Summary of "This Hack Just Broke DeFi… And Exposed Everything"

High-level summary

On 18 Apr 2026 (~17:35 UTC) an attacker exploited a bridge/verification configuration to mint 116,500 RS‑ETH (≈ $293M) from Kelp DAO. The attacker then used that unbacked liquid restaking token (LRT) as collateral across lending markets to borrow >$236M in wrapped ETH (WETH), converting fragile, illiquid stolen tokens into clean capital. The incident froze withdrawals, triggered massive liquidity outflows and contagion across DeFi, and exposed a structural risk in using LRTs as collateral.

Assets, tickers and instruments mentioned

RS‑ETH / RSE / RSH — liquid restaking token (LRT) from Kelp DAO
ETH, WETH (wrapped ETH)
Tornado Cash (mixing service used to fund attacker wallets)
LayerZero (cross‑chain messaging protocol)
- OFT (omnichain fungible token adapter)
- DVN (decentralized verifier network; LayerZero component)
Aave (referred to as “Ave”), Aave V3
Compound V3
Oiler (lending/exposure)
RV v3 / RV4 (lending pools referenced in transcript)
Lido, Athena, Sparkland, Fluid, Upshift (protocols that paused or reacted)
Drift Protocol (earlier exploit on April 1)
Solana (referenced as “Salana” in transcript)
Total DeFi TVL (total value locked) as a macro metric

Attack methodology (step‑by‑step)

Recon / configuration
- Kelp’s bridge was configured with a one‑of‑one DVN (single validator signing key) despite large bridged collateral.
Staging
- Attacker funded nine operational wallets via Tornado Cash, depositing ~0.0978 ETH to each for gas ~10 hours prior.
Forged attestation
- Using a compromised signing key, attacker called commit verification on the DVN verifier contract and planted a forged attestation (claiming a deposit on a source chain).
Cross‑chain spoof
- Invoked LZ_receive on the LayerZero endpoint v2 at Ethereum block ~24,982,85 with a payload spoofing a Kelp deposit.
Release
- The OFT adapter accepted the attestation and released 116,500 RS‑ETH to the attacker — these tokens were never backed by actual ETH on the source chain.
Laundering via lending
- Attacker deposited RS‑ETH as collateral into lending pools (RV v3, RV4, Compound V3, Oiler) and borrowed >$236M WETH.
Follow‑up attempts
- Attacker attempted two additional drains (~40,000 RS‑ETH each) but were blocked when Kelp paused activity.

Key timeline and timestamps

~10 hours before exploit — attacker funded operational wallets via Tornado Cash.
18 Apr 2026 ≈ 17:35 UTC — initial exploit transaction.
Ethereum block ≈ 24,982,85 — LZ_receive executed (block cited in transcript).
18:21 UTC (≈46 minutes after first malicious tx) — Kelp multisig executed pause_all across mainnet, Arbitrum, Base, Scroll.
Immediately after pause — Kelp opened a 24‑hour white‑hat negotiation window with attacker.

Key numbers and market impact

Stolen: 116,500 RS‑ETH ≈ $293M (≈ 18% of RS circulating supply).
Secondary borrowing: > $236M in WETH borrowed against the stolen RS‑ETH.
Additional attempted drains: ~40,000 RS‑ETH each (~$100M each) — both reverted due to pause.
Aave outflows: $5.4B–$6.6B withdrawn in hours; Aave TVL fell from $26.44B to ≈ $20B (≈ $6B reduction).
Bad debt estimates: Aave alone $177M–$200M; >$250M when including Compound and Oiler exposures.
Aave token price: opened ≈ $115, closed ≈ $91 (drop >20% over two sessions) while ETH fell <3%.
DeFi TVL: >$10B decline in ~24 hours.
Broader context: Combined DeFi losses in <3 weeks > $600M (including the April 1 Drift exploit of $285M).

Root cause / structural issues

Architectural/design risk, not just a contract bug: the bridge verification scheme allowed single‑validator (one‑of‑one DVN) configurations, concentrating cross‑chain minting authority in a single signing key.
LRT collateral assumptions: lending protocols treated LRTs (RS‑ETH) as redeemable 1:1 for ETH, implicitly assuming redemption guarantees would hold even if bridge infrastructure was compromised.
Composability amplifies risk: cross‑protocol integrations enabled a single bridge failure to cascade into multi‑billion dollar systemic shocks within hours.

Protocol responses, defenses and effects

Emergency pause by Kelp multisig (18:21 UTC) prevented further large drains and blocked two follow‑up transfers.
Several protocols froze or limited RS‑ETH usage: Aave, Sparkland, Fluid, Upshift paused RS‑ETH markets or bridges; Lido rerouted deposits; Athena halted LayerZero bridges as a precaution.
Kelp offered a 24‑hour white‑hat negotiation window to attempt recovery (standard contingency practice).

Lessons, recommended mitigations and likely industry changes

Governance & onboarding
- Apply more conservative collateral onboarding for LRTs; do not assume immutable redemption guarantees.
Risk parameters
- Enforce tighter LTV caps and lower loan‑to‑value ratios for LRT collateral.
Bridge security
- Require multi‑DVN (multiple validator signatures) configurations; avoid single‑key trust assumptions.
Systemic stress testing
- Model contagion from bridge compromise across composable stacks; incorporate cross‑protocol failure modes into risk frameworks.
Monitoring & detection
- Improve tooling to detect Tornado Cash funding patterns and anomalous cross‑chain attestation events; increase operational transparency for attestation security.

Cautions and warnings

Approving LRTs as collateral with thin safety buffers is dangerous: under a bridge compromise, liquidators may not be able to economically remediate bad debt.
Depositors and lenders typically bear most of the downside when architectural trust assumptions fail.
Governance fixes alone may not restore trust; structural changes and a more conservative risk posture are likely required.

Disclosures / disclaimers

No explicit financial advice or standard legal disclaimers were stated in the provided subtitles.

Presenters and sources referenced

Presenter: Guy (Coin Bureau).
Security firms and community sources cited: SlowMist (postmortem), Cyvers (tracing contagion), 0x_ngmi (developer commentary on X), 0xquit (Solidity auditor), Mark Zella (Avechan Initiative).
Other references: Justin Sun (mentioned), prior Drift Protocol exploit (April 1).