The RPC Poisoning Attack That Cost $290M — And Why Retail Missed It Coming

On April 18, 2026, a sophisticated state-sponsored attacker poisoned the RPC infrastructure feeding KelpDAO's rsETH bridge, fraudulently approving 116,500 rsETH in transfers. By April 20, that theft had cascaded into $200M in Aave bad debt and triggered a $10B panic withdrawal wave across DeFi. One of the largest bridge exploits in history. Retail missed it because they were looking at the wrong layer.

The Attack Architecture

This wasn't a smart contract vulnerability. The KelpDAO rsETH token contract was fine. The Aave collateral logic was fine. The attack was infrastructure-level, and it worked in three coordinated stages.

Stage 1: RPC Poisoning

KelpDAO's bridge verifier nodes rely on downstream RPC endpoints to validate incoming cross-chain transactions. The attacker compromised multiple RPC providers serving those verifier endpoints and injected fraudulent transaction data into their responses.

From the bridge verifier's perspective, the RPC was telling the truth: "These rsETH transfers are valid. Approve them." No smart contract audit catches this. There is no on-chain record of manipulation. The RPC layer sits below the blockchain's accountability mechanisms.

Simultaneously, the attacker launched a DDoS attack against legitimate RPC providers to fragment request traffic and prevent detection. The attack surface was distributed across at least five different RPC provider networks.

Stage 2: The Liquidation Trap

With 116,500 rsETH in hand, the attacker immediately deposited this amount as collateral on Aave V3. rsETH was trading at ~$2,500 per token — a $290M collateral base.

Against that collateral, the attacker borrowed $200M in WETH in a single transaction. This was not a flash loan (which would have been immediately repaid). This was permanent debt, sitting on Aave's balance sheet.

Then the attacker waited.

When the bridge exploit became public 48 hours later, KelpDAO and LayerZero Labs paused rsETH contract operations to prevent further damage. Aave's collateral instantly became illiquid — it couldn't be withdrawn, sold, or transferred. Protocol insurance mechanisms failed because the pause was permanent, not temporary.

The $200M WETH loan remained outstanding against now-worthless collateral. Aave's system hit insolvency cascades. The protocol froze deposits to prevent runs. By April 20, $200M in bad debt was crystallized on Aave's books.

Stage 3: Contagion

Aave V3 is the settlement layer for $50B+ in DeFi TVL across three blockchains. When insolvency signals appeared — "Aave might not be able to repay WETH deposits" — every large WETH holder began withdrawing simultaneously.

That triggered a cascade: Curve, Convex, Lido, and seventeen other protocols faced deposit withdrawal waves. Liquidity evaporated. Yields on WETH deposits collapsed from 5-8% to 0.2%. Over $10B exited DeFi in 36 hours.

The entire trust model of cross-chain liquidity broke in one weekend.

Why Retail Missed It

Retail security audits live in the smart contract layer. You can verify code. You can read audits. You can check on-chain flows.

RPC infrastructure is opaque. Unless you run your own node, you're trusting your RPC provider to tell you the truth about the state of the blockchain. Most retail users don't run nodes. Most protocols don't run redundant RPC endpoints across competing providers.

This attack class — infrastructure poisoning below the smart contract layer — is nearly undetectable in real time. You see valid-looking transactions with valid signatures. The attacker didn't exploit contract logic; they spoofed the data feeding into it.

KelpDAO wasn't negligent. They were exposed to an attack surface that has no visibility layer for retail users.

The Root Cause: Validator Centralization

KelpDAO's bridge ran a 1-of-1 DVN (decentralized verifier network) setup. One verifier, one RPC provider chain, no redundancy.

A 1-of-1 is the most efficient configuration. It's fast, cheap, and reliable — until it isn't. And when it fails, it fails completely.

Compare to alternatives:

• 2-of-3 DVN: Slightly more resilient. The attacker would need to compromise two providers simultaneously. Still vulnerable to nation-state level actors.
• 5-of-5 DVN: Requires all verifiers to sign independently. Five providers, five RPC sources, five compromise vectors. Exponentially harder for an attacker. Also exponentially more expensive to operate.

The economics of validator redundancy don't scale. KelpDAO chose the 1-of-1 because they were competing on cost and speed. The attack proved the math was wrong.

RPC Poisoning: The New Infrastructure Attack

This attack was not novel in concept, but it is novel in scale.

RPC layer attacks have been theoretically documented since 2021. Academic security teams warned that compromised RPC endpoints could spoof state to smart contracts. But no one thought a nation-state actor would weaponize it at a $290M scale.

The Drift Protocol exploit in April 2026 showed nation-states were moving into DeFi. This KelpDAO attack proved they understand infrastructure layers most retail security frameworks ignore.

Defense requires:

• Redundant RPC endpoints from competing providers. Don't trust one provider with bridge verification.
• Out-of-band validation. Bridge verifiers should ping multiple independent data sources and require consensus, not just RPC agreement.
• Timeout + circuit breaker logic. If RPC latency spikes or responses diverge, pause the bridge. Don't push data through under uncertainty.

For retail: Use multiple RPC endpoints when you interact with bridges. MetaMask and wallet UIs support this. Spread bridge interactions across time windows so one RPC failure doesn't correlate with your transaction.

What Retail Should Demand

This is the pattern we'll see repeat: A bridge protocol optimizes for speed and cost, under-invests in infrastructure redundancy, and eats a $300M loss when a bad actor pushes on the weak point.

Retail needs industry standards:

• Minimum verifier requirements: No 1-of-1 DVNs for bridges with >$10M TVL. Mandatory 3-of-5 minimum. Audited RPC infrastructure.
• Insurance mechanisms: If a bridge gets exploited, who eats the loss? Insurance pools should be mandatory for protocols >$50M TVL, not optional.
• Transparency dashboards: Every bridge should publish its verifier setup, RPC providers, and infrastructure audit status publicly. Retail users checking bridge tokens as collateral should have clear visibility into how the bridge actually works.

The Aave depositors who lost confidence in DeFi this week had no way to evaluate the infrastructure risk of rsETH before it mattered. By the time the risk was visible, it was too late.

ZeroTraceLabs' Role

Bridge security is foundational infrastructure, not a footnote. And infrastructure audits don't live in GitHub. They live in understanding attack surfaces that code reviews miss.

ZeroTraceLabs is building standardized infrastructure audit frameworks so retail users don't have to become network engineers to spot the next RPC poisoning attack before it costs them $290M.

We're not here to audit code. We're here to audit the ground.

ZeroTraceLabs publishes live threat intelligence and infrastructure analysis Mon/Wed/Fri. Subscribe for the next case study. Follow @zerotracelabs on X.