LayerZero Says KelpDAO rsETH Bridge Lost $292 Million in April Attack

According to LayerZero Labs, attackers poisoned RPC infrastructure used by the bridge verification network, enabling the theft of about $292 million in rsETH and prompting policy changes on single-signer setups.

RSETH

37d ago

Summary

LayerZero Labs said its incident report on the April 18, 2026 KelpDAO rsETH bridge exploit found that about 116,500 rsETH, worth roughly $292 million, was stolen after attackers poisoned RPC infrastructure used by the bridge’s verification network. The new account updates earlier reporting that cited compromised developer session keys and tampered RPC data, and says the attack has prompted policy changes around single-signer configurations. LayerZero previously said Mandiant and CrowdStrike attributed the exploit to the North Korean group TraderTraitor.

Terms & Concepts

RPC infrastructure: The node access layer that applications and services use to read blockchain data and submit requests; if compromised, it can feed false chain information to dependent systems.
rsETH: A restaked Ether token used within KelpDAO’s ecosystem, representing ETH-based exposure in a tokenized form across decentralized finance applications.
TraderTraitor: A North Korean hacking group that cybersecurity firms and officials have linked to thefts targeting cryptocurrency companies and infrastructure.