 million has been stolen from various DeFi protocols in over 10 separate incidents:
Rhea Finance lost $18.4 million due to slippage gap.
CoW Swap suffered a front-end attack.
Drift Protocol lost $285 million.
Zerion lost $100,000 from the company's internal hot wallet.
This data shows that cybercriminals are becoming increasingly aggressive and sophisticated in exploiting vulnerabilities in the crypto ecosystem.
Read also:9 Best Web3 Wallets of 2026: Easy to Use and Features
Important Lessons for DeFi Users
The Kelp DAO incident teaches some valuable lessons for anyone involved in the DeFi ecosystem:
1. Understand the Risks of Cross-Chain Bridges
LayerZero is a very popular infrastructure, but this attack demonstrates that even the most trusted protocols can be vulnerable. If you interact with protocols that use cross-chain bridges, understand their security mechanisms.
2. Diversification Does Not Guarantee Security
rsETH is spread across over 20 blockchains—including various Ethereum L2s. However, exploits still occur. Having assets on multiple chains doesn't guarantee security if the vulnerability is at the infrastructure level.
3. Actively Monitor Protocols
Kelp DAO was able to halt the protocol in 46 minutes. However, users who didn't react quickly could have lost their funds. Please join the official announcement channel of your protocol.
4. Beware of the Risk of Chain Liquidation
The whale that lost $2.88 million due to a long ZRO position is a classic example. The crypto market is highly interconnected; one incident can trigger liquidations on other platforms. Use leverage with extreme caution.
5. No Protocol is “Too Big to Fail”
Kelp DAO has a TVL of $1.57 billion— is not a small project. However, size does not guarantee security. Always do your own research and don't assume a large protocol is a safe "bank."
Tips for Securing Your DeFi Wallet
Here are practical steps you can take to protect your crypto assets amidst the rise in DeFi attacks:
Use a hardware wallet.
Store long-term assets in cold storage such as Ledger or Trezor so that the private keys are never connected to the internet.
Limit token approval.
Never grant unlimited approval to a smart contract. Always limit the number of tokens allowed and revoke unused permissions.
Monitor news in real-time.
Follow the official Twitter account of the protocol you are using as well as on-chain monitoring accounts like PeckShield or Lookonchain to get early warnings of any incidents.
Avoid large leverage.
The interconnected nature of crypto markets can trigger chain liquidations. Use leverage only if you fully understand the risks and are prepared to lose all your capital.
Separate wallets for trading and storage.
Use a separate wallet for daily (active) DeFi interactions and another for long-term (cold) storage. This limits exposure if one wallet is compromised.
Conclusion
The $293 million attack on Kelp DAO is a stark reminder that the DeFi ecosystem still has serious security flaws. Despite swift response from protocol teams, the damage caused is often irreversible.
For users, it is important to not only pursue high returns, but also understand the risks inherent in each layer of the infrastructure — from cross-chain bridges to the smart contracts themselves.
Amidst the rise in attacks, one principle remains true in the crypto world: "Not your keys, not your coins." However, even with your own keys, you remain vulnerable if you interact with an insecure smart contract.
Stay alert, keep learning, and never put all your eggs in one basket.
How to Buy Crypto on Bittime?
Want to trade sell buy Bitcoins and crypto investment easily? Bittime is here to help! As an Indonesian crypto exchange officially registered with OJK, Bittime ensures every transaction is safe and fast.
Start with registration and identity verification, then make a minimum deposit of IDR 10,000. After that, you can immediately buy your favorite digital assets!
Check the exchange rate BTC to IDR, ETH to IDR, SOL to IDR and other crypto assets to find out today's crypto market trends in real-time on Bittime.
Also, visit the Bittime Blog for interesting updates and educational information about the crypto world. Find reliable articles about Web3, blockchain technology, and digital asset investment tips designed to enrich your crypto knowledge.
FAQ
What is Kelp DAO?
Kelp DAO is a liquid staking protocol that allows users to stake ETH and receive rsETH tokens as representation. The protocol had a TVL of approximately $1.57 billion before the attack.
How did hackers steal $293 million?
Hackers exploit vulnerability in LayerZero— a cross-chain messaging protocol — to send fake instructions that appeared valid, resulting in the Kelp DAO bridge sending 116,500 rsETH to the wrong party.
Is LayerZero responsible?
The LayerZero team claims to be in the process of "active remediation" with the Kelp DAO team. However, their ZRO tokens dropped 22% due to the incident.
What is the total loss of DeFi in the last two weeks?
Over $600 million was stolen from various DeFi protocols in over 10 separate incidents, including Kelp DAO ($293M), Drift Protocol ($285M), and Rhea Finance ($18.4M).
How to protect assets from similar attacks?
Use a hardware wallet, limit token approvals, monitor real-time news, avoid high leverage, and have separate wallets for trading and storage.
Disclaimer: The views expressed belong exclusively to the author and do not reflect the views of this platform. This platform and its affiliates disclaim any responsibility for the accuracy or suitability of the information provided. It is for informational purposes only and not intended as financial or investment advice.
.png)
