How Does Kelp DAO Work?

Restaking|Risk D|6 mechanisms|4 interactions

A liquid restaking protocol that wraps staked ETH into rsETH tokens and stacks additional yield layers on top through Gain Vaults. On April 18, 2026, attackers exploited a configuration flaw in Kelp's LayerZero bridge to mint 116,500 rsETH out of thin air — about $292M and 18% of the entire supply — making this the largest DeFi exploit of 2026. The attacker then used the stolen rsETH on Aave V3 as collateral to borrow WETH, leaving Aave with an estimated $177-200M in bad debt. Its D grade reflects the realized bridge exploit, the pre-existing hardcoded oracle vulnerability, reflexive insurance design, and four layers of derivative nesting.

TVL

$1.6B

Sector

Restaking

Risk Grade

D

Value Grade

D+

Core Mechanisms

Oracle/Hardcoded

Hardcoded stETH:ETH 1:1 price oracle

Uses a hardcoded 1:1 rate for stETH rather than a market feed; creates arbitrage opportunity during any stETH depeg event. Flagged by LlamaRisk.

Insurance/Staking

Novel

KERNEL insurance staking pool

KERNEL token stakers provide insurance against slashing losses; novel insurance primitive with reflexivity risk if KERNEL price drops during a claim event.

Vault/Yield-Aggregation

Novel

Gain Vaults (agETH) with multi-strategy yield

agETH wraps rsETH into yield-generating vault strategies, creating a 4th derivative layer on top of base ETH staking.

Oracle/Aggregator

Novel

Custom oracle aggregator for rsETH pricing

Custom aggregator combining multiple price sources for the rsETH derivative; adds complexity to the oracle surface.

Restaking/LRT

rsETH liquid restaking token

Standard LRT wrapping EigenLayer restaked positions; represents the base derivative layer.

Bridge/Cross-Chain-Messaging

LayerZero OFT bridge for rsETH across 20+ chains

Uses LayerZero's Omnichain Fungible Token (OFT) standard to bridge rsETH across 20+ EVM chains. On April 18, 2026, a configuration weakness in Kelp's DVN/verifier setup allowed the attacker to forge a cross-chain message that minted 116,500 rsETH on a destination chain with no ETH locked on the source. The LayerZero protocol itself was not compromised; the flaw lived in Kelp's endpoint configuration.

How the Pieces Interact

Hardcoded stETH oraclersETH mintingCritical

During a stETH depeg, the hardcoded 1:1 rate allows arbitrageurs to mint rsETH at inflated value, extracting value from existing holders.

KERNEL insurance stakingKERNEL token priceHigh

Slashing event triggers insurance claims, selling KERNEL to cover losses; KERNEL price drops, reducing insurance capacity, creating a reflexive death spiral.

Gain Vaults (agETH)rsETH / stETH base layersHigh

4-layer derivative nesting (ETH -> stETH -> rsETH -> agETH) cascades any base-layer slashing event through amplified losses at each derivative layer.

LayerZero OFT bridgersETH minting authorityCritical

LayerZero's cross-chain messaging accepted a malicious message as valid on April 18, 2026, causing Kelp's bridge to mint 116,500 rsETH (~$292M, 18% of supply) to an attacker wallet funded via Tornado Cash 10 hours earlier. Bridge pauser froze contracts 46 minutes after the drain. Attacker then deposited stolen rsETH on Aave V3 as collateral and borrowed WETH, leaving Aave with $177-200M in bad debt.

What Could Go Wrong

  1. LayerZero bridge configuration allowed attacker to mint 116,500 rsETH (~$292M, 18% of supply) on April 18, 2026 with no corresponding ETH on source chain; largest DeFi exploit of 2026
  2. Hardcoded stETH oracle enables arbitrage exploit during depeg
  3. KERNEL price crash creates reflexive insurance death spiral

Hardcoded Oracle Arbitrage Drain

Elevated

Trigger: stETH depegs >2% from ETH on secondary markets while Kelp DAO's hardcoded 1:1 oracle remains unchanged, creating a persistent arbitrage window

  1. 1.Market stress causes stETH to trade at 2-5% discount to ETH on Curve/Uniswap Kelp's hardcoded oracle still values stETH at 1:1 with ETH
  2. 2.Arbitrageurs buy discounted stETH on open market and deposit into Kelp at par value rsETH minted at inflated value relative to actual stETH backing
  3. 3.Existing rsETH holders diluted as new rsETH backed by depegged stETH enters supply rsETH effective backing drops below 1:1 with ETH
  4. 4.Market participants realize rsETH is underbacked rsETH depegs on secondary markets as holders rush to exit
  5. 5.rsETH depeg cascades to agETH (Gain Vault) derivative layer 4-layer derivative tower (ETH -> stETH -> rsETH -> agETH) amplifies losses at each level
See all 4 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty5/15
Interaction Severity18/20
Oracle Surface8/10
Documentation Gaps6/10
Track Record15/15
Scale Exposure7/10
Regulatory Risk3/10
Vitality Risk9/10
D

Overall: D (71/100)

Lower score = safer

More on Kelp DAO

Is Kelp DAO Safe?

Safety analysis

Is Kelp DAO a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Restaking Explainers

How Does Lombard Finance Work?D+How Does Solv Protocol Work?D+How Does ether.fi Work?C-How Does Babylon Protocol Work?C-How Does Babylon Work?C-