Kelp DAO suffered a major security breach on March 12, 2025, when an exploit targeted its cross-chain bridge powered by LayerZero, resulting in a loss of approximately $292 million. The attacker manipulated the bridge's smart contract logic to drain funds across multiple chains, including Ethereum, Arbitrum, and Optimism. This incident highlights the growing risks associated with cross-chain infrastructure, as bridges become prime targets for hackers due to their complex interoperability protocols. LayerZero, a popular cross-chain messaging protocol, has been praised for its efficiency but criticized for potential vulnerabilities in its integration with DeFi platforms. Following the exploit, several protocols using LayerZero have paused operations to review security measures. The Kelp DAO team has engaged with security firms and law enforcement, while the broader crypto community debates the need for more robust bridge security standards. This attack adds to a series of high-profile bridge hacks, emphasizing the critical importance of rigorous auditing and real-time monitoring for cross-chain systems.

Key facts

• Kelp DAO lost $292M in an exploit on its LayerZero-powered bridge.
• Attacker manipulated smart contract logic to drain funds across multiple chains.
• Incident reignites debate over cross-chain bridge security vulnerabilities.
• Several protocols using LayerZero paused operations post-exploit.
• Kelp DAO collaborates with security firms and law enforcement.

KeyAudit data perspective