Kelp DAO, a leading Liquid Restaking Protocol (LRT) project, recently disclosed a security incident resulting in losses of approximately $292 million. This incident follows a separate incident involving Drift earlier this month, in which approximately $285 million in assets were affected. By virtue of DeFi’s composability architecture, the breach rapidly propagated to lending protocol Aave, which subsequently incurred in excess of $200 million in bad debt. Preliminary findings attribute the exploit to RPC node manipulation and a single-signature control structure. The incident further raises material concerns regarding structural vulnerabilities inherent in decentralized finance, including systemic risks arising from inter-protocol dependencies and the adequacy of prevailing security frameworks to mitigate cascading losses.
I. Incident Analysis: RPC Poisoning, Single Signature Failure, and Fund Movement
This attack was executed as a complex exploit leveraging multiple points of failure.
1. Attack Method: RPC Node Poisoning
Based on the official statement from LayerZero and analyses by security experts like SlowMist, the starting point for the attack was the hijacking or poisoning of the underlying RPC node, rather than a code vulnerability in the smart contract. This resulted in LayerZero receiving and processing forged malicious data during cross-chain message transmission.
2. Critical Configuration Failure: The 1/1 Single Signature Mechanism
The scale of the loss was enabled by a critical configuration failure: the core component involved had a 1/1 (single signature) permission setting. As noted by Richard Heart, the vault controlling hundreds of millions of dollars lacked multi-signature checks or a timelock. Once the underlying data was compromised, the single point of failure allowed for the successful transfer of funds.
3. Fund Tracing: Suspected Attribution to the Lazarus Group
Tracing analysis conducted by Chainalysis and Wu Blockchain indicates the attacker is suspected to be the Lazarus Group,. a state-sponsored entity linked to the Democratic People’s Republic of Korea. This attribution has not been formally confirmed by law enforcement authorities. The stolen funds were systematically aggregated in a short time and moved to the Ethereum mainnet with previously observed Lazarus Group techniques, including cross-chain bridges and mixers. The suspected involvement of a state-level APT organization further exposes the fragility of DeFi’s defense structure.
II. Systemic Impact: Contagion and Inter-Protocol Liability
The incident has given rise to a dispute over liability between key parties:
- Kelp DAO vs. LayerZero: Kelp DAO has alleged that LayerZero’s cross-chain infrastructure contained a vulnerability giving rise to the breach. LayerZero has maintained its cross-chain protocol was sound and attributes the incident to the project team’s undue reliance on RPC node data.
- Impact on Aave: Because Kelp DAO assets (such as rsETH) were used as collateral in Aave, the breach caused the collateral’s value to collapse. Industry observers noted that Aave’s defense was compromised externally by an ecosystem partner, fully exposing the systemic contagion crisis of DeFi composability. Aave has indicated it intends to use its Umbrella fund to cover the resulting losses.
- This incident is consistent with the prior statement from Chainlink community liaison Zach Rynes that the restaking sector adds excessive leverage to the Ethereum ecosystem, with the potential for systemic losses of significant magnitude in the event of underlying layer failure.
III. Economic Assessment: Risk Repricing and Security Investment
The incident is expected to prompt a material repricing of risk across the DeFi sector. Investors have long sought single-digit Annual Percentage Yields (APYs) or “Points” while implicitly accepting a risk of 100% principal loss. This severe mismatch between risk and return was clearly demonstrated by the security incident. A contributing factor is that many DeFi protocols use low-fee models to compete for Total Value Locked (TVL), generating insufficient protocol revenue to sustain the level of security investment required to defend against state-sponsored threat actors. Projects managing large treasuries with minimalist architecture are utilizing an unsustainable model of “privatizing gains and socializing risks.”
IV. Structural Security: The Role of Qualified Custody in Institutional Asset Management
The Kelp DAO incident illustrates the inherent danger of combining business logic (smart contracts) with fund custody (private key control). For institutional funds, the industry should consider the adoption of independent, professional custody solutions.
The adoption of institutional-grade qualified custody may strengthen financial infrastructure in the following aspects:
- Eliminating Single Points of Failure: Compliant custody institutions, such as Cactus Custody, provide enterprise-grade risk control and approval workflows designed to eliminate 1/1 single signature mechanisms. This separates responsibilities, allowing protocol developers to focus on innovation while entrusting asset custody to independent institutions.
- Intent-Based Risk Control: A compliant custodian’s risk control engine operates independently of the protocol layer and is not susceptible to compromise via exploiting RPC nodes or code vulnerabilities. Anomalous transfer instructions would be flagged and intercepted based on transaction intent, subject to confirmation, compliance review, and multi-channel verification.
- Bankruptcy Remote Protection: Licensed custodians operate under strict regulatory frameworks that mandate the legal segregation of client assets from company operating assets. This structural protection provides a foundation of trust that decentralized, code-based custody cannot replicate.
Summary
The Kelp DAO $292 million security incident serves as a material case study on the risks within DeFi. As institutional funds continue to enter the sector, asset management must evolve beyond basic models. Security and risk control require dedicated capital investment and professional systems. Protocols that fail to integrate compliant custody solutions and institutional-grade asset protection risk being bypassed by mainstream capital as the sector matures.
Disclaimer: This report is prepared by the Cactus Custody research team and is provided for informational and educational purposes only. It does not constitute investment advice, a solicitation, or an offer to buy or sell any financial instrument or digital asset. The information contained herein is based on publicly available sources and internal research; while reasonable efforts have been made to ensure accuracy, Cactus Custody makes no representation or warranty, express or implied, as to its completeness, accuracy, or fitness for any particular purpose. Cactus Custody shall not be held liable for any loss or damage arising directly or indirectly from reliance on the contents of this report.