KelpDAO Bridge Exploit Results in $292 Million Theft as Fabricated Message Triggers Largest 2026 DeFi Breach

KelpDAO loses 116,500 rsETH in a massive cross-chain bridge exploit. Learn how a fabricated blockchain message led to a $292 million crisis.

By: AXL Media

Published: Apr 21, 2026, 6:13 AM EDT

Source: Information for this report was sourced from Japan Daily

The Anatomy of a High-Stakes Blockchain Crisis

A critical vulnerability in the KelpDAO liquid restaking protocol was exploited in the early hours of April 19, 2026, leading to a financial crisis that has shaken the decentralized finance (DeFi) sector. The attack, which was initiated at 2:35 AM JST, utilized a sophisticated method involving a fabricated message on the blockchain. This single fraudulent instruction allowed attackers to bypass security protocols and drain a massive quantity of assets, instantly placing KelpDAO at the center of the largest security failure witnessed in the industry this year.

Massive Liquidity Drain via Cross-Chain Bridge

The breach focused specifically on KelpDAO’s cross-chain bridge, a vital piece of infrastructure used to move assets between different blockchain networks. In one swift transaction, the attackers successfully siphoned 116,500 rsETH, which translates to a market value of roughly $292 million or 46.7 billion yen. This theft represented approximately 18% of the total circulating supply of the protocol’s restaking tokens, causing immediate and severe disruption to the platform’s liquidity and the broader restaking ecosystem.

The Methodology of Fabricated Messages

Technical analysis suggests that the exploit was made possible through the manipulation of the protocol’s messaging layer. By injecting a single, carefully crafted fabricated message, the perpetrators were able to trick the bridge into authorizing a legitimate looking but unauthorized withdrawal. This type of attack highlights a growing trend in the DeFi space where the interfaces between different chains become primary targets for sophisticated hackers, as these bridges often manage vast amounts of locked capital with complex, and sometimes fragile, verification logic.