Security Warning: How the $293M KelpDAO LayerZero Exploit Redefined Smart Contract Hacks in 2026
A single point of trust failure in cross-chain messaging drained KelpDAO of 116,500 rsETH—roughly $293 million—in under two minutes. The exploit did not touch KelpDAO's native staking contracts.
Caleb North·updated June 29, 2026

The Attack Vector
The breach bypassed native staking logic entirely. Attackers injected fraudulent state instructions into the cross-chain messaging layer. The smart contracts executed exactly as designed. They validated a malicious payload that falsely confirmed an external asset deposit, then released and minted approximately 18% of the total rsETH supply.
Execution metrics: 1 minute 48 seconds for the initial exploit transaction. Full consolidation into the master attacker wallet: under two hours.
For related context, see Crypto passive income, airdrops, staking and lending.
Post-Exploit Capital Flow
The stolen rsETH was deployed as collateral across multiple lending platforms, extracting $236 million in USDC and USDT before oracle health factors adjusted. On-chain forensic tracking showed the borrowed stablecoins routed through THORChain to the Bitcoin network. Portions were fragmented into 100 ETH batches and pushed through Tornado Cash and additional privacy-centric cross-chain protocols.
The Arbitrum Security Council froze 30,766 ETH (over $71 million) tied to the exploit, locking it inside a governance-controlled wallet.
What It Confirms
Cross-chain bridge exploits now account for over 38% of Q2 2026 losses. Total industry damage from cyberattacks this quarter has crossed $840 million. The pattern is structural: the messaging layer is the single point of trust. When that assumption fails, downstream contracts process invalid state without resistance.
The invariant—"a valid cross-chain message implies a real source-chain deposit"—broke. Nothing else did.
Engineering Guardrails
For protocol teams building on cross-chain messaging primitives:
- Treat the message payload as untrusted input. Validate the source chain, block height, and depositor identity independently of the relayer.
- Add rate limits and per-address caps on minting from bridge messages. A single transaction should not release 18% of supply.
- Implement governance-controlled pause hooks on the mint path, not just on transfers.
- Monitor the time delta between the source-chain event and the destination-chain message. The 1 minute 48 second window here is itself a signal.
- Run adversarial scenarios where the relayer is compromised. A code audit does not cover this. The threat model must.
The contracts worked. The trust model did not.