The cryptocurrency industry has been rocked by yet another major bridge exploit, with $292 million stolen in an attack tied to Kelp DAO. This incident, which occurred on April 22, 2026, underscores the persistent and fundamental security vulnerabilities plaguing the cross-chain infrastructure designed to connect different blockchains.
The exploit specifically involved Kelp DAO’s use of LayerZero’s cross-chain messaging system, a popular infrastructure for moving data and assets between networks. According to experts, the attackers compromised nodes and fed the bridge system false information. "Attackers compromised nodes and fed the system a false version of reality," explained Ben Fisch, CEO of Espresso Systems. "The bridge worked as designed. It just believed the wrong information."
This event is the latest in a long line of bridge hacks that have drained billions of dollars from the crypto ecosystem over recent years. The core issue, as highlighted by industry leaders, is not merely bad code but a fundamental design flaw. Most bridges do not independently verify transactions on another chain. Instead, they rely on a smaller, trusted system—often a group of validators or an external network like LayerZero or Axelar—to report on the state of the original blockchain. This creates a critical point of failure.
Sergej Kunz, co-founder of 1inch, summarized the systemic risk: "Anything that can go wrong will go wrong, and bridge hacks are a perfect example. You see code vulnerabilities, centralization issues, social engineering, even economic attacks. Usually it’s a mix."
The exploit demonstrates how bridge failures can lead to widespread contagion. Bridged assets, once compromised, are often treated as legitimate across various DeFi protocols, lending platforms, and liquidity pools, amplifying the damage far beyond the initial breach. Experts point to a misalignment of incentives, where speed to market and growing total value locked (TVL) often take priority over robust security audits and infrastructure.
Potential solutions discussed include removing single points of failure by relying on multiple independent data sources, implementing hardware protections, and developing new bridge designs that use cryptography to verify data directly, eliminating the need for trusted intermediaries. However, as Kunz notes, "As long as we rely on validator-based bridges, these problems will continue."
