KelpDAO Bridge Hack: $292M Lost to Social Engineering, Not a Code Bug
On April 18, 2026, attackers drained approximately 116,500 rsETH worth $292 million from KelpDAO's cross-chain bridge built on LayerZero, making it the largest DeFi hack of the year. The attack traced back to March 6, when a developer was socially engineered, giving attackers control of the admin keys that governed the bridge's reserves across more than 20 blockchain networks. KelpDAO froze the system 46 minutes after the drain, preventing a further $100 million in attempted theft. A similar attack hit Drift Protocol two weeks earlier, costing $285 million on Solana after a six-month social engineering campaign targeting key holders, with no code exploit involved. Security analysts attribute 76% of 2026 crypto hack losses to North Korea-linked state-backed actors, highlighting that human-targeted operations, not smart contract bugs, are now the dominant threat in DeFi.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in