April 2026 will enter the DeFi record books not for the size of a single hack, but for the cadence with which three cross-chain protocols fell in nine days — each for an apparently distinct reason, all for the same underlying reason. On the 18th, KelpDAO lost $292 million in rsETH in an exploit that didn't touch a single line of smart contract code. Three days later, Volo Protocol had $3.5 million drained without any audit being able to have caught the problem — because the problem wasn't in the audited code. On April 27th, ZetaChain paused all cross-chain mainnet traffic after a vulnerability in the contract that controls the network's entry and exit points.
Among the three, $295.8 million evaporated. And that's not the most uncomfortable part of the balance. According to data consolidated by CoinGecko, $4.5 billion in on-chain value are still exposed to exactly the same vector that brought down KelpDAO — because, according to Dune Analytics research, 47% of applications running on LayerZero continue operating with the vulnerable configuration. The institutional message of the month went unnoticed outside technical circles: cross-chain is the weak point of the 2026 cycle, and the industry spent five years building the infrastructure assuming the attack would come from the wrong place.
Chapter 1: KelpDAO, $292 Million and the RPC That Lied to Its Own Owner
As ON3X coverage documented this Monday, the KelpDAO case was quickly swallowed by the rescue narrative — the informal coalition between Aave, Morpho and Sky to contain the cascade effect in loans collateralized in rsETH. But the anatomy of the exploit itself deserves its own dissection, because it is the technical blueprint for what happened in the nine days that followed.
The vector: 1-of-1 DVN and two poisoned RPCs
The attack did not exploit a bug in Solidity code. It exploited off-chain infrastructure. LayerZero, the cross-chain messaging protocol that enables KelpDAO's bridges, operates with Decentralized Verifier Networks (DVNs) — networks that sign the equivalence between what was burned on the origin chain and what can be released on the destination chain. KelpDAO chose the cheapest and simplest configuration available: 1-of-1 DVN. Only one verifier needs to attest to a message for it to be considered valid.
The North Korean group Lazarus — specifically the TraderTraitor subgroup, attribution made by LayerZero itself with "preliminary confidence" — mounted a surgical attack against the RPC nodes that this single DVN consulted. In parallel, it launched DDoS against redundant external RPCs, forcing the DVN to depend exclusively on the compromised internal nodes. On these nodes, the attacker replaced the op-geth binary with a modified version — one that reported truth to everyone else in the world, but selectively lied to the IP of LayerZero's DVN, claiming that 116,500 rsETH had been burned on Unichain when no token had been touched.
The DVN signed. The OFTAdapter contract on the destination chain did exactly what it was programmed to do: released the tokens. In 46 minutes, KelpDAO's multisig paused the bridge — blocking a second forged message that would have attempted to drain another 40,000 rsETH. But the first $292 million had already been converted to Aave V3 as collateral, turned into borrowed WETH, and dispatched via Tornado Cash and secondary bridges.
Chainalysis's description, editorial partner of ON3X, distills the problem into one sentence: "Cross-chain systems inherit the security of their most fragile off-chain dependency, and '1-of-1 anything' — validators, DVN, signers, RPC providers — should now be treated as active risk, not theoretical".
The fight nobody wanted to have: LayerZero × KelpDAO
What came in the 48 hours following the exploit was a rare public blame game between two first-tier DeFi projects. LayerZero published an official statement attributing the attack to Lazarus and explicitly held KelpDAO responsible for choosing the 1-of-1 configuration: "LayerZero and other external parties previously communicated DVN diversification best practices to KelpDAO. Despite these recommendations, KelpDAO chose to use a 1/1 DVN configuration".
KelpDAO fired back within hours. In a statement relayed by CoinDesk, the team pointed out that LayerZero's official quickstart, the standard repository on GitHub, and introductory documentation still presented 1-of-1 as the default configuration — exactly the configuration that LayerZero now treats as unacceptable. The data supporting KelpDAO's claim is embarrassing for the messaging protocol: approximately 40% of applications running on LayerZero use the same model. KelpDAO was not the outlier — it was the average.
As a post-incident measure, LayerZero announced that its DVN will stop signing messages originating from applications with 1-of-1 configuration, and initiated outreach process to force migration to multi-DVN. The policy is correct, but comes at the same time that Dune Analytics researchers reveal that 47% of OApps remain vulnerable — and CoinGecko translates this into $4.5 billion in on-chain value exposed to the exact same vector. The window between "announcing the policy" and "closing the vulnerability across the entire ecosystem" is exactly where the next attack will be born.
Chapter 2: Volo Protocol, $3.5 Million — The Private Key No Audit Can Catch
Three days after KelpDAO, on April 21st, Volo Protocol — a DeFi yield vault platform running on Sui — was drained of $3.5 million. Assets left three separate vaults: approximately $2.1 million in WBTC, $900 thousand in XAUm and $500 thousand in USDC.
The most important technical point is negative: Volo was not hacked by a smart contract bug. Auditors GoPlus Security and ExVul independently confirmed that the vector was compromise of a privileged operator private key — an internal administrative account without adequate hardware protections or multi-signature safeguards. The audited contracts continue functioning as designed; the attacker simply assumed the role of "admin" that these contracts legitimately recognize.
The Volo team acted quickly. Within 30 minutes it froze approximately $500 thousand of stolen funds via integration with the Sui Foundation, and the next day blocked the attacker's attempt to bridge 19.6 WBTC out of the ecosystem. The other $28 million in TVL were declared safe, and the team committed to fully absorbing the loss for users — which is chivalrous, but doesn't change the technical reading.
The critical reading is that an admin private key is a single point of trust outside of audited code — a direct mirror of what made KelpDAO bleed. The symbols are different (RPC, DVN, private key, gateway contract), but the structure is identical: trust in one single thing, and that one single thing can be compromised without the smart contract ever knowing.
Chapter 3: ZetaChain, $300 Thousand — When the Gateway Itself Signs Alone
On April 27th, ZetaChain — a protocol built natively around the promise of universal blockchain and cross-chain by design — confirmed an exploit in the GatewayEVM contract, the single point of entry and exit for all mainnet cross-chain interactions. The team immediately paused all cross-chain traffic.
The financial value was small in absolute terms: approximately $300 thousand, equivalent to 139 ETH, and only in the team's internal wallets. No user funds were touched. But the anatomy of the bug is what matters.
According to SlowMist's post-incident analysis, the call function of GatewayEVM did not adequately validate access or input. An attacker built a custom exploit contract that emitted the Called event expected by the gateway. This event, by design of ZetaChain's architecture, activates the threshold signature scheme that causes validators to collectively sign a transaction. In other words: the attacker managed to make the gateway itself ask validators to sign operations it shouldn't request.
ZetaChain communicated that it has already blocked the vector and is preparing a complete patch. But the total shutdown of cross-chain traffic from one of the market's leading interoperability blockchains — even if for small value — lays bare the architectural fragility: the gateway is itself the single point of trust. Compromise the gateway, compromise the entire network.
The Common Denominator: Cross-Chain Inherits the Security of Its Most Fragile Dependency
Three protocols. Three technically distinct vectors. But, abstracting from the details, the form is the same:
- KelpDAO: single point of trust = a single DVN, depending on compromisable RPCs
- Volo Protocol: single point of trust = an admin private key external to the audited contract
- ZetaChain: single point of trust = a gateway contract without adequate origin validation
The Black April balance of DeFi that ON3X published in the first half of the month covered $606 million in losses in 18 days. Now, with KelpDAO, Volo, ZetaChain added to Drift and UXLINK, the actual number is above $900 million in just over four weeks. Cross-chain accounts for most of the pie — and the pace is accelerating, not decelerating.
The data nobody wants to face is that smart contract audits don't catch any of these three vectors. CertiK doesn't audit your RPC. Trail of Bits doesn't audit the custody procedure for your admin private key. Halborn doesn't audit the default configuration that a team of developers chose to copy from the official quickstart. Audits guarantee that code does what it says it does — they don't guarantee that the infrastructure around it is robust.
It's the same lesson Lazarus has been hammering home on other vectors. The Mach-O Man campaign, documented by ON3X in April, showed the same North Korean group using custom-made malware for macOS to steal crypto exec credentials via fake Zoom meetings. The Drift operation, which cost the perpetuals protocol on Solana $285 million, was the result of six months of social engineering — not a smart contract bug. The DPRK discovered before the industry that the easy path to the treasure is infrastructure, not protocol. And the rest of the cyber underworld is learning to copy.
The parallel outside crypto is instructive. The Vercel hack in March forced the Web3 industry to rotate API keys en masse — an OAuth attack that started in malware (Lumma Stealer) and cascaded across dozens of platforms because shared infrastructure became a single point. Cross-chain is repeating the same pattern within DeFi.
KelpDAO, in the end, was the Volo of LayerZero. Volo was the KelpDAO of Sui. ZetaChain was the Volo of itself. All three share the same architectural error: they concentrated trust in a point that no internal audit could validate as secure.
The ON3X Perspective
- The 2026 cycle will be defined by fights over defaults, not code. The LayerZero × KelpDAO fight over who's responsible for the 1-of-1 configuration will repeat itself in other messaging protocols, in other institutional custody providers, in other multichain stablecoins. Default becomes jurisprudence — and whoever has 47% of the ecosystem running on the most fragile configuration needs to decide if the default was a suggestion or a promise. LayerZero made the right decision in stopping signing for 1-of-1, but the industry needs to stop accepting "default configuration" as synonymous with "reasonable configuration".
- "Audited" ceases to be a relevant technical signal for institutional users. All three cases have audited contracts. The risk wasn't there. The sophisticated user — especially institutional funds, corporate treasuries, and tokenized stablecoin platforms — will need to demand infrastructure attestations with the same rigor they currently demand code audit reports: who operates the RPCs, who custodies the admin keys, who sets the defaults, what is the rotation procedure. Without this, the "audit badge" on the website footer is security theater.
- The wave of incidents forces consolidation — ironically. Forcing multi-DVN reduces risk, but raises operational costs. Forcing multisig admin with dedicated hardware reduces risk, but concentrates among few providers capable of operating the infra. The "permissionless and decentralized" cross-chain architecture follows a predictable path: the next stage of maturity is more centralized, not less. Arbitrum freezing $71 million of the Kelp hacker gave the first signal in this direction. More will follow.