Kelp DAO LayerZero bridge drained why

LayerZero bridge attack drained rsETH before pause

An attacker targeting Kelp DAO’s LayerZero-powered cross-chain bridge appears to have stolen roughly $292 million worth of rsETH before Kelp paused all rsETH contracts. LayerZero is used to move assets and messages across blockchain networks, and the bridge layer is often the most high-value target in cross-chain ecosystems because a vulnerability can let funds leave the intended custodian or settlement pathway.

The timeline described in the report is critical: the contract pause came after the attacker had already moved value out. That suggests either the exploit was executed quickly, the monitoring/response window was too short, or the incident wasn’t identified early enough to prevent outflows.

Why the pause didn’t stop the loss

When teams “pause” bridge contracts, they typically aim to prevent additional deposits, withdrawals, or message execution. But in a live exploit, attackers may already have:

• Triggered withdrawals or message executions that were already in flight.
• Exploited a logic bug to transfer value before controls were applied.
• Used the bridge’s cross-chain messaging to route assets faster than the operational response.

What matters for users and other bridges

This incident underscores several broader points for cross-chain security:

• Incident response speed is as important as security design.
• “Circuit breaker” pauses may limit additional damage but not reverse losses already finalized.
• Bridges remain systemic risk points across DeFi, especially when large liquidity pools are involved.

The report indicates Kelp took action by pausing rsETH contracts; details about the specific exploit method and whether additional funds were at risk weren’t provided in the snippet, so the exact root cause remains outside what’s stated here.