What was the Kelp DAO exploit?

The Kelp DAO exploit on April 18, 2026, involved an attacker minting unbacked tokens by exploiting a misconfigured 1-of-1 security setting in LayerZero's cross-chain bridge. This allowed the attacker to borrow significant assets and left protocols with bad debt.

How much money is at risk from this LayerZero vulnerability?

CoinGecko analysis indicates that nearly half of all active LayerZero-powered applications remain vulnerable, putting over $4.5 billion in market value at immediate risk. This includes assets like Tether's USDT0 stablecoin, which accounts for a substantial portion of the exposed value.

Can this vulnerability be fixed easily?

Yes, unlike complex smart-contract bugs, this specific vulnerability stems from a misconfiguration in the Decentralized Verifier Network (DVN) settings. It can be fixed with a simple parameter change, by updating from a 1-of-1 to a more secure configuration like 2-of-2.

🔗 Crypto & Blockchain

Kelp DAO Hack: Billions Exposed By Simple Flaw

A single, misconfigured security setting in LayerZero's cross-chain infrastructure has led to the largest DeFi exploit of 2026. Billions now hang precariously in the balance.

Fintech Dose Apr 27, 2026 4 min read

A visual representation of interconnected blockchain networks with a break or vulnerability highlighted.

⚡ Key Takeaways

A single misconfigured security setting in LayerZero's DVN led to the $292 million Kelp DAO exploit. 𝕏
Over $4.5 billion in crypto assets remain at risk across 47% of active LayerZero-powered applications still using a 1-of-1 DVN setup. 𝕏
The incident highlights the critical need for proactive security audits and secure default configurations in DeFi, not just reactive fixes. 𝕏

Written by

Ibrahim Samil Ceyisakar

Founder and Editor in Chief. Technology entrepreneur tracking AI, digital business, and global market trends.

#DeFi hack #blockchain exploits #cryptocurrency security #kelp dao #layerzero

Worth sharing?

Get the best Fintech stories of the week in your inbox — no noise, no spam.

Originally reported by Crowdfund Insider

⚡ Key Takeaways

The 60-Second TL;DR

Ibrahim Samil Ceyisakar

Share this article

Worth sharing?

Related Stories

Solana's STRIDE: Noble Fix or Band-Aid After $285M North Korea Hack?

Drift's $9.7M Hack Exposes DeFi's Frozen Asset Problem—And What It Means for Your Portfolio

Bitcoin's Quantum Peril: 6.9M BTC Exposed, No Plan B?

[SEC Greenlights] Crypto Interfaces Dodge Broker Rules

Stay in the loop