Decentralization Dilemma: Cascading Risks and Emergency Response Rights in the KelpDAO Crisis

Writing: BlockSec

Key Points: The $290 million bridge vulnerability in KelpDAO triggered a chain reaction, freezing over $6.7 billion worth of WETH liquidity across five chains, affecting users who had never interacted with rsETH. This incident also reveals the practical boundaries of “permissionless” systems: the Arbitrum Security Council executed a forced state transition through governance-authorized atomic contract upgrades, transferring 30,766 ETH without holder signatures.

On April 18, 2026, KelpDAO’s rsETH cross-chain bridge was attacked, losing approximately $290 million, making it the largest DeFi security incident of the year. Initial attribution points to Lazarus Group, a state-sponsored hacking organization with documented long-term targeting of crypto infrastructure [1]. The attack did not exploit smart contract vulnerabilities but instead poisoned RPC infrastructure relied upon by a decentralized verification network (DVN) node, forging cross-chain messages and releasing rsETH tokens on Ethereum without corresponding burns on the source chain.

LayerZero [1] and KelpDAO [2] have provided detailed explanations of the attack itself. This article approaches from a different angle: not recounting the attack process but examining what happened afterward—how a single point of infrastructure dependency caused a cascade that froze billions of dollars in liquidity across five chains, and how this cascade forced decentralized governance frameworks to exercise centralized emergency powers in the public eye.

The causal chain of the KelpDAO incident spans three levels of the “decentralized” tech stack: reliance on a single point DVN enabled the attack; DeFi’s composability (the “DeFi Lego” characteristic where protocols interconnect like building blocks) then transformed this bridge vulnerability into a systemic liquidity crisis; and the scale of this crisis further exposed embedded centralized emergency powers within governance frameworks.

Background: Summary of the KelpDAO Attack

KelpDAO is the issuer of rsETH. rsETH is a liquidity re-staking token (LRT) representing ETH staked positions across multiple operators. To enable cross-chain circulation of rsETH, KelpDAO integrated LayerZero’s messaging protocol, which relies on a DVN (decentralized verification network) to confirm the legitimacy of cross-chain messages before execution on the target chain.

Key configuration choice: KelpDAO’s rsETH OApp used a 1-of-1 DVN setup, relying solely on the DVN operated by LayerZero Labs as the sole validator. This means the entire cross-chain security of rsETH depended on a single verification entity. LayerZero’s documentation explicitly recommends using a redundant multi-DVN setup, and LayerZero stated that prior to the incident, they had communicated this best practice to KelpDAO [1]. KelpDAO responded that the 1/1 configuration is “documented in LayerZero’s documentation and deployed as the default configuration for any new OFT,” and “was explicitly deemed suitable during L2 scaling” [2].

The attacker compromised two RPC nodes used by LayerZero Labs’ DVN, replacing their binaries with malicious versions. These malicious nodes only returned forged on-chain state data for the DVN’s IP addresses, appearing normal to all other observers (including LayerZero’s own monitoring infrastructure). Meanwhile, a DDoS attack targeted the non-compromised RPC nodes, causing system failover to the poisoned nodes. The result: the DVN confirmed a cross-chain message from a source chain that never occurred, without corresponding burns on the source chain, releasing 116,500 rsETH tokens on Ethereum (transactions 0x1ae232…db4222). On-chain evidence confirms: Ethereum’s target endpoint accepted nonce 308, while the Unichain source endpoint’s maximum outbound nonce remained at 307 [10].

KelpDAO detected anomalies within 46 minutes and paused all related contracts. This prevented further attacks involving an additional 40,000 rsETH (~$95M) [2]. But by then, the attacker had moved to the next phase: converting the stolen rsETH into lending assets via DeFi protocols.

From Forged Tokens to Lending Assets

The attacker did not sell the stolen rsETH directly. Instead, 116,500 tokens were dispersed into seven wallets, liquidated through various channels, including direct swaps for ETH via aggregators, depositing into Compound V3, and bridging to Arbitrum [10]. The most impactful route was through Aave: the attacker deposited 89,567 rsETH (~$221 million) into Aave markets on Ethereum and Arbitrum—Ethereum Core and Arbitrum. Using Aave’s E-Mode (which allows higher loan-to-value ratios for related assets), the attacker borrowed out 82,620 WETH and 821 wstETH [3] against the rsETH collateral.

These positions were leveraged to the limit. The health factors of the attacker’s seven addresses ranged narrowly from 1.01 to 1.03, just above liquidation thresholds [3]. This was possible because Aave’s E-Mode set an LTV of 93% for rsETH, with a liquidation threshold of 95%, leaving only a 2% safety buffer.

Details of the attacker’s positions across the two markets:

Table 1: Attacker’s rsETH supply and WETH/wstETH borrowings on Aave’s two markets

Data source: On-chain data from Etherscan, Arbiscan, and DeBank, as of 2026-04-22 16:51 UTC. USD values reflect token prices at the time of each transaction.

Cascade Effect: How a Bridge Vulnerability Frozen WETH on Five Chains

The diagram below summarizes the full cascade. Steps 1 and 2 (bridge vulnerability and Aave collateral deposits) are described above. This section analyzes steps 3 to 5: why WETH had to be frozen, what parameters shaped the severity of the cascade, and the actual costs of the freeze.

Figure 1: Cascade from bridge vulnerability to WETH freezes on five chains

Why WETH Must Be Frozen

On April 19, Aave’s Protocol Guardian froze all rsETH and wrsETH markets on Aave V3 and V4, prohibiting new deposits and borrowings collateralized by rsETH [8]. This was the expected first response.

Unexpectedly, on April 20, Aave froze WETH reserves on Ethereum, Arbitrum, Base, Mantle, and Linea [3,8].

Why freeze WETH? It’s an asset unaffected by the attack and unrelated to the cross-chain bridge. Because the attacker’s minted rsETH was created without any corresponding source chain assets, Aave’s price oracle continued to value these tokens at full market price, treating them as valid collateral indistinguishable from legitimate bridged rsETH. The attacker exploited this information asymmetry to borrow real WETH against uncollateralized liabilities, draining the WETH in the lending pools. This pushed the utilization of affected markets to 100%. With full utilization, depositors cannot withdraw, and liquidators cannot access underlying assets to execute liquidations. The core defense mechanism against bad debt—liquidation—was effectively disabled [3].

If WETH borrowings remained open, remaining pools on other chains could similarly be drained: deposit rsETH, borrow WETH, and exit. Freezing WETH was not optional but the only way to contain the damage.

Three Parameters Shaping the Cascade

The severity of this cascade was not accidental. Three protocol parameters determined the scale of direct damage and the extent of freeze propagation.

1. LTV: How much healthy assets can be extracted per unit of contaminated collateral

Aave’s E-Mode set rsETH’s LTV at 93%, meaning depositing $1 of contaminated rsETH could borrow out $0.93 of WETH. By comparison, Spark Protocol’s rsETH LTV was 72%, and Fluid’s approximately 75% [3]. Aave’s setting was the most aggressive in the market.

This was a deliberate design choice, not oversight. In January 2026, Aave governance increased rsETH’s E-Mode LTV from 92.5% to 93%, further tightening the already thin safety margin from 2.5% to 2%. The base (non-E-Mode) LTV was intentionally set near zero (0.05%), effectively forcing all meaningful rsETH borrowing through the high LTV E-Mode path.

2. Pool Depth: Vulnerability of each market to liquidity extraction

The same amount borrowed impacts pools of different depths differently.

Table 2: WETH reserves and attacker’s direct extraction ratio in Aave V3 markets across chains

The attacker only deposited rsETH into Aave V3 markets. Aave V4 (deployed on Ethereum on March 30, 2026) was similarly protected by preemptive rsETH freezing [3] but is not reflected here. WETH reserve data from LlamaRisk [8]; borrowed amounts from the position details above.

The attacker focused on Ethereum Core and Arbitrum. But what about the other chains where rsETH was accepted as collateral? Once the underlying bridge support was broken, existing user positions collateralized with rsETH on Mantle, Base, and Linea faced potential bad debt risk. Freezing WETH reserves across all five chains was a rational response: leaving these markets open would expose them to the same extraction mechanism already validated on Ethereum and Arbitrum [3,8].

3. Number of cross-chain deployments: Extent of freeze propagation

rsETH was listed as collateral in 11 of 23 Aave V3 markets, with 7 having substantial exposure [3]. The attacker only operated on two chains, but the preemptive freeze of WETH affected at least five, including markets where the attacker never deposited tokens. LTV determines how much can be extracted per chain; pool depth influences impact severity. Ultimately, the number of chains accepting rsETH as collateral dictated the scope of freeze spread.

These parameters are not static. Nine days before the attack, on April 9, Aave’s Risk Steward increased rsETH’s supply cap: Ethereum Core from 480,000 to 530,000, Mantle from 52,000 to 70,000 [3]. While this does not imply causality (attackers’ preparations likely predates these adjustments), it highlights how routine parameter changes can inadvertently expand the impact scope of future events.

Actual Impact of the Freeze

The result: a $290 million bridge vulnerability caused WETH liquidity to freeze on five chains, with combined reserves in affected markets exceeding $6.7 billion.

The direct loss is limited to the attacker’s borrowed amount. But in DeFi lending, freezing is far from a minor operational disruption. It locks user liquidity, prevents withdrawals, disrupts active positions, and weakens the protocol’s ability to liquidate bad debt. Most affected users had never interacted with rsETH, KelpDAO, or any cross-chain bridge. They are WETH depositors and borrowers on Aave, participating in what they reasonably believed to be straightforward lending markets.

WETH is the most fundamental liquidity asset in DeFi. Freezing it is akin to shutting down the city’s largest bank’s withdrawal channels because another financial institution was scammed with a product most depositors had never heard of.

LlamaRisk’s incident report [3] models two bad debt scenarios and provides chain-by-chain shortfall forecasts, representing the most detailed risk propagation analysis to date. But even this analysis focuses on potential bad debt rather than the broader operational costs of the freeze, including withdrawal locks, position disruptions, and weakened liquidation capacity across affected markets. A comprehensive quantification of the cascade’s overall impact remains an open question.

Restoration is also complex. The cascade’s interconnectedness constrains recovery: Aave cannot simply “unfreeze everything.” Each market must be evaluated independently, considering local rsETH exposure, WETH utilization, and attacker activity, facing different risk profiles. The timeline illustrates this:

April 19: Protocol Guardian froze all rsETH and wrsETH reserves on Aave V3 and V4 [3].

April 20: WETH was frozen on Ethereum, Arbitrum, Base, Mantle, and Linea [8].

April 21: WETH on Ethereum Core V3 was unfrozen, with LTV kept at zero as a precaution. WETH on Ethereum Prime, Arbitrum, Base, Mantle, and Linea remained frozen [8].

Four days after the attack, only one of the six affected markets had been unfrozen. The recovery process mirrors the attack path: protocol-by-protocol, chain-by-chain, each step requiring governance coordination and risk assessment.

Emergency Response: How Arbitrum Transferred 30,766 ETH Without Holder Signatures

While Aave managed the lending cascade, Arbitrum also took parallel emergency action. On April 21, the Arbitrum Security Council announced an emergency freeze of the attacker’s 30,766 ETH on Arbitrum One [6]. These funds were moved to an intermediate freeze address (0x…0DA0), pending disposition via subsequent Arbitrum governance vote [7].

Governance Action

The Arbitrum Security Council is a formal part of the Arbitrum DAO governance structure, not an external or ad hoc committee. This emergency action was publicly announced on the Arbitrum governance forum [7], executed after law enforcement confirmed the attacker’s identity, with full transaction details available for verification. The Security Council acted within its delegated authority, balancing “commitment to community safety and integrity while not impacting any Arbitrum users or applications” [6].

This was not a secret decision but a governance-authorized, transparent operation, with on-chain evidence clearly visible.

Technical Mechanism

What makes this action notable is not the governance decision itself but how it was executed on-chain. Based on BlockSec’s Phalcon trace analysis [6], the Security Council employed an atomic three-step process:

The Upgrade Executor temporarily upgraded the Ethereum inbox contract (DelayedInbox), adding a new function called sendUnsignedTransactionOverride.

This function was used to create a cross-chain message impersonating the attacker’s address. The message was injected via Bridge.enqueueDelayedMessage, with kind=3 corresponding to L1MessageType_L2Message in the Arbitrum Nitro stack. This message type allows execution of L2MessageKind_UnsignedUserTx on L2. Crucially, this path does not require signature verification. The sender parameter was switched from the standard msg.sender to an input controlled by the caller, carrying the attacker’s address via L1→L2 address aliasing.

After the transfer executed on L2, the inbox contract was restored to its original implementation.

Both the [9] on-chain transaction and the resulting L2 transaction [4] are publicly viewable on Phalcon Explorer. The L2 transaction appears as “from attacker to 0x…0DA0,” but this is not a standard user-signed transfer; it is a chain-level forced state transition—asset transfer enabled by governance-level infrastructure upgrade, bypassing the need for the owner’s private key.

The Decentralization Dilemma

The principle is straightforward: upgradeable contracts confer unlimited power. If a contract can be upgraded, its behavior can be modified to do anything, including transferring assets without the owner’s signature. This is an inherent capability of any system built on upgradeable contracts. The 30,766 ETH are currently stored in a frozen address, pending future governance decision. The atomic upgrade-execute-revert pattern leaves no permanent change to the inbox contract and does not affect other users or applications [5].

From a reasonable assessment, the Arbitrum Security Council’s action was correct. The attacker was identified as a state-level actor, law enforcement was involved, governance was transparent, and stolen assets worth $71 million were recovered or at least prevented from further laundering.

But the capability that made all this possible is not limited to this case. The same upgrade-execute-revert mechanism could, in principle, be used to transfer any assets held on Arbitrum One. The Security Council’s authority is not limited to the attacker’s address or stolen funds; it is a general capability governed by governance norms, not code.

This is the core dilemma. Users interacting with L2s hold an implicit mental model: “My assets are controlled by my private keys; no one can transfer them without my signature.” The KelpDAO incident’s emergency response shows this model is incomplete. On Arbitrum and any L2 with upgradeable bridge contracts and a Security Council, assets can be transferred via governance actions that bypass signature verification.

Arbitrum is not unique. Aave’s market freezes are also governance-driven emergency measures. In the KelpDAO case, multiple protocols exercised centralized emergency powers simultaneously: Aave froze markets on five chains, Arbitrum Security Council executed forced transfers, and KelpDAO globally paused contracts. These responses, while effective and transparent, are clear demonstrations of centralized authority within a “decentralized” ecosystem.

The issue is not whether emergency powers should exist. The KelpDAO case provides strong arguments for their necessity. The question is whether the boundaries, trigger conditions, and accountability mechanisms of these powers are sufficiently transparent. Users depositing assets on L2s should be able to answer: under what circumstances can the Security Council transfer my funds? What are my recourse options?

Current Status of Stolen Funds

Independent on-chain tracking (full visualization via MetaSleuth [6]) shows the attacker dispersed 116,500 rsETH into seven primary addresses, most of which were deposited into Aave (Ethereum and Arbitrum) as collateral for WETH and wstETH. The borrowed tokens were exchanged via small DEX trades and consolidated into address 0x5d39…7ccc on both chains. As of 2026-04-22 05:42 UTC, the stolen funds are in four states:

Table 3: Distribution of stolen funds across four states (as of 2026-04-22 05:42 UTC)

Approximately 31% are frozen or intercepted, 23% remain in an untouched address on Ethereum, and 46% have been or are being dispersed into 103 downstream addresses. The attacker’s rsETH collateral on Aave remains unredeemed, and borrowed WETH and wstETH have not been returned; the lending positions have been abandoned.

The causal chain of the KelpDAO incident spans three levels of the “decentralized” tech stack:

• The starting point is a single point dependency. The 1-of-1 DVN configuration reduces cross-chain verification to a single entity, making the entire bridge vulnerable through one compromised infrastructure component. While the architecture supports decentralization, the configuration does not.

• The composability characteristic then turns a bridge vulnerability into a systemic liquidity crisis. An attack froze the core DeFi asset WETH across five chains, affecting billions in liquidity and impacting users unrelated to rsETH or KelpDAO. The scope of the cascade is shaped by quantifiable parameters: aggressive LTV settings, shallow pools, and broad cross-chain collateral deployment.

• The scale of the crisis further compelled governance to exercise centralized emergency powers. The Arbitrum Security Council executed a governance-empowered atomic contract upgrade to transfer 30,766 ETH without signatures. Aave froze markets across multiple chains. These responses, while effective and transparent, exemplify centralized authority exercised within a “decentralized” ecosystem.

Reliance on a single point enabled the attack; composability amplified the damage; embedded centralized powers revealed longstanding centralization. Addressing these interconnected issues requires coordinated action from all stakeholders:

• Protocol teams: overall security depends on the weakest link, which in this case was the DVN infrastructure, not the smart contracts [11]. Effective security demands systemic coverage across code, infrastructure, key management, and operations. Comprehensive security assessments, penetration testing, on-chain monitoring, and rapid cross-chain asset tracking are essential. For lending protocols, collateral stress tests should consider scenarios of complete collateral compromise, factoring in the three parameters discussed.

• L2 governance and DAOs: emergency powers must be transparent and accountable. Most major L2s have such capabilities but often buried in technical docs rather than user-facing materials. Governance frameworks should clearly specify trigger conditions, scope, timing, and post-incident accountability.

• Users: understand the systemic risks inherent in DeFi’s composability. In this incident, WETH depositors on five chains had their liquidity frozen without ever interacting with rsETH. The risk of a single position is just part of the bigger picture; your assets’ safety depends on the protocols, pools, collateral types, and chains involved.

References

[10] LayerZero Core, “KelpDAO Incident Statement”:
[1] KelpDAO, “April 18 Incident: Additional Context”:
[2] LlamaRisk, “rsETH Incident Report” [3]April 20, 2026(:
) BlockSec Phalcon Explorer, L1 Transaction [4]Arbitrum Security Council action(:
) BlockSec Phalcon Explorer, L2 Transaction [5]Arbitrum forced transfer(:
) Arbitrum, “Security Council Emergency Action”:
[6] Arbitrum Governance Forum, “Security Council Emergency Action 21/04/2026”:
[7] Aave, rsETH incident updates [8]April 19-21, 2026(:
) BlockSec Phalcon, “Arbitrum Security Council freeze analysis”:
[9] banteg, “Kelp rsETH Unichain → Ethereum Path Investigation”:
[10] MetaSleuth, KelpDAO exploit trace: