Major Ethereum staking platform halts withdrawals
ETH
MAJOR
BIFI
LDO
ZRO
Only four months into 2026, and hacks have rattled decentralized finance.
The weekend fiasco of Kelp DAO resulted in the biggest hack of 2026 so far, with about $293 million being drained out in a single attack.
While the blame game and analysis continue, platforms in the DeFi space are taking their own measures to protect themselves.
Related: Massive crypto hack triggers $9 billion panic withdrawal
The hack that started it all
On April 18, an attacker exploited a vulnerability in Kelp DAO's cross-chain bridge, draining 116,500 rsETH, worth approximately $293 million, in a single attack.
Kelp DAO is a liquid restaking protocol that allows users to deposit staked Ethereum (ETH) and receive rsETH, a receipt token usable across more than 20 blockchain networks.
The attacker forged a cross-chain message through LayerZero's EndpointV2 contract, tricking Kelp's bridge into releasing the funds directly to their wallet.
The stolen amount represented roughly 18% of rsETH's entire circulating supply.
Following the breach, rsETH markets on Aave and other major lending platforms were frozen to prevent further contagion across the DeFi ecosystem.
While the attack is largely attributed to the North Korean Lazarus group, LayerZero has put the responsibility of the incident on KelpDao's Decentralized Verifier Network (DVN) configuration.
DVN is the security checkpoint that must approve every cross-chain transaction before it goes through. LayerZero said KelpDao "chose to utilize a 1/1 DVN configuration," which made it vulnerable to the attack.
Trending on TheStreet Roundtable:
- Circle slapped with class-action lawsuit over 2026's largest hack
- Another crypto platform suspends operations
- Nvidia launch sends quantum stock surging 251%, mints billionaire
Ethereum staking platform halts withdrawals
Lido Finance, one of the largest Ethereum liquid staking platforms in the world, announced on April 20 on X that it would be halting deposits and withdrawals of funds.
The platform allows users to stake their ETH and receive stETH, a token that represents their staked position and can be used across the broader DeFi ecosystem.
The hack has directly impacted Lido's EarnETH vault, which held approximately $21.6 million in a leveraged rsETH/ETH position on Aave, around 9% of the vault's total holdings. With the rsETH markets frozen, that position is effectively stuck.
"Elevated lending market utilization is also putting cost pressure on the vault's other levered positions," Lido said.
In response, Lido's EarnETH team has suspended both deposits and withdrawals to ensure all depositors are treated fairly while losses are assessed.
"If resolution is delayed, an alternative path will be to reopen withdrawals with the rsETH position marked to a maximum expected haircut, so depositors can exit at a known worst-case value rather than wait indefinitely," Lido added.
Lido confirmed that a $3 million first-loss protection fund, backed by the Lido DAO treasury, will be deployed if needed to absorb vault losses.
Lido stressed that its core staking protocol and stETH and wstETH tokens are unaffected by the incident.
Platforms pause LayerZero bridges
Lido is not the only one making a serious decision after the KelpDAO incident.
Beefy Finance, a decentralized, multichain yield optimizer that allows users to earn compound interest on their crypto holdings, announced on X on April 19 that it is temporarily pausing its LayerZero bridge as a "precautionary measure."
BitGo, the digital asset custody and security platform, also announced taking down its LayerZero OFT DVNs for Wrapped BTC "until network-wide security and safety can be ascertained." The platform assured that the users' funds are safe.
BitGo's LayerZero OFT DVNs for Wrapped Bitcoin is essentially a security and cross-chain system that allows WBTC to move natively across multiple blockchains without relying on traditional bridges.
OFT, or Omnichain Fungible Token, is LayerZero's standard that lets a token behave the same way regardless of which blockchain it is on.
BitGo built its own DVN specifically for WBTC, meaning every transfer requires BitGo's direct sign-off, plus confirmation from either LayerZero Labs or Polyhedra as a backup verifier. This ensures no single point of failure can compromise a transaction.
The pausing of LayerZero "bridges" can be understood like this. If a highway had a flaw that caused a major accident, every driver using that same highway network would pull over until it was confirmed safe, even if their specific car is fine.
TheStreet Roundtable reached out to Lido Finance, Beefy and BitGo for comments and had not received responses by the time of publication.
