Four Bridges Hacks in Nearly Seven Weeks

Four major exploits in nearly seven weeks. Drift on April 1 ($285M), KelpDAO on April 18 ($292M), THORChain on May 15 ($10.8M), Verus on May 17 ($11.6M). The attack class is concentrating, not rotating. Infrastructure that connects chains, manages cross-chain messaging, or holds reserve balances on both sides of a proof system is the target.

In today’s issue:

• Drift’s Security Council was pre-signed into surrendering $285M, and a planned signer rotation was the one chance to stop it

• KelpDAO’s 1-of-1 DVN, LayerZero’s apology, and the $71M governance recovery cleared by court and DAO

• THORChain, Verus, and five more: what broke, in two sentences each

Need to Know

April 2026 produced $630M in confirmed crypto hack losses, the highest monthly total since February 2025, with DPRK-attributed operations accounting for roughly 76% of all 2026 losses through April, approximately $577M of $759M total, per TRM Labs. [Cointelegraph] PeckShield tracked eight bridge exploits year-to-date through mid-May, totalling $328.6M, and across those eight incidents the failure classes are the same ones we have been writing about for years, repeating because the industry's average internal discipline has not kept pace with its TVL. [bitcoin.com] Not one of these failures required a novel technique or a zero-day. Every security lead should be sitting with one question today.

Which of these failure classes is currently open in our stack?

The Big One — The Drift Council Takeover

The news. On April 1, 2026, DPRK operators drained $285M from Drift Protocol using pre-signed durable nonce transactions that legitimate Security Council members had unknowingly authorised via blind signing. [TRM Labs] The execution was the last step. The preparation had been running for six months.

What broke and how. DPRK’s UNC4736 spent fall 2025 cultivating Drift contributors at crypto conferences, presenting as a quantitative trading firm. By December they had onboarded an Ecosystem Vault and deposited more than $1M to build credibility. [The Block] Two contributors were compromised through a malicious code repository and a fake wallet app. The attackers then collected pre-signatures from 2-of-5 council members on admin-transfer payloads disguised as routine updates. Classic blind signing. [Chainalysis]

On March 26–27, a legitimate council rotation invalidated the attacker’s first harvest. That was the escape window. [BlockSec] The rotation did not change Drift’s pre-existing zero-timelock configuration. Within 72 hours the attackers had re-established the 2-of-5 threshold. On April 1 at 16:05 UTC, the pre-signed transaction executed. Zero timelock meant the transfer was irreversible before any monitor could fire. The vault drain took approximately 12 minutes. [The Block]

What to check now.

The March 26 rotation was Drift’s best chance. It invalidated everything the attackers had harvested. A zero-timelock audit and a 48-hour signing freeze during handoff would have ended it. A signer rotation without a timelock review creates a new attack surface wearing familiar clothes.

— Adrian

Chain Reaction — KelpDAO’s 1-of-1 DVN

The news. On April 18, 2026, DPRK’s Lazarus Group drained 116,500 rsETH worth approximately $292M from KelpDAO’s LayerZero-powered bridge by poisoning the RPC nodes that LayerZero Labs’ sole DVN relied on. [LayerZero incident statement] An emergency pause 46 minutes later blocked follow-up attempts that would have released an additional ~$200M.

What broke and how. KelpDAO’s rsETH bridge ran a 1-of-1 DVN, meaning one entity was responsible for verifying every cross-chain message. The attackers identified that entity’s RPC nodes and replaced their binaries with malicious versions returning accurate data to every IP except the DVN itself. They simultaneously DDoS’d the external fallback, forcing it onto the compromised nodes. With every honest path gone, the DVN signed a release for rsETH that had never been deposited on the source chain. [LayerZero incident statement]

Why it kept happening. ~47% of active LayerZero OApps were running 1-of-1 DVN configurations at time of the exploit. [bitcoin.com] LayerZero’s own quickstart wired the sample config with a single required DVN. After three weeks of blaming Kelp’s configuration, LayerZero issued a public apology on May 9, admitting it “made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions.” [The Block]

The downstream impact. The exploit did not stop at the bridge. The attacker deposited the 116,500 unbacked rsETH as collateral on Aave and borrowed ~$190M in real ETH against it. [CoinDesk] Aave’s core WETH lending pool hit 100% utilisation — users who had deposited ETH could not withdraw. [Yahoo Finance] Aave froze rsETH markets across V3 and V4 and paused WETH borrowing on Ethereum, Arbitrum, Base, Mantle, and Linea. The panic spread beyond protocols directly holding rsETH: Aave lost $8.45B in deposits over 48 hours, pulling $13.21B out of DeFi TVL total. [CoinDesk] The DeFi United coalition, including Aave Labs, EtherFi, and Stani Kulechov personally, formed specifically to plug the collateral gap and prevent cascading liquidations.

What to check now.

47% of active OApps ran the same configuration that enabled this exploit. LayerZero’s quickstart normalised it. When infrastructure provider defaults create systemic risk, the post-mortem blame fight is the wrong place to discover that. The default is the product, and it was misconfigured at scale.

— Adrian

Around the Forums

Arbitrum DAO, $71M frozen ETH cleared for recovery. The Arbitrum Security Council froze 30,765 ETH linked to the April 18 KelpDAO exploit through an emergency 9-of-12 multisig action. The Constitutional AIP passed with more than 90% delegate support. [Cointelegraph] SDNY Judge Margaret Garnett cleared the transfer on May 9, though families holding $877M in unpaid terrorism judgments against North Korea claim the recovered ETH should satisfy their claims, and that legal question remains unresolved. [The Defiant]

THORChain, ADR-028 recovery vote open. THORChain opened a node-operator vote on ADR-028: protocol-owned liquidity absorbs the $10.8M loss, the attacker’s bond is slashed, no RUNE is minted, and no user deposits are affected. [BanklessTimes]

What Else Happened

• THORChain, $10.8M, May 15. GG20 threshold-signature key extraction. A malicious validator participated in signing ceremonies for 48 hours, accumulating leaked key-share material until it could reconstruct the full Asgard vault private key offline. [TRM Labs] Same broad family as the Alpha-Rays attacks THORChain paid a $500K bounty to patch in 2021, but a novel instance the 2021 patch did not cover.

• Verus Ethereum bridge, $11.58M, May 17–18. Source-destination value binding gap. The bridge verified proofs and signatures but never checked whether the input amount matched the payout; the attacker spent ~$10 in VRSC fees to receive $11.58M. [CoinDesk / Halborn]

• TrustedVolumes (1inch Fusion resolver), $6.7M, May 7. Missing access control modifier. The signer whitelist function was declared public with no onlyOwner modifier; the attacker added themselves as an authorised signer and drained the resolver wallet’s unlimited approvals across 85 transactions. [Halborn]

• ZetaChain, $334K, April 26. Three chained access control defects. The gateway accepted arbitrary cross-chain calls from any sender and team wallets held unlimited gateway approvals; one CCTX with IsArbitraryCall = true drained wallets across four chains. [SolidityScan] ZetaChain admitted a prior report describing this behaviour was dismissed as “by design.”

• Giddy.co, $1.3M, April 23. Incomplete EIP-712 struct coverage. The signature covered only the swap data bytes, not token addresses or amount; the attacker replayed a valid signature with all four unsigned fields substituted. [Verichains]

• Adshares, ~$628K, May 15. Source-destination value binding gap. The bridge-minter signed token releases against transaction IDs that do not exist on the canonical Adshares chain; zero on-chain verification of the referenced transactions. [DefimonAlerts]

On the Clock

No toolchain upgrades with operational urgency this week. All failures were configuration, access control, signature scope, or economic logic, not toolchain.

Three things are operationally urgent regardless. If you run any LayerZero integration at 1-of-1 DVN, migration is not optional. If any Solana council signer can authorise durable-nonce transactions, disable it now. If any privileged wallet holds type(uint256).max approvals to any contract, revoke them before end of week.

Long Reads

Chainalysis: Inside the KelpDAO Bridge Exploit. The most technically detailed account of the RPC poisoning chain, DDoS failover mechanics, and DPRK laundering flows. Required for anyone building bridge infrastructure.

BlockSec: Drift Protocol Incident. The most granular on-chain timeline of the Drift attack. The section on the March 27 rotation and 72-hour re-harvest is essential for any protocol with a Security Council.

Verichains: When Signing Is Not Secure. The deepest analysis of the Giddy.co EIP-712 struct failure. Applies to every vault or swap contract using off-chain authorisation.

The Operator’s Read

People keep calling KelpDAO more sophisticated than past DPRK hacks. It was not. Harmony’s Horizon ran 2-of-4. Ronin was 5-of-9 on paper, but four keys sat with the same entity, making it effectively 2-of-9. KelpDAO ran 1-of-1. The numbers keep changing. The failure class does not.

Every few years someone ships a cross-chain system with a threshold that looks acceptable and a signing arrangement that collapses under scrutiny. We write post-mortems. We say never again. Then it happens again with a different name on the contract.

If you are running a multisig today, the real question is whether the keys are genuinely independent, not whether the number is above one. If two of your five signers share a Slack workspace and a deployment pipeline, your threshold is not what the contract says it is.

The triage problem nobody wants to admit

I understand why reports get dismissed. The volume is relentless and most AI-generated submissions are noise. But ZetaChain dismissed a report on the exact component that was later exploited because the behaviour looked “by design” in isolation.

Chained attacks do not announce themselves. The first bug looks like an edge case. The second like a known limitation. The third is the exploit. A triage process that evaluates each report in isolation will miss all three as a combination.

A managed triage service handles the volume. An internal developer catches what the triager cannot, because they see the report and the three other components it touches. You need both. Always evaluate by end impact on your protocol. If the funds at risk are yours, the report is in scope, regardless of where the entry point is.

Mitchell Amador’s five years of Immunefi data settles the continuous coverage question. 93.9% of programmes active for five or more years have surfaced a confirmed critical. Average is 2.7 per programme. The only variable is whether a whitehat or a blackhat gets there first.

The basics are the whole point

Giddy and TrustedVolumes had nothing to do with state-sponsored attackers. One was an EIP-712 signature covering half the fields it should. The other was a public function with no access control modifier. Day-one checks. Both shipped without them.

AI coding gets code out faster. It does not make that code more secure. Shipping speed is a competitive advantage until it is not, and when it stops being one you are writing a post-mortem.

Default configurations are a security decision

The zero-timelock on Drift and the 1-of-1 DVN on KelpDAO were not installed by attackers. Both were set by the protocols themselves, never revisited, and never put to a governance vote. Nobody attacked the code. The attackers read the configuration.

One entity to compromise. One RPC layer to poison. One fallback layer to knock offline. The cryptography was fine. The architecture made it irrelevant.

Ask the question LayerZero did not ask until after $292M was gone: is the default here the secure option, or just the easy one?

P.S.

Bridges were profitable targets before this year and will remain so. Where large sums of money pass through a potential single point of failure, people will always be looking for holes.

What matters is whether the fundamentals are in place before the bridge goes live. Clear validation logic. Genuine signing independence. A review process that actually asks whether the inputs and outputs are economically bound to each other. The foundation. Build it first.

Closing Tab

The contracts got audited. The configuration did not. That is where every exploit in this issue started. Check yours.

Adrian Hetman Burn Notice Operational intelligence for Web3, every week.