Cardano Founder Warns KelpDAO Hack Exposes Ethereum’s Weakest Link
Cardano founder Charles Hoskinson used his newest livestream to argue that the roughly $292 million KelpDAO exploit was not simply one other bridge failure, however a broader warning about how Ethereum’s restaking, cross-chain messaging, and lending stack can flip a single compromise into system-wide contagion.
In Hoskinson’s telling, the April 18 assault uncovered what he sees as probably the most fragile a part of fashionable DeFi: not essentially application-level good contracts, however the verification layers and interdependencies that sit between protocols. He mentioned the exploit, which concerned about 116,500 rsETH drained from KelpDAO’s Ethereum escrow, ought to drive a wider trade dialog about bridge belief assumptions, verifier design, and the pace at which dangerous collateral can unfold by way of lending markets.
Cardano Founder Warns Of Dangerous Flaw At The Heart Of Ethereum DeFi
Rather than ship an ordinary postmortem, Hoskinson mentioned he took inner incident-report materials and used AI to show it into a web site that walked viewers by way of the mechanics of the exploit. That construction framed his bigger level: the failure, as he described it, didn’t start with damaged contract math inside KelpDAO itself, nor with an obvious accounting flaw at LayerZero. Instead, he mentioned it centered on a cast cross-chain message that was accepted as reputable and allowed funds to be launched on Ethereum.
“So, this was not a sensible contract difficulty with Kelp and this was not a sensible contract difficulty with LayerZero, however this was a cross-chain message forgery,” Hoskinson mentioned. “So this was one thing new and completely different.”
The Cardano founder repeatedly returned to 1 design selection particularly: the reported use of a one-of-one verifier configuration. In his clarification, finest follow can be a multi-verifier mannequin resembling three-of-five, however KelpDAO’s setup relied on a single lively DVN. That, he argued, created an unacceptable single level of failure in a system already layered with staking wrappers, restaking protocols, bridges, and lending venues.
“The failure was within the verification logic, not the appliance logic,” he mentioned. “Kelp did all the pieces proper from their contracts. They’re audited. They’re working nicely. The software’s working nicely. It’s the bridge configuration.”
Hoskinson additionally emphasised that the trade nonetheless lacks a settled account of precisely the place accountability lies.
According to his abstract, three separate root-cause analyses emerged after the exploit: one from LayerZero, one from KelpDAO, and one tied to LlamaRisk and Aave governance discussions however none totally agree. That leaves open whether or not the break occurred within the messaging layer, verifier setup, KelpDAO’s acceptance logic, or within the seams between them.
What made the occasion particularly important, in his view, was not solely the theft itself however what occurred subsequent. Instead of dumping the stolen rsETH on decentralized exchanges, the attacker allegedly used it as collateral in lending markets to borrow extra liquid belongings. That turned an exploit right into a balance-sheet downside for different protocols, leaving what Hoskinson described as poisoned collateral behind.
He referred to as that dynamic the true novelty of the incident. “It wasn’t only a bridge hack. It unfold to lending which then created dangerous debt contagion inside these lending protocols. It created a financial institution run and we noticed $13 billion of TVL pulled in a really brief time period for a $290 million hack.”
The Cardano founder mentioned the broader DeFi liquidity shock reached far past KelpDAO itself. Citing public reporting referenced in his walkthrough, he pointed to at the least 9 immediately affected protocols and mentioned Aave alone noticed between $6.6 billion and $8.45 billion in losses, whereas rsETH traded in a risky vary between about $1,600 and $2,500 throughout the 24 hours following the assault.
He additionally raised the potential of Lazarus involvement, although he acknowledged attribution stays unconfirmed. “There’s a variety of proof right here that there’s Lazarus connections,” he mentioned, earlier than including that no impartial forensics companies had definitively confirmed it.
At press time, Cardano (ADA) traded at $0.2504.
