Kelp DAO’s rsETH bridge apparently exploited for roughly $292 million in LayerZero-based attack
Kelp's emergency pauser multisig froze the protocol's core contracts roughly 46 minutes after the successful drain, blocking two follow-up attempts.
Kelp DAO's rsETH bridge suffered a major exploit that drained approximately $292 million in what appears to be a LayerZero-based attack. The protocol's emergency pauser multisig responded by freezing the core contracts roughly 46 minutes after the successful drain was completed. This quick response managed to block two additional follow-up attempts by the attacker.
Kelp DAO operates a liquid restaking protocol that allows users to stake Ethereum and receive rsETH tokens in return. The attack targeted the bridge infrastructure that enables cross-chain functionality for these tokens. LayerZero, an interoperability protocol that facilitates communication between different blockchains, appears to have been the vector through which the exploit was executed.
This incident represents one of the larger DeFi exploits in recent months, highlighting ongoing security vulnerabilities in cross-chain bridge infrastructure. The $292 million loss underscores the risks associated with liquid staking protocols and their complex smart contract systems. Such attacks continue to plague the decentralized finance sector, where bridges remain frequent targets due to their technical complexity and high-value token holdings.
The crypto community will be watching closely for Kelp DAO's post-mortem analysis and recovery plans. Users are advised to monitor official communications regarding fund recovery efforts and protocol restoration timelines.
Source: The Block
