DeFi Hacked Again, Losing $292 Million: Is Even Aave No Longer Safe?

Odaily星球日报Published on 2026-04-18Last updated on 2026-04-18

Abstract

On April 19, DeFi suffered another major security breach, with liquid staking protocol Kelp DAO losing approximately 116,500 rsETH (worth around $292 million) due to an exploit in its LayerZero-based bridge contract. The attack originated from a compromised private key on the source chain, allowing the hacker to initiate unauthorized transfer via a single validator. The attacker used the stolen rsETH as collateral on lending platforms including Aave, Compound, and Euler to borrow more liquid assets like wETH, resulting in over $236 million in debt—$196 million from Aave alone. Aave quickly froze its rsETH markets and announced it would explore covering potential bad debt through its Umbrella safety module, which holds about $50 million in WETH. This incident follows a $280 million exploit on Solana’s Drift Protocol earlier in April, raising further concerns about DeFi security. Even established protocols like Aave are now indirectly exposed, prompting warnings for users to diversify holdings and limit exposure to smart contract risks. Investigations are ongoing.

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

On April 19th, Beijing time, DeFi security suffered another major blow.

On-chain data shows that around 1:35 this morning, the rsETH bridge contract of Kelp DAO, the second-largest liquid staking protocol based on LayerZero, was suspected to be exploited by hackers, resulting in a loss of 116,500 rsETH, valued at approximately $292 million.

Further tracing the on-chain records, the attacker's address received 1 ETH in initial funds from the mixing protocol Tornado Cash about 10 hours before the incident. Subsequently, this address called the lzReceive function on the LayerZero EndpointV2 contract. This call triggered Kelp's bridge contract, transferring 116,500 rsETH to another attacker address.

About two and a half hours after the incident, Kelp DAO officially confirmed the attack on X: "Earlier today, we detected suspicious cross-chain activity involving rsETH. During the investigation, we have paused the rsETH contracts on the mainnet and multiple Layer 2s. Our auditors are working with security experts from LayerZero and Unichain to closely monitor the situation. We will keep you updated on the latest developments. Please follow official channels."

After the incident, various DeFi projects and security agencies analyzed the cause. An analysis by D2 Finance was frequently cited within the community — LayerZero Scan marked the source's counterpart as Kelp DAO, meaning the message came from a legitimately deployed endpoint contract by Kelp itself, and this path had previously recorded 308 message nonces. Therefore, the root cause of this attack was a "compromise of the source chain private key."

Steven Enamakel, a developer at TinyHumans AI, added that the contract was secured by only a 1/1 validator set (DVN), meaning a single erroneous transaction from the validator was enough to cause the issue.

Hacker Escapes via Aave, Suspected Bad Debt Incurred

Due to the limited trading liquidity of rsETH itself, the hacker's chosen escape strategy was to route through lending protocols like Aave, using the stolen rsETH as collateral to borrow more liquid wETH.

According to monitoring by PeckShield Alert, as of 4:30 this morning, the hacker's address had deposited the stolen rsETH into lending protocols including Aave V3, Compound V3, and Euler, borrowing a significant amount of WETH, with a total debt exceeding $236 million — of which Aave alone accounted for $196 million, Compound $39.4 million, and Euler only $840,000.

Following the incident, Aave promptly froze the rsETH market on Aave V3 and V4. The team subsequently issued an official statement on X: "Aave contracts have NOT been exploited. The exploit is related to rsETH. Freezing rsETH is to prevent new rsETH deposits and borrowing against rsETH collateral while the situation is assessed. We are reviewing the borrows of rsETH that occurred on Aave post-exploit and will share more details as soon as possible."

Shortly after the initial statement, Aave updated the post, adding: "Should the protocol accrue bad debt from this incident, we will explore avenues to cover the shortfall."

As of the time of writing, the specific amount of bad debt caused by this incident is still unclear.

monetsupply.eth, Head of Strategy at Aave's direct competitor Spark, stated that if rsETH experiences a 19% devaluation (the stolen amount represents 19% of the total rsETH supply), Aave could potentially incur over $100 million in bad debt due to highly leveraged recursive borrowing.

However, Marc Zeller, founder of the representative Aave governance team Aave Chan Initiative (ACI) (who has announced his departure from Aave in July due to governance disagreements), offered a different perspective. Zeller initially advised users to quickly withdraw WETH from Aave V3 to avoid losses and confirmed that the USDC and USDT markets on Aave were unaffected. In response to another user's speculation that "bad debt could reach hundreds of millions," he stated: "Far less than that figure."

But Marc Zeller also mentioned that it was time to test Umbrella in a real production environment. Umbrella refers to Aave's automatic safety module, essentially a pool of funds to handle bad debt. Users can deposit assets into it for higher incentives, but the pool also bears potential losses if the protocol incurs bad debt.

Aave protocol data shows that Umbrella currently holds approximately $50 million worth of WETH that could be used to address potential bad debt from this incident, but it is uncertain whether this will be sufficient to cover the shortfall.

Affected by this event, AAVE's price fell sharply by nearly 10% in the short term, trading at around 104.6 USDT at the time of writing.

Another Hundred-Million-Dollar Security Incident in April

This is not the first massive security incident this month.

As early as April 1st, the Solana ecosystem derivatives trading protocol Drift Protocol was attacked, losing up to $280 million (see 《April Fool's Joke? Drift Protocol Hacked for Over $280 Million, Possibly Becoming Solana Ecosystem's Second Largest DeFi Heist》).

Afterwards, Drift Protocol directly blamed "North Korean hackers" for the theft, but fortunately, institutions like Tether pledged $147.5 million for user compensation, giving users some hope for reimbursement.

Just over ten days later, another, even bigger hacking incident erupted. How will this one be resolved?

Is There Any Safe Place Left in DeFi?

Security issues in DeFi are intensifying.

On one hand, there are continuous hacking incidents; on the other, there are persistent security threats posed by AI like Mythos (refer to 《Odaily Interview with Yu Xian: How Does the Leak of Anthropic's Nuclear-Grade New Model Affect Crypto Security Offense and Defense?》). For DeFi users, the previous countermeasure was to concentrate funds towards well-audited, reputable top-tier protocols. But now, even a top-tier protocol like Aave, which retail users subconsciously considered extremely unlikely to have problems, is indirectly affected. Where can users move their funds?

Personally, it is currently not advisable to keep large amounts of funds on-chain. If there is a genuine need, please ensure proper diversification and isolation of positions.

As of the time of writing, many details about this incident remain unclear. Odaily will continue to follow the developments of the event. Please stay tuned.

Related Questions

QWhat was the total value of rsETH stolen in the Kelp DAO attack?

AThe attack resulted in the theft of 116,500 rsETH, valued at approximately $292 million.

QWhich lending protocol did the hacker use to borrow WETH using the stolen rsETH as collateral?

AThe hacker used Aave V3, Compound V3, and Euler to borrow WETH, with Aave V3 accounting for the largest debt of $196 million.

QWhat was identified as the root cause of the Kelp DAO bridge contract exploit?

AThe root cause was identified as a compromise of the source chain private key, allowing the attacker to send a malicious message from a legitimate Kelp-deployed endpoint contract.

QWhat is the name of Aave's automatic security module designed to cover potential bad debt, and how much WETH does it currently hold?

AAave's automatic security module is called Umbrella, and it currently holds approximately $50 million worth of WETH to cover potential bad debt from this incident.

QHow did Aave respond to the incident involving the hacker using its protocol?

AAave froze the rsETH market on its Aave V3 and V4 platforms to prevent new deposits and collateralized loans. The team also stated it would explore ways to cover any deficit if the protocol accumulated bad debt from the event.

Related Reads

Pundit Shows How XRP’s Performance Has Outpaced Hedge Funds

Crypto pundit Vandell highlights XRP's significant outperformance compared to hedge funds since its launch. From its 2014 low of $0.0028 to a 2025 all-time high of $3.64, XRP delivered a return of roughly 129,900%. Even from its 2020 low of $0.11, it surged 33x in five years. Vandell states that utility and adoption are merely "icing on the cake," asserting that XRP's value will appreciate over time as long as the money supply increases. He also suggests that regulatory clarity, such as the potential passage of the CLARITY Act, could trigger historic institutional inflows. While acknowledging it could take years or decades, Vandell believes XRP could reach $1,000 due to its limited supply and sustained demand from fiat debasement and investor accumulation. At the time of writing, XRP is trading around $1.44.

bitcoinist1h ago

Pundit Shows How XRP’s Performance Has Outpaced Hedge Funds

bitcoinist1h ago

Liquidity Forecasts Show Ozak AI Reaching a $1.5 Billion Fully Diluted Valuation Soon After Launch

Updated liquidity forecasts indicate that Ozak AI is positioned to reach a fully diluted valuation (FDV) of $1.5 billion shortly after its initial exchange listings. With over $6.8 million raised in its presale—priced at $0.014 per token—and more than 1.17 billion tokens already sold, the project has demonstrated strong early capital formation, reducing downside risk during price discovery. Analysts highlight that Ozak AI’s concentrated early supply and capital-efficient structure could allow smaller liquidity injections to drive significant valuation expansion, potentially bypassing lower valuation ranges entirely. The project’s AI-native infrastructure—including Prediction Agents, the Ozak Stream Network, Data Vaults, EigenLayer integration, and Arbitrum Orbit deployment—supports higher valuation multiples by offering tangible utility rather than speculative appeal. Partnerships with Pyth Network, SINT, HIVE Intel, and Weblume further strengthen liquidity confidence and exchange adoption prospects. With robust presale performance, functional AI infrastructure, and favorable liquidity dynamics, Ozak AI is emerging as a liquidity-driven growth asset with the potential for rapid post-launch valuation scaling.

TheNewsCrypto5h ago

Liquidity Forecasts Show Ozak AI Reaching a $1.5 Billion Fully Diluted Valuation Soon After Launch

TheNewsCrypto5h ago

Exchange Exposure Could Push Ozak AI’s Daily Volume Beyond $500 Million Within the First Trading Month

Ozak AI ($OZ) is positioned to capitalize on market shifts from established altcoins to innovative AI-driven projects. With a successful presale raising over $5 million and strong token distribution, the project is expected to achieve significant trading volume upon exchange listing—potentially exceeding $500 million daily within the first month. Key factors driving this outlook include concentrated early investor interest, AI and DePIN utility, and strategic partnerships enhancing functionality and credibility. Unlike hype-driven tokens, Ozak AI’s real-world use cases in staking and ecosystem integrations support sustained trading activity beyond initial speculation.

TheNewsCrypto6h ago

Exchange Exposure Could Push Ozak AI’s Daily Volume Beyond $500 Million Within the First Trading Month

TheNewsCrypto6h ago

Clarity Act Reaches Critical Juncture: The U.S. Crypto Regulatory Crossroads

The U.S. cryptocurrency regulatory landscape faces a historic turning point in spring 2026. The fate of the CLARITY Act, which aims to establish a comprehensive market structure framework for digital assets—hangs in the balance. If it fails to clear the Senate Banking Committee by late April, its chances of passage drop drastically, potentially delaying U.S. crypto legislation for years. Simultaneously, the GENIUS Act is reshaping the stablecoin market through stringent prudential regulations, including AML/CFT compliance and reserve requirements, favoring major compliant players like USDC and Tether’s new USAT. A key political compromise led by Senators Tillis and Alsobrooks addresses contentious issues like stablecoin yields, though critical implementation details remain unresolved. The White House strongly supports the legislation as part of a strategy to make the U.S. a global crypto hub, but political challenges—including midterm elections and cross-party demands—threaten its progress. If passed, the CLARITY Act could unlock trillions in institutional capital and help the U.S. compete with the EU’s MiCA framework. If stalled, global regulatory leadership may shift to Europe and Asia. Regardless of outcome, regulatory clarity and compliance infrastructure are becoming central to competitive advantage in the crypto industry.

marsbit6h ago

Clarity Act Reaches Critical Juncture: The U.S. Crypto Regulatory Crossroads

marsbit6h ago

Warsh Hearing Concludes: What Are the Notable Signals for the Crypto Industry?

The Senate Banking Committee held a confirmation hearing for Judy Shelton, a Federal Reserve nominee, who faced intense questioning regarding her ability to maintain the central bank's independence amid pressure from President Trump to lower interest rates. Shelton denied any pre-arranged commitments on rate cuts and emphasized her independence, though Democrats remained skeptical, citing contradictions with Trump's public statements. Shelton characterized post-pandemic inflation as a major policy failure and called for a "regime change" in the Fed’s approach, including reforms to inflation measurement and communication strategies. She criticized the current practice of Fed officials frequently signaling future rate moves and did not commit to maintaining post-meeting press conferences, suggesting potential reductions in transparency. Regarding crypto markets, Shelton’s extensive investments in digital asset companies—including Solana, DeFi, and blockchain infrastructure—were noted, though she has pledged to divest these holdings due to ethics rules. Her familiarity with the crypto industry and deregulatory leanings may signal a more open, though cautious, stance toward digital assets. However, concerns were raised about potential conflicts of interest, especially given Trump family involvement in crypto-financial ventures. The timing of her confirmation remains uncertain, pending a Justice Department investigation into current Chair Powell. Shelton’s potential leadership could lead to a more hawkish, productivity-focused Fed with tighter policy communication—factors that may significantly influence liquidity conditions and macro narratives for crypto markets.

marsbit6h ago

Warsh Hearing Concludes: What Are the Notable Signals for the Crypto Industry?

marsbit6h ago

Trading

Spot
Futures
活动图片

Hot Categoriesright-arrow

Hot Tagsright-arrow