Cardano founder Charles Hoskinson used his latest livestream to argue that the roughly $292 million KelpDAO exploit was not just another bridge failure, but a broader warning about how Ethereum’s restaking, cross-chain messaging, and lending stack can turn a single compromise into system-wide contagion.
In Hoskinson’s telling, the April 18 attack exposed what he sees as the most fragile part of modern DeFi: not necessarily application-level smart contracts, but the verification layers and interdependencies that sit between protocols. He said the exploit, which involved about 116,500 rsETH drained from KelpDAO’s Ethereum escrow, should force a wider industry conversation about bridge trust assumptions, verifier design, and the speed at which bad collateral can spread through lending markets.
Cardano Founder Warns Of Dangerous Flaw At The Heart Of Ethereum DeFi
Rather than deliver a standard postmortem, Hoskinson said he took internal incident-report material and used AI to turn it into a website that walked viewers through the mechanics of the exploit. That structure framed his larger point: the failure, as he described it, did not begin with broken contract math inside KelpDAO itself, nor with an obvious accounting flaw at LayerZero. Instead, he said it centered on a forged cross-chain message that was accepted as legitimate and allowed funds to be released on Ethereum.
“So, this was not a smart contract issue with Kelp and this was not a smart contract issue with LayerZero, but this was a cross-chain message forgery,” Hoskinson said. “So this was something new and different.”
The Cardano founder repeatedly returned to one design choice in particular: the reported use of a one-of-one verifier configuration. In his explanation, best practice would be a multi-verifier model such as three-of-five, but KelpDAO’s setup relied on a single active DVN. That, he argued, created an unacceptable single point of failure in a system already layered with staking wrappers, restaking protocols, bridges, and lending venues.
“The failure was in the verification logic, not the application logic,” he said. “Kelp did everything right from their contracts. They’re audited. They’re working well. The application’s working well. It’s the bridge configuration.”
Hoskinson also emphasized that the industry still lacks a settled account of exactly where responsibility lies.
According to his summary, three separate root-cause analyses emerged after the exploit: one from LayerZero, one from KelpDAO, and one tied to LlamaRisk and Aave governance discussions but none fully agree. That leaves open whether the break occurred in the messaging layer, verifier setup, KelpDAO’s acceptance logic, or in the seams between them.
What made the event especially significant, in his view, was not only the theft itself but what happened next. Instead of dumping the stolen rsETH on decentralized exchanges, the attacker allegedly used it as collateral in lending markets to borrow more liquid assets. That turned an exploit into a balance-sheet problem for other protocols, leaving what Hoskinson described as poisoned collateral behind.
He called that dynamic the real novelty of the incident. “It wasn’t just a bridge hack. It spread to lending which then created bad debt contagion inside these lending protocols. It created a bank run and we saw $13 billion of TVL pulled in a very short period of time for a $290 million hack.”
The Cardano founder said the broader DeFi liquidity shock reached far beyond KelpDAO itself. Citing public reporting referenced in his walkthrough, he pointed to at least nine directly affected protocols and said Aave alone saw between $6.6 billion and $8.45 billion in losses, while rsETH traded in a volatile range between about $1,600 and $2,500 during the 24 hours following the attack.
He also raised the possibility of Lazarus involvement, though he acknowledged attribution remains unconfirmed. “There’s a lot of evidence here that there’s Lazarus connections,” he said, before adding that no independent forensics firms had definitively proven it.
At press time, Cardano (ADA) traded at $0.2504.
