How a Single-Validator Bridge Flaw Released 116K rsETH

An attacker exploited a misconfigured single-validator bridge to forge 116,500 rsETH tokens across LayerZero's Unichain-to-Ethereum route in April 2026. The stolen collateral was strategically deployed across Aave positions to avoid immediate detection.

On April 18, 2026, an attacker exploited a critical vulnerability in Kelp's cross-chain bridge infrastructure, siphoning 116,500 rsETH tokens from the Ethereum mainnet through a compromised LayerZero V2 route. The incident exposes a recurring tension in blockchain infrastructure: the security trade-offs inherent in simplified bridge architectures. What began as a technical misconfiguration cascaded into a collateral shortfall affecting multiple lending protocols, including Aave, and serves as a sobering reminder that even well-audited bridges remain vulnerable to configuration errors.

The vulnerability stemmed from how Kelp's rsETH bridge was configured for transfers between Unichain and Ethereum. The route operated as a 1-of-1 Decentralized Verifier Network (DVN) setup, meaning a single third-party validator was responsible for attesting to the legitimacy of inbound packets crossing the LayerZero messaging layer. When the attacker submitted a forged packet claiming to originate from Unichain, it bypassed the normal verification safeguards. Critically, the malicious message was accepted and committed to Ethereum without any corresponding burn event occurring on the source chain—a break in the fundamental invariant that locked rsETH on Ethereum should always equal minted rsETH across all remote chains. This structural imbalance allowed the attacker to withdraw tokens that had no legitimate counterpart locked in the bridge.

Rather than immediately liquidating the stolen funds, the attacker demonstrated operational sophistication by fragmenting the 116,500 tokens across seven addresses and deploying them strategically across DeFi protocols. Some rsETH was supplied as collateral on Aave V3 on Ethereum while other portions were bridged to Arbitrum to establish additional leveraged positions on the same protocol. By maintaining health factors between 1.01 and 1.03—dangerously thin margins that would trigger liquidation from minor price movements—the attacker created exposure that forced Aave and the broader protocol ecosystem to absorb the risk of insolvency. The distributed approach also complicated forensics and enforcement actions.

This incident underscores why single-validator configurations, while operationally simpler, represent an unacceptable security model for high-value cross-chain bridges. LayerZero's architecture is designed to support multiple independent validators, but economic or operational pressures often lead teams to deploy with minimal redundancy. As cross-chain liquidity becomes increasingly central to DeFi composability, the security model of bridge infrastructure will likely become as scrutinized as the smart contracts themselves.