Last weekend, an attacker drained $292 million from KelpDAO's LayerZero bridge. 116,500 rsETH, roughly 18% of the token's entire circulating supply, gone in one transaction on April 18.
This wasn't a smart contract bug. There was no reentrancy exploit, no oracle manipulation. The attacker compromised the off-chain nodes feeding data to the bridge verification layer, fed the system a false reality, and the bridge released funds against a token burn that never happened. Every on-chain transaction looked completely clean. Classic Lazarus Group playbook.
Here's what happened to the money.
The attacker swapped the stolen rsETH into ETH immediately, splitting it across Ethereum mainnet (around $178M) and Arbitrum (around $72M). Arbitrum's Security Council moved fast and froze roughly $71M before it could move. That's the only good news in this story.
The rest went through THORChain. No KYC, no intermediary, native cross-chain swaps. ZachXBT confirmed funds flowing through THORChain and privacy protocol Umbra within hours of the freeze. PeckShield tracked additional routes via Chainflip and BitTorrent. By the time analysts were watching, EmberCN confirmed the full 75,700 ETH haul had been converted to Bitcoin. Same exit route as the $1.4B Bybit hack last year. It works because it's designed to work. That's the whole point of trustless cross-chain infrastructure.
So right now: roughly $71M frozen under Arbitrum governance, roughly $221M gone into BTC and dispersed. Recovery probability on the latter is essentially zero.
But the theft itself is only part of the story.
The attacker didn't just take the money and leave. They used stolen rsETH as collateral on Aave to borrow real assets against it. That single move triggered a cascade. Aave froze rsETH markets on V3 and V4. SparkLend froze exposure. Fluid, Compound, Euler, Upshift and at least 9 protocols went into defensive mode. Aave's total TVL dropped roughly $10 billion in two days. Aave's own estimate of potential bad debt sits between $123M and $230M depending on how this resolves. AAVE token dropped around 10% immediately.
Lido paused deposits into earnETH. Ethena paused its LayerZero bridges as a precaution. A protocol that had nothing to do with the attack still had to act, because the infrastructure is so interconnected that doing nothing felt reckless.
This is what DeFi contagion actually looks like in 2026. One bridge exploit, one poisoned collateral asset, and suddenly the entire money lego stack is in triage mode.
Now let's talk about the tail risk nobody wants to discuss.
rsETH represented 18% of its own circulating supply. That's not a peripheral token. It's deeply integrated across lending markets, liquidity pools, and yield strategies. The peg assumption broke silently. Users across multiple protocols were holding or borrowing against an asset whose backing had just been partially hollowed out.
What happens if the next exploit hits a more systemically critical asset? wstETH? weETH? Something deeply embedded in Aave's core collateral set? The mechanism is now documented in detail: compromise off-chain bridge infrastructure, forge a cross-chain message, create unbacked supply, use it as collateral to extract real liquidity, disappear via THORChain. The playbook is public. Lazarus Group has demonstrated it works at nine-figure scale twice in twelve months.
The real black swan scenario isn't another $300M hack. It's a coordinated attack on a top-5 collateral asset that triggers a liquidation cascade across Aave, Morpho, and Spark simultaneously, bad debt that no treasury can absorb, a stablecoin that briefly loses its peg under the pressure, and a loss of confidence that triggers the kind of bank run DeFi has never actually had to survive at full scale.
It probably won't happen tomorrow. But the architecture that makes it possible exists right now, and the people capable of executing it are actively probing it.
The KelpDAO hack isn't just the biggest DeFi exploit of 2026. It's a proof of concept.
Be careful out there.
