DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?

marsbitPublicado em 2026-04-18Última atualização em 2026-04-18

Resumo

On April 19, a major DeFi security breach occurred, resulting in the loss of approximately $292 million. The attack targeted Kelp DAO’s rsETH bridge contract built on LayerZero, with 116,500 rsETH stolen. The attacker initiated the exploit using funds from Tornado Cash and manipulated the LayerZero EndpointV2 contract to transfer the assets. Kelp DAO confirmed the incident and temporarily paused rsETH contracts across multiple networks while collaborating with security experts for investigation. Initial analysis suggests the root cause was a compromised private key on the source chain, with the contract secured by only a 1/1 validator set, making it vulnerable to a single malicious transaction. The attacker used the stolen rsETH as collateral on lending platforms—including Aave, Compound, and Euler—to borrow more liquid assets like WETH, accumulating over $236 million in debt. Aave alone accounted for $196 million of this amount. In response, Aave froze its rsETH markets and stated it would explore covering potential bad debt through its Umbrella safety module, which holds around $50 million in WETH. This incident follows another large exploit earlier in April, where Drift Protocol on Solana lost $280 million. The repeated high-value attacks raise concerns about DeFi security, even affecting major protocols like Aave. Users are advised to exercise caution, diversify holdings, and limit exposure to on-chain protocols until more robust security measures are established.

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

On April 19th, Beijing time, DeFi security suffered another major blow.

On-chain data shows that around 1:35 this morning, the rsETH bridge contract of Kelp DAO, the second-largest liquid staking protocol, based on LayerZero, was suspected to be exploited by hackers, resulting in a loss of 116,500 rsETH, valued at approximately $292 million.

Further tracing the on-chain records, the attacker's address received 1 ETH in initial funds from the mixing protocol Tornado Cash about 10 hours before the incident. Subsequently, this address called the lzReceive function on the LayerZero EndpointV2 contract. This call triggered Kelp's bridge contract, transferring 116,500 rsETH to another attacker address.

Approximately 2.5 hours after the incident, Kelp DAO officially confirmed the attack on X: "Earlier today, we detected suspicious cross-chain activity involving rsETH. During the investigation, we have suspended the rsETH contracts on the mainnet and multiple Layer 2s. Our auditors are working with security experts from LayerZero and Unichain to closely monitor the situation. We will keep you updated on the latest developments. Please follow official channels."

After the incident, various DeFi projects and security agencies analyzed the cause. An analysis by D2 Finance was frequently cited within the community — LayerZero Scan marked the source's counterpart as Kelp DAO, meaning the message came from a legitimately deployed counterpart contract by Kelp itself, and this path had previously recorded 308 message nonces. Therefore, the root cause of this attack is a 'compromise of the source chain private key.'

Steven Enamakel, a developer at TinyHumans AI, added that the contract was secured by only a 1/1 validator set (DVN), meaning a single erroneous transaction from the validator was sufficient to cause the issue.

Hacker Escapes via Aave, Suspected Bad Debt Incurred

Due to the limited trading liquidity of rsETH itself, the hacker's chosen escape strategy was to route through lending protocols like Aave, using rsETH as collateral to borrow more liquid wETH.

Monitoring by PeckShield Alert showed that as of 4:30 this morning, the hacker's address had deposited the stolen rsETH into lending protocols including Aave V3, Compound V3, and Euler, borrowing a large amount of WETH, with a total debt exceeding $236 million — of which Aave alone accounted for $196 million, Compound $39.4 million, and Euler only $840,000.

Following the incident, Aave promptly froze the rsETH market on Aave V3 and V4. The team subsequently issued an official statement on X: "Aave's contracts were not attacked; this attack is related to rsETH. Freezing rsETH is to prevent new rsETH deposits and collateral borrowing while the situation is assessed. We are reviewing the rsETH borrowing information on Aave that occurred after the attack and will share more details as soon as possible."

Shortly after the initial statement, Aave updated the post, adding: "If the protocol accumulates bad debt due to this incident, we will explore avenues to cover the deficit."

As of writing, the specific amount of bad debt caused by this incident is still unclear.

monetsupply.eth, Head of Strategy at Aave's direct competitor Spark, stated that if rsETH experiences a 19% discount (the stolen amount represents 19% of the total rsETH supply), Aave could potentially incur over $100 million in bad debt due to highly leveraged recursive borrowing.

However, Marc Zeller, founder of the representative Aave governance team Aave Chan Initiative (ACI) (who has announced he will leave Aave in July due to governance disagreements), offered a different perspective. Zeller initially advised users to quickly withdraw WETH from Aave V3 to avoid losses and confirmed that the USDC and USDT markets on Aave were unaffected. In response to another user's speculation that 'bad debt could reach hundreds of millions,' he stated: 'Far less than that figure.'

But Marc Zeller also mentioned that it was time to test Umbrella in a real production environment. Umbrella refers to Aave's automatic security module, essentially a pool of funds to handle bad debt. Users can deposit assets into it for higher incentives, but the pool also bears potential losses if the protocol incurs bad debt.

Aave protocol data shows that Umbrella currently holds approximately $50 million worth of WETH that could be used to address potential bad debt from this incident, but it is uncertain whether this will be sufficient to cover the shortfall.

Affected by this event, AAVE's price fell sharply by nearly 10%, trading at around 104.6 USDT at the time of writing.

Another Hundred-Million-Dollar Security Incident in April

This is not the first major security incident this month.

As early as April 1st, the Solana生态衍生品交易协议 Drift Protocol was attacked, losing up to $280 million (see 《April Fool's Joke? Drift Protocol Hacked for Over $280 Million, Possibly Becoming Solana's Second-Largest DeFi Heist》).

Afterwards, Drift Protocol directly blamed the hack on "North Korean hackers," but fortunately, institutions like Tether pledged $147.5 million for user compensation, giving users some hope for reimbursement.

Just over ten days later, another, larger hack occurred. How will this one be resolved?

Is There Any Safe Place Left in DeFi?

Security issues in DeFi are intensifying.

On one hand, there are continuous hacking incidents; on the other, there are persistent security threats posed by AI like Mythos (refer to 《Odaily Interview with Yu Xian: How Does the Leak of Anthropic's Nuclear-Grade New Model Affect Crypto Security Offense and Defense?》). For DeFi users, the previous countermeasure was to concentrate funds towards well-audited, reputable top-tier protocols. But now, even top-tier protocols like Aave, which retail users subconsciously considered extremely unlikely to have problems, are indirectly affected. Where can users move their funds?

Personally, it is currently not advisable for users to keep large amounts of funds on-chain. If there is a genuine need, please ensure proper diversification and isolation of positions.

As of writing, many details regarding this incident remain unclear. Odaily will continue to follow the developments. Please stay tuned.

Perguntas relacionadas

QWhat was the total value of rsETH stolen in the Kelp DAO attack?

AThe attack resulted in the loss of 116,500 rsETH, valued at approximately $292 million.

QWhich lending protocol did the hacker use to borrow WETH using the stolen rsETH as collateral?

AThe hacker used Aave V3, Compound V3, and Euler to borrow WETH, with Aave V3 accounting for the largest debt of $196 million.

QWhat was the suspected root cause of the Kelp DAO bridge contract exploit according to D2 Finance's analysis?

AThe root cause was identified as a compromise of the source chain private key, allowing the attacker to send a malicious message from a legitimate Kelp DAO endpoint contract.

QWhat mechanism does Aave have to cover potential bad debt from this incident, and how much capital is currently available in it?

AAave has an automatic security module called Umbrella, which currently holds about $50 million in WETH to cover potential bad debt, though it's uncertain if this will be sufficient.

QHow did Aave respond immediately after the attack was discovered?

AAave froze the rsETH markets on Aave V3 and V4 to prevent new deposits and collateralized borrowing, and announced they were assessing the situation and exploring ways to cover any resulting bad debt.

Leituras Relacionadas

CLARITY Act: Banking Trade Groups Push For Yield Agreement Revision – Details

US banking trade groups are urging revisions to the stablecoin yield compromise in the upcoming CLARITY Act ahead of a key committee markup. The Act currently aims to ban all passive, deposit-like interest on stablecoins to prevent competition with traditional bank savings, while allowing rewards tied to active uses like staking or transactions. In a letter, groups including the American Banking Association and Bank Policy Institute proposed stricter language to eliminate perceived loopholes for passive yield and prevent deposit flight from banks. However, these efforts are reportedly viewed as minor by some lawmakers. The Senate Banking Committee is scheduled to mark up the bill on May 14, a critical step before it can advance through Congress.

bitcoinistHá 10h

CLARITY Act: Banking Trade Groups Push For Yield Agreement Revision – Details

bitcoinistHá 10h

This Finance CEO Picks Solana Instead Of Bitcoin — Here’s Why

Finance CEO Raoul Pal prefers Solana over Bitcoin, citing its high throughput and low transaction costs as better suited for the future crypto-AI era. He believes Solana is ideal for machine-to-machine microtransactions and AI-driven DeFi activity, predicting AI agents will soon dominate DeFi users. While Bitcoin serves as a store of value, Pal sees higher growth in networks built for mass, automated transactions. This view was highlighted at Consensus 2026, where AI integration and crypto infrastructure were key themes.

bitcoinistHá 10h

This Finance CEO Picks Solana Instead Of Bitcoin — Here’s Why

bitcoinistHá 10h

Gensyn AI: Don't Let AI Repeat the Mistakes of the Internet

In recent months, the rapid growth of the AI industry has attracted significant talent from the crypto sector. A persistent question among researchers intersecting both fields is whether blockchain can become a foundational part of AI infrastructure. While many previous AI and Crypto projects focused on application layers (like AI Agents, on-chain reasoning, data markets, and compute rentals), few achieved viable commercial models. Gensyn differentiates itself by targeting the most critical and expensive layer of AI: model training. Gensyn aims to organize globally distributed GPU resources into an open AI training network. Developers can submit training tasks, nodes provide computational power, and the network verifies results while distributing incentives. The core issue addressed is not decentralization for its own sake, but the increasing centralization of compute power among tech giants. In the era of large models, access to GPUs (like the H100) has become a decisive bottleneck, dictating the pace of AI development. Major AI companies are heavily dependent on large cloud providers for compute resources. Gensyn's approach is significant for several reasons: 1) It operates at the core infrastructure layer (model training), the most resource-intensive and technically demanding part of the AI value chain. 2) It proposes a more open, collaborative model for compute, potentially increasing resource utilization by dynamically pooling idle GPUs, similar to early cloud computing logic. 3) Its technical moat lies in solving complex challenges like verifying training results, ensuring node honesty, and maintaining reliability in a distributed environment—making it more of a deep-tech infrastructure company. 4) It targets a validated, high-growth market with genuine demand, rather than pursuing blockchain integration without purpose. Ultimately, the boundaries between Crypto and AI are blurring. AI requires global resource coordination, incentive mechanisms, and collaborative systems—areas where crypto-native solutions excel. Gensyn represents a step toward making advanced training capabilities more accessible and collaborative, moving beyond a niche controlled by a few giants. If successful, it could evolve into a fundamental piece of AI infrastructure, where the most enduring value in the AI era is often created.

marsbitHá 11h

Gensyn AI: Don't Let AI Repeat the Mistakes of the Internet

marsbitHá 11h

Why is China's AI Developing So Fast? The Answer Lies Inside the Labs

A US researcher's visit to China's top AI labs reveals distinct cultural and organizational factors driving China's rapid AI development. While talent, data, and compute are similar to the West, Chinese labs excel through a pragmatic, execution-focused culture: less emphasis on individual stardom and conceptual debate, and more on teamwork, engineering optimization, and mastering the full tech stack. A key advantage is the integration of young students and researchers who approach model-building with fresh perspectives and low ego, prioritizing collective progress over personal credit. This contrasts with the US culture of self-promotion and "star scientist" narratives. Chinese labs also exhibit a strong "build, don't buy" mentality, preferring to develop core capabilities—like data pipelines and environments—in-house rather than relying on external services. The ecosystem feels more collaborative than tribal, with mutual respect among labs. While government support exists, its scale is unclear, and technical decisions appear driven by labs, not state mandates. Chinese companies across sectors, from platforms to consumer tech, are building their own foundational models to control their tech destiny, reflecting a broader cultural drive for technological sovereignty. Demand for AI is emerging, with spending patterns potentially mirroring cloud infrastructure more than traditional SaaS. Despite challenges like a less mature data industry and GPU shortages, Chinese labs are propelled by vast talent, rapid iteration, and deep integration with the open-source community. The competition is evolving beyond a pure model race into a contest of organizational execution, developer ecosystems, and industrial pragmatism.

marsbitHá 13h

Why is China's AI Developing So Fast? The Answer Lies Inside the Labs

marsbitHá 13h

3 Years, 5 Times: The Rebirth of a Century-Old Glass Factory

Corning, a 175-year-old glass company, is experiencing a dramatic revival as a key player in AI infrastructure, driven by surging demand for high-performance optical fiber in data centers. AI data centers require vastly more fiber than traditional ones—5 to 10 times as much per rack—to handle high-speed data transmission between GPUs. This structural demand shift, coupled with supply constraints from the lengthy expansion cycle for fiber preforms, has created a significant supply-demand gap. Nvidia has invested in Corning, along with Lumentum and Coherent, in a $4.5 billion total commitment to secure the optical supply chain for AI. Corning's competitive edge lies in its expertise in producing ultra-low-loss, high-density, and bend-resistant specialty fiber, which is critical for 800G+ and future 1.6T data rates. Its deep involvement in co-packaged optics (CPO) with partners like Nvidia further solidifies its position. While not the largest fiber manufacturer globally, Corning's revenue from enterprise/data center clients now exceeds 40% of its optical communications sales, and it has secured multi-year supply agreements with major hyperscalers including Meta and Nvidia. Financially, Corning's optical communications revenue has surged, doubling from $1.3 billion in 2023 to over $3 billion in 2025. Its stock price has risen nearly 6-fold since late 2023. Key future catalysts include the rollout of Nvidia's CPO products and the scale of undisclosed customer agreements. However, risks include high current valuations and potential disruption from next-generation technologies like hollow-core fiber. The company's long-term bet on light over electricity, maintained even through the telecom bubble crash, is now being validated by the AI boom.

marsbitHá 13h

3 Years, 5 Times: The Rebirth of a Century-Old Glass Factory

marsbitHá 13h

Trading

Spot
Futuros
活动图片

Categorias popularesright-arrow

Etiquetas Popularesright-arrow