A wave of protocol-level safety responses adopted the $292 million KelpDAO rsETH exploit on April 19, with BitGo, Polygon, and Katana transferring swiftly to isolate potential contagion.
The assault drained 116,500 rsETH from Kelp DAO’s LayerZero-powered cross-chain bridge by a solid message that bypassed its Decentralized Verifier Community (DVN) configuration.
Protocols Transfer to Include Fallout
BitGo, alongside BiT International Belief, took down the LayerZero OFT DVNs for Wrapped Bitcoin (WBTC) as a precaution. The agency confirmed that person funds stay safe and pledged to share updates as extra data turns into accessible.
Polygon acknowledged that its chain, Agglayer, and broader ecosystem stay unaffected by the incident. The community famous it has safely processed over $2 trillion thus far.
Katana paused the OFT path on Vaultbridge, which relied on a 2/3 DVN setup. Bridging by Agglayer, which verifies with zero-knowledge proofs relatively than proof-of-authority multisigs, remained totally accessible.
In the meantime, Cyvers CTO and co-founder Meir Dolev revealed that KelpDAO was simply three minutes away from shedding an extra $100 million. A rapid-response blacklist blocked the attacker earlier than a second try might succeed.
Business Leaders Name for Structural Fee Limits
The exploit has reignited requires built-in fee limits throughout DeFi protocols. Ethena contributor Man Younger argued that asset issuers ought to implement throttled cross-chain transfers on prime of ordinary LayerZero OFTs.
“We constructed an answer on prime of the usual OFT to throttle cross chain transfers at $10m per hour for each DVN, along with the $10m per block fee restrict on the mint contract. The previous would have prevented Kelp, the latter Resolv,” he wrote.
Ethena’s configuration caps potential injury at $10 million per chain per hour even when a DVN is totally compromised. Younger known as the slight inconvenience for customers a worthwhile tradeoff to keep away from catastrophic losses.
Keone Hon, CEO and co-founder of Monad, proposed that pooled lending protocols undertake “sensible caps” that restrict how rapidly collateral provide can develop.
He pointed to the Resolv hack in March, the place the attacker minted infinite tokens however might solely extract $24 million as a result of exit pathways had been small.
Hon argued that prime provide caps must be seen as a legal responsibility, not an indication of stature. A provide restrict barely above present utilization, adjusting over hours to the true cap, would have saved rsETH depositors $200 million, he estimated.
The KelpDAO breach is now the biggest DeFi exploit of 2026. Whether or not protocols undertake the rate-limiting measures these leaders are proposing might decide how giant the subsequent one will get.
The submit BitGo, Polygon Amongst Business Giants Pushing Fee Limits After The Largest DeFi Exploit of 2026 appeared first on BeInCrypto.