BitGo, Polygon Among Industry Giants Pushing Rate Limits After The Largest DeFi Exploit of 2026
A wave of protocol-level safety responses adopted the $292 million KelpDAO rsETH exploit on April 19, with BitGo, Polygon, and Katana transferring swiftly to isolate potential contagion.
The assault drained 116,500 rsETH from Kelp DAO’s LayerZero-powered cross-chain bridge by means of a cast message that bypassed its Decentralized Verifier Network (DVN) configuration.
Protocols Move to Contain Fallout
BitGo, alongside BiT Global Trust, took down the LayerZero OFT DVNs for Wrapped Bitcoin (WBTC) as a precaution. The agency confirmed that consumer funds stay safe and pledged to share updates as extra data turns into accessible.
Polygon stated that its chain, Agglayer, and broader ecosystem stay unaffected by the incident. The community famous it has safely processed over $2 trillion thus far.
Katana paused the OFT path on Vaultbridge, which relied on a 2/3 DVN setup. Bridging by means of Agglayer, which verifies with zero-knowledge proofs relatively than proof-of-authority multisigs, remained totally accessible.
Meanwhile, Cyvers CTO and co-founder Meir Dolev revealed that KelpDAO was simply three minutes away from dropping an extra $100 million. A rapid-response blacklist blocked the attacker earlier than a second try may succeed.
Industry Leaders Call for Structural Rate Limits
The exploit has reignited requires built-in fee limits throughout DeFi protocols. Ethena contributor Guy Young argued that asset issuers ought to implement throttled cross-chain transfers on prime of customary LayerZero OFTs.
“We constructed an answer on prime of the usual OFT to throttle cross chain transfers at $10m per hour for each DVN, along with the $10m per block fee restrict on the mint contract. The former would have prevented Kelp, the latter Resolv,” he wrote.
Ethena’s configuration caps potential harm at $10 million per chain per hour even when a DVN is totally compromised. Young known as the slight inconvenience for customers a worthwhile tradeoff to keep away from catastrophic losses.
Keone Hon, CEO and co-founder of Monad, proposed that pooled lending protocols undertake “good caps” that restrict how shortly collateral provide can develop.
He pointed to the Resolv hack in March, the place the attacker minted infinite tokens however may solely extract $24 million as a result of exit pathways have been small.
Hon argued that high provide caps needs to be seen as a legal responsibility, not an indication of stature. A provide restrict barely above present utilization, adjusting over hours to the true cap, would have saved rsETH depositors $200 million, he estimated.
The KelpDAO breach is now the largest DeFi exploit of 2026. Whether protocols undertake the rate-limiting measures these leaders are proposing could decide how massive the subsequent one will get.
The put up BitGo, Polygon Among Industry Giants Pushing Rate Limits After The Largest DeFi Exploit of 2026 appeared first on BeInCrypto.
