# Hack Related Articles

HTX News Center provides the latest articles and in-depth analysis on "Hack", covering market trends, project updates, tech developments, and regulatory policies in the crypto industry.

On the Same Day Aave Introduced rsETH, Why Did Spark Choose to Exit?

On April 18, Kelp DAO's cross-chain bridge was exploited, resulting in the malicious minting of 116,500 unbacked rsETH. The attacker deposited these into Aave and borrowed WETH, creating a potential bad debt of approximately $195 million. Aave’s Guardian quickly froze the market, but the protocol’s insurance could only cover about 25% of the loss. In contrast, SparkLend, a lending protocol in the MakerDAO ecosystem, suffered no direct losses. This was not due to superior foresight but rather a preemptive governance decision. On January 29, Spark executed a governance action to discontinue new rsETH supply, citing low usage and high concentration from a single wallet. The same day, Aave expanded its rsETH market by enabling E-Mode with a 93% LTV to attract more deposits. Spark’s risk management framework is designed to remove assets with low usage or poor risk-adjusted returns, regardless of external security concerns. Aave’s decision was growth-oriented, aiming to boost WETH utilization and attract capital. Spark also employs additional safeguards: rate-limited supply and borrow caps that would have limited the scale of such an attack, and a robust oracle system using the median of three price feeds. These mechanisms systemically contain the maximum exposure to any single risk event, demonstrating a fundamentally different approach to risk than Aave’s growth-first model.

marsbit04/20 08:14

On the Same Day Aave Introduced rsETH, Why Did Spark Choose to Exit?

marsbit04/20 08:14

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

An open-source AI security tool flagged critical risks in Kelp DAO’s cross-chain architecture 12 days before a $292 million exploit on April 18, 2026—the largest DeFi incident of the year. The vulnerability was not in the smart contracts but in the configuration of LayerZero’s cross-chain bridge: a 1-of-1 Decentralized Verifier Network (DVN) setup allowed an attacker to forge cross-chain messages with a single compromised node. The tool, which performs AI-assisted architectural risk assessments using public data, identified several unremediated risks, including opaque DVN configuration, single-point-of-failure across 16 chains, unverified cross-chain governance controls, and similarities to historical bridge attacks like Ronin and Harmony. It also noted the absence of an insurance pool, which amplified losses as Aave and other protocols absorbed nearly $300M in bad debt. The attack unfolded over 46 minutes: the attacker minted 116,500 rsETH on Ethereum via a fraudulent message, used it as collateral to borrow WETH on lending platforms, and laundered funds through Tornado Cash. While an emergency pause prevented two subsequent attacks worth ~$200M, the damage was severe. The tool’s report, committed to GitHub on April 6, scored Kelp DAO a medium-risk 72/100—later acknowledged as too lenient. It failed to query on-chain DVN configurations or initiate private disclosure, highlighting gaps in current DeFi security approaches that focus on code audits but miss config-level and governance risks. The incident underscores the need for independent, AI-powered risk assessment tools that evaluate protocol architecture, not just code.

marsbit04/20 03:23

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

marsbit04/20 03:23

The Code Was Fine, But It Was Still Hacked: What Is the 'DVN Configuration Vulnerability' Behind the Biggest Hack of 2026?

Title: Code Was Secure, Yet $293M Stolen: The 2026 DVN Configuration Breach Explained On April 18, 2026, Kelp DAO’s restaking protocol was exploited, losing 116,500 rsETH (worth $293M at the time) due to a configuration flaw—not a smart contract vulnerability. The attacker used a forged cross-chain message to drain funds via LayerZero’s bridge, then dispersed the stolen rsETH across Aave V3, Compound V3, and Euler to borrow real assets, ultimately escaping with $236M in WETH. The root cause was a critical misconfiguration in Kelp’s LayerZero V2 setup: the protocol used a 1-of-1 Decentralized Verifier Network (DVN) threshold, meaning only one node approval was needed to validate cross-chain messages. The attacker compromised that single node, allowing unauthorized minting of rsETH on Ethereum. This configuration choice—permitted by LayerZero but highly risky—left zero fault tolerance. In contrast, protocols like ApeChain using multi-node validation (e.g., 2-of-3 or 5-of-9) remained secure. This incident highlights a blind spot in DeFi security audits: tools like Slither and Mythril scan code for logic flaws but ignore configuration parameters. The 2022 Nomad hack ($190M loss) also stemmed from a config error, bringing total losses from such issues to ~$482M—rivaling private key breaches. The Kelp exploit underscores the need for standardized config audits and higher baseline security in cross-chain designs.

marsbit04/19 23:56

The Code Was Fine, But It Was Still Hacked: What Is the 'DVN Configuration Vulnerability' Behind the Biggest Hack of 2026?

marsbit04/19 23:56

TechFlow Intelligence Bureau: KelpDAO Attack Causes Nearly $300 Million Loss, Triggers Aave Withdrawal Wave, RAVE Crashes 95% in a Single Day

China's AI firm DeepSeek is seeking external funding for the first time, with a valuation exceeding $10 billion, signaling intensifying competition and high R&D costs in the domestic large model sector. Meanwhile, OpenAI CEO Sam Altman faces scrutiny over potential conflicts of interest between his personal investments and OpenAI’s business ahead of a possible IPO. In Web3, KelpDAO suffered a $294 million attack due to forged cross-chain messages on LayerZero, leading to massive withdrawals from Aave and a resulting 18% drop in AAVE tokens. Separately, RAVE cryptocurrency collapsed by 95% in a single day amid suspected insider manipulation. Geopolitically, Iran is now demanding Bitcoin payments for transit through the Strait of Hormuz, reflecting both internal governmental discord and the growing adoption of crypto in tense regions. In semiconductors, Nvidia CEO Jensen Huang showed rare public frustration over questions regarding chip sales to China, while the industry faces renewed price hikes. Tesla continues expanding its Robotaxi service, and a Chinese humanoid robot outperformed humans in a half-marathon, marking a milestone in robotics. Despite Middle East tensions and market uncertainties, U.S. stocks continue to rise, prompting discussions about market optimism versus risk blindness. Overall, today’s developments highlight systemic vulnerabilities—in tech, finance, and geopolitics—while also showcasing innovation in crises.

marsbit04/19 11:08

TechFlow Intelligence Bureau: KelpDAO Attack Causes Nearly $300 Million Loss, Triggers Aave Withdrawal Wave, RAVE Crashes 95% in a Single Day

marsbit04/19 11:08

DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?

On April 19, a major DeFi security breach occurred, resulting in the loss of approximately $292 million. The attack targeted Kelp DAO’s rsETH bridge contract built on LayerZero, with 116,500 rsETH stolen. The attacker initiated the exploit using funds from Tornado Cash and manipulated the LayerZero EndpointV2 contract to transfer the assets. Kelp DAO confirmed the incident and temporarily paused rsETH contracts across multiple networks while collaborating with security experts for investigation. Initial analysis suggests the root cause was a compromised private key on the source chain, with the contract secured by only a 1/1 validator set, making it vulnerable to a single malicious transaction. The attacker used the stolen rsETH as collateral on lending platforms—including Aave, Compound, and Euler—to borrow more liquid assets like WETH, accumulating over $236 million in debt. Aave alone accounted for $196 million of this amount. In response, Aave froze its rsETH markets and stated it would explore covering potential bad debt through its Umbrella safety module, which holds around $50 million in WETH. This incident follows another large exploit earlier in April, where Drift Protocol on Solana lost $280 million. The repeated high-value attacks raise concerns about DeFi security, even affecting major protocols like Aave. Users are advised to exercise caution, diversify holdings, and limit exposure to on-chain protocols until more robust security measures are established.

marsbit04/18 23:31

DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?

marsbit04/18 23:31

In-Depth Reconstruction of the $285 Million Drift Hack: How Should DeFi Governance Move Beyond "Amateur Hour"?

On April 1, 2026, Drift Protocol, the largest perpetual futures DEX on Solana, suffered a catastrophic hack resulting in a loss of $285 million. The attack, attributed to a sophisticated social engineering campaign rather than a technical exploit, unfolded over several months. Hackers first infiltrated Drift’s internal circles by posing as a legitimate market maker, building trust over time. They then exploited Solana’s "Durable Nonce" feature to trick core team members into blindly signing transactions that granted administrative control. A critical vulnerability was introduced when Drift migrated to a 2/5 multisig structure without a timelock, allowing instant execution of privileged transactions with just two signatures. The attackers finally triggered the attack by adding a fake token (CVT) to the whitelist, manipulating its oracle price, and using it as collateral to drain the protocol’s treasury. The incident highlights fundamental flaws in DeFi governance, including overreliance on multisig mechanisms that lack intent verification and are vulnerable to social engineering. It underscores the misalignment between retail-grade security tools and institutional-scale treasury management. The hack signals the need for a security paradigm shift in DeFi, including adoption of Hardware Security Modules (HSMs) for key management, intent-based policy engines for transaction validation, and professional third-party custody solutions to ensure institutional-grade safety.

marsbit04/13 12:00

In-Depth Reconstruction of the $285 Million Drift Hack: How Should DeFi Governance Move Beyond "Amateur Hour"?

marsbit04/13 12:00

1 Billion DOT Minted Out of Thin Air, Yet Hacker Only Made $230,000

On April 13, a security breach occurred involving the Polkadot bridge on the Ethereum network, where an attacker exploited a replay vulnerability in the MMR proof mechanism of Hyperbridge’s ISMP protocol. By reusing a historically valid proof and pairing it with a malicious request, the attacker bypassed verification and gained admin and minting rights over the wrapped DOT contract on Ethereum. They then minted 1 billion wrapped DOT tokens—2,805 times the existing supply—and attempted to liquidate them. However, due to extremely low liquidity in the wrapped DOT market, the massive sell-off crashed the token’s price by 99.98%, from $1.22 to approximately $0.000128. The attacker ultimately exchanged the tokens for only about 108.2 ETH (worth roughly $237,000), with gas costs as low as $0.74. The same exploit had been used previously in attacks on MANTA and CERE tokens, resulting in a total loss of around $242,000. Polkadot confirmed that the incident only affected DOT bridged via Hyperbridge to Ethereum and did not impact the native Polkadot network or DOT on other bridges. Exchanges including Upbit and Bithumb temporarily suspended DOT deposits and withdrawals as a precaution. The event highlights ongoing vulnerabilities in cross-chain infrastructure and the critical role of liquidity in limiting actual damages during large-scale exploits. It also reflects a broader trend of increasing DeFi security incidents in early 2026.

marsbit04/13 10:10

1 Billion DOT Minted Out of Thin Air, Yet Hacker Only Made $230,000

marsbit04/13 10:10

活动图片