Kelp DAO Suffers $292 Million Attack, Experts Warn XRP Holders of Cross-Chain Yield Risks

BroadChain has learned that at 03:16 on April 21, according to Bitcoinist, market expert Iso Ledger analyzed the major security incident that Kelp DAO encountered last weekend and its impact on XRP holders seeking yield. On April 18, an attacker exploited Kelp DAO's LayerZero-based cross-chain bridge, stealing tokens worth $292 million from the liquid staking protocol within 46 minutes, marking the largest DeFi attack so far in 2026. The attacker triggered the cross-chain bridge to release 116,500 rsETH (18% of its circulating supply) to their wallet by invoking the core function IzRecieve in the LayerZero EndpointV2 contract, and immediately used it as collateral on Aave V3 to borrow ETH, resulting in bad debt. Aave has urgently frozen the rsETH market on V3 and V4, causing its token price to drop by 10%. Iso Ledger pointed out that this attack exposed the widespread risks of cross-chain bridges and specifically warned XRP holders: the wrapped asset FXRP issued on the Flare Network also adopts LayerZero's OFT standard, possessing the same bridging standard and IzRecieve invocation function as the one attacked, posing similar security risks. He emphasized that this incident highlights the importance of building the native lending protocol XLS-66D on the XRP Ledger, which would keep assets on the native chain, fundamentally eliminating such attack vectors caused by reliance on external bridges.