Kelp exploit — $293.0M drained · post-mortem · GuardLabs
Technical post-mortem of the Kelp exploit (2026-04-18). Classified as Infrastructure. $293.0M drained on Ethereum, Arbitrum.
TL;DR
The Kelp protocol on Ethereum and Arbitrum was exploited for $293 million due to a vulnerability in its implementation of the LayerZero Omnichain Fungible Token (OFT) standard. The attacker manipulated the cross-chain messaging logic to mint a massive amount of unbacked tokens on one chain without a corresponding burn on the source chain, effectively draining the protocol's liquidity. The incident highlights the critical need for rigorous validation of all cross-chain message payloads and strict access controls on minting functions.
Technical analysis
The Kelp protocol exploit, which resulted in a loss of approximately $293,000,000, stemmed from a critical flaw in its integration with the LayerZero messaging protocol, specifically within its Omnichain Fungible Token (OFT) implementation. The OFT standard is designed to allow tokens to exist natively across multiple blockchains, using LayerZero's transport layer to send messages (e.g., 'burn on Chain A, mint on Chain B') that keep the total supply consistent. The vulnerability was not in the core LayerZero infrastructure itself, but rather in Kelp's application-level contracts that utilized it. The root cause was a logic error in the contract on the destination chain (e.g., Ethereum) that processed incoming messages from a source chain (e.g., Arbitrum). This contract failed to properly validate the contents or origin of the cross-chain message payload. This oversight allowed an attacker to craft a malicious message on the source chain that, when received and executed by the destination contract, triggered a large, unauthorized minting of Kelp's token.
The exploitation flow, while not detailed in public post-mortems, can be inferred from the nature of the vulnerability. Preconditions for the attack included the protocol having significant liquidity, operating across multiple chains using the OFT standard, and possessing the specific validation flaw in its cross-chain message handler. The attacker likely initiated the process by calling a function on the Kelp OFT Adapter contract on the source chain (e.g., Arbitrum) with a specially crafted payload. This payload was designed to pass LayerZero's transport-level checks but exploit the logic flaw in Kelp's receiving contract on the destination chain (Ethereum). When the LayerZero relayer delivered this message, the vulnerable Kelp contract on Ethereum misinterpreted the malicious payload, bypassing checks that should have ensured a corresponding amount of tokens was burned or locked on the source chain. This allowed the attacker to call the internal _mint() function with an arbitrary, large amount, creating hundreds of millions of dollars' worth of unbacked tokens. These newly minted tokens were then swapped for other assets in liquidity pools, draining them of their value before the discrepancy could be detected and paused.
Who else is at risk
Any protocol that implements cross-chain functionality using messaging layers like LayerZero, Axelar, Wormhole, or Chainlink CCIP is potentially at risk if their integration is not implemented with extreme care. The Kelp exploit serves as a stark reminder that the security of the underlying infrastructure does not automatically guarantee the security of the application built on top of it. The primary risk lies in the 'seams' between the protocol's own logic and the third-party messaging layer. Developers often focus on auditing their core business logic but may overlook the nuances and potential attack vectors introduced by these complex integrations. Common implementation pitfalls include insufficient validation of the source address and contract from the remote chain, trusting the message payload without parsing and verifying its contents against expected constraints, and having overly permissive functions that can be triggered by a cross-chain message.
Protocols should be particularly wary of any function that alters state in a significant way (e.g., mint, burn, changing critical parameters) and is callable via a cross-chain message. A key signal of risk to look for during an audit or code review is the absence of strict, path-based validation. For instance, a message from contract X on chain A should only be able to trigger a specific, narrowly-defined action in contract Y on chain B. If the receiving contract allows for arbitrary function calls or does not tightly control the parameters passed from the cross-chain message, it creates a significant vulnerability.
Want continuous monitoring of your protocol or site?
Web-Audit Guardian scans for known issues every 30 minutes and alerts before users do.
Web-Audit GuardianLessons for builders and users
This incident provides several critical lessons for the DeFi ecosystem. For smart-contract developers, the primary takeaway is to treat all data from another chain as untrusted. Here are specific, actionable steps:
- Strict Payload Validation: Never assume the integrity of a cross-chain message payload. The receiving contract must rigorously parse and validate every parameter. For an OFT, this means verifying that a mint message corresponds to a legitimate burn event on a trusted source contract.
- Path-Based Access Control: Use LayerZero's features (or equivalent in other protocols) to enforce that only a specific, whitelisted contract on a source chain can call a specific function on the destination chain. This prevents an attacker from using an unrelated contract to send malicious messages.
- Supply Invariant Testing: A crucial invariant for any cross-chain token is that the total supply across all chains remains constant (or changes only through designated mechanisms). This must be a core part of the testing suite. Automated tests should simulate cross-chain transfers and assert that
totalSupply_chainA + totalSupply_chainBremains unchanged. - Real-time Monitoring: Had a service like GuardLabs' Web-Audit Guardian been in place, it could have raised an immediate alert on the anomalous, multi-million-dollar mint event, potentially allowing the team to pause contracts and mitigate the damage far sooner.
For users and liquidity providers, this exploit underscores the increased attack surface of multi-chain protocols. Before depositing funds, evaluate the project's documentation on its cross-chain security model. Look for audits that specifically name and analyze the OFT/cross-chain adapter contracts, not just the core protocol logic. Understand that while cross-chain capabilities offer great utility, they also introduce novel and complex risks that are not present in single-chain applications.
For algorithmic traders, the incident demonstrates a form of market risk unique to DeFi. A sudden, massive inflation of a token's supply on one chain can render arbitrage models ineffective and lead to extreme losses. Risk management systems should incorporate on-chain data feeds that monitor for anomalous supply changes, especially for tokens with a cross-chain presence. An exploit like this can cause a complete de-pegging of the token's value from its intended backing, making it worthless in an instant.
Build your own bot — properly
If you're going to write smart-contract code or trading bots, do it with security in mind from day one. Our course teaches the architecture: testnet-first, separation of strategy/execution, dry-runs, monitoring, post-mortems like this one.
Course: Build a Trading Bot with Claude+VPS — $199–$600Frequently asked questions
No. Public analysis indicates the vulnerability was not in the core LayerZero infrastructure but in the Kelp protocol's specific implementation of the Omnichain Fungible Token (OFT) standard. The application-level code failed to properly validate messages passed by LayerZero.
An OFT is a token standard that allows a single token to exist across multiple blockchains without being wrapped or locked in a traditional bridge. It uses a cross-chain messaging protocol to coordinate burns on one chain with mints on another, maintaining a consistent total supply.
The attacker likely exploited a logic flaw in the destination contract. This contract, upon receiving a message from the source chain, failed to verify that the message represented a valid burn event, allowing it to proceed with a minting operation based on a malicious, attacker-crafted payload.
While audits are crucial, they are not a guarantee of absolute security. Cross-chain integration bugs can be particularly subtle and may be missed, especially if the audit's scope does not deeply cover the interaction between the protocol and the third-party messaging layer under all possible edge cases.
A traditional bridge hack often involves compromising the bridge's central contracts or validators to steal the assets locked within them. This exploit targeted the application (Kelp) built on top of the messaging infrastructure, tricking the application's own logic into creating unbacked assets.
Exploit metadata
| Date | 2026-04-18 |
| Drained | $293,000,000 |
| Chain | Ethereum, Arbitrum |
| Target | DeFi Protocol |
| Class | Infrastructure |
| Technique | LayerZero OFT bridge exploit |
| Language | Solidity |
| DefiLlama ID | 3946 |