The DeFi sector was rocked by the biggest security breach of 2026.
The cryptocurrency world faced the biggest security breach in the Decentralized Finance (DeFi) sector this year on April 18, 2026. The Kelp DAO’s bridge, which uses LayerZero infrastructure, was subjected to a sophisticated attack that resulted in the theft of 116,500 rsETH (restaked ether) tokens worth $292 million.
Technical details of the attack
According to analysis by cybersecurity firm CyversAlerts, the attacker exploited a vulnerability in the cross-chain bridge of the rsETH token on the LayerZero platform at 17:35 UTC. By fraudulently calling the lzReceive function in the EndpointV2 contract, the attacker managed to transfer a large amount of rsETH tokens to their personal address.
LayerZero’s cross-chain messaging system serves as a critical infrastructure enabling data and asset transfer between blockchains. However, this attack has once again highlighted that bridging protocols still carry significant security risks.
Domino effect in the market
Immediately following the attack, LayerZero’s native token, ZRO, experienced a sharp 12.7% drop. This shockwave in the DeFi market particularly affected large protocols like Aave. According to data, the AAVE token lost 16% of its value, and $6 billion worth of funds were withdrawn from the protocol.
It is reported that the stolen rsETH tokens were used by the attackers as collateral to borrow wrapped ether. This indicates that the impact of the attack was not limited to Kelp DAO, but poses a risk of contagion spreading throughout the entire DeFi ecosystem.
DeFi security statistics are worrying.
Data from 2025 indicates that crypto thefts will reach $3.4 billion. According to Chainalysis reports, individual wallet breaches will reach 158,000 cases, affecting 80,000 unique victims. Off-chain incidents account for 56.5% of attacks and 80.5% of funds lost in 2024.
Halborn’s 2025 Top 100 DeFi Hacks report reveals that compromised accounts are both the most common and the most costly attack vector. The report emphasizes the critical importance of user account security.
The status of Kelp DAO and LayerZero.
Kelp DAO is known as a leading protocol that issues rsETH, a liquid restaking token that provides yield via EigenLayer. LayerZero, on the other hand, offers an infrastructure solution that enables omnichain interoperability and is used by many DeFi protocols.
It remains to be seen whether officials from both protocols have issued official statements following the incident, and whether they will present a plan to compensate users for their losses. Similar bridge attacks have previously targeted protocols such as Wormhole (2022, $320 million), Ronin (2022, $625 million), and Nomad (2022, $190 million).
Editor’s Commentary
This attack painfully served as a reminder that the bridge infrastructures within the DeFi ecosystem still harbor critical security vulnerabilities. The $292 million loss is not only the largest attack of 2026, but it also further deepens the trust issue in the sector. Core infrastructure protocols like LayerZero need to review their security measures and develop stricter oversight mechanisms to protect user funds. This event once again demonstrated that DeFi’s promise of decentralization is meaningless without security.