DeFi Hacked Again, Losing $292 Million: Is Even Aave No Longer Safe?

Odaily星球日报2026-04-18 tarihinde yayınlandı2026-04-18 tarihinde güncellendi

Özet

On April 19, DeFi suffered another major security breach, with liquid staking protocol Kelp DAO losing approximately 116,500 rsETH (worth around $292 million) due to an exploit in its LayerZero-based bridge contract. The attack originated from a compromised private key on the source chain, allowing the hacker to initiate unauthorized transfer via a single validator. The attacker used the stolen rsETH as collateral on lending platforms including Aave, Compound, and Euler to borrow more liquid assets like wETH, resulting in over $236 million in debt—$196 million from Aave alone. Aave quickly froze its rsETH markets and announced it would explore covering potential bad debt through its Umbrella safety module, which holds about $50 million in WETH. This incident follows a $280 million exploit on Solana’s Drift Protocol earlier in April, raising further concerns about DeFi security. Even established protocols like Aave are now indirectly exposed, prompting warnings for users to diversify holdings and limit exposure to smart contract risks. Investigations are ongoing.

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

On April 19th, Beijing time, DeFi security suffered another major blow.

On-chain data shows that around 1:35 this morning, the rsETH bridge contract of Kelp DAO, the second-largest liquid staking protocol based on LayerZero, was suspected to be exploited by hackers, resulting in a loss of 116,500 rsETH, valued at approximately $292 million.

Further tracing the on-chain records, the attacker's address received 1 ETH in initial funds from the mixing protocol Tornado Cash about 10 hours before the incident. Subsequently, this address called the lzReceive function on the LayerZero EndpointV2 contract. This call triggered Kelp's bridge contract, transferring 116,500 rsETH to another attacker address.

About two and a half hours after the incident, Kelp DAO officially confirmed the attack on X: "Earlier today, we detected suspicious cross-chain activity involving rsETH. During the investigation, we have paused the rsETH contracts on the mainnet and multiple Layer 2s. Our auditors are working with security experts from LayerZero and Unichain to closely monitor the situation. We will keep you updated on the latest developments. Please follow official channels."

After the incident, various DeFi projects and security agencies analyzed the cause. An analysis by D2 Finance was frequently cited within the community — LayerZero Scan marked the source's counterpart as Kelp DAO, meaning the message came from a legitimately deployed endpoint contract by Kelp itself, and this path had previously recorded 308 message nonces. Therefore, the root cause of this attack was a "compromise of the source chain private key."

Steven Enamakel, a developer at TinyHumans AI, added that the contract was secured by only a 1/1 validator set (DVN), meaning a single erroneous transaction from the validator was enough to cause the issue.

Hacker Escapes via Aave, Suspected Bad Debt Incurred

Due to the limited trading liquidity of rsETH itself, the hacker's chosen escape strategy was to route through lending protocols like Aave, using the stolen rsETH as collateral to borrow more liquid wETH.

According to monitoring by PeckShield Alert, as of 4:30 this morning, the hacker's address had deposited the stolen rsETH into lending protocols including Aave V3, Compound V3, and Euler, borrowing a significant amount of WETH, with a total debt exceeding $236 million — of which Aave alone accounted for $196 million, Compound $39.4 million, and Euler only $840,000.

Following the incident, Aave promptly froze the rsETH market on Aave V3 and V4. The team subsequently issued an official statement on X: "Aave contracts have NOT been exploited. The exploit is related to rsETH. Freezing rsETH is to prevent new rsETH deposits and borrowing against rsETH collateral while the situation is assessed. We are reviewing the borrows of rsETH that occurred on Aave post-exploit and will share more details as soon as possible."

Shortly after the initial statement, Aave updated the post, adding: "Should the protocol accrue bad debt from this incident, we will explore avenues to cover the shortfall."

As of the time of writing, the specific amount of bad debt caused by this incident is still unclear.

monetsupply.eth, Head of Strategy at Aave's direct competitor Spark, stated that if rsETH experiences a 19% devaluation (the stolen amount represents 19% of the total rsETH supply), Aave could potentially incur over $100 million in bad debt due to highly leveraged recursive borrowing.

However, Marc Zeller, founder of the representative Aave governance team Aave Chan Initiative (ACI) (who has announced his departure from Aave in July due to governance disagreements), offered a different perspective. Zeller initially advised users to quickly withdraw WETH from Aave V3 to avoid losses and confirmed that the USDC and USDT markets on Aave were unaffected. In response to another user's speculation that "bad debt could reach hundreds of millions," he stated: "Far less than that figure."

But Marc Zeller also mentioned that it was time to test Umbrella in a real production environment. Umbrella refers to Aave's automatic safety module, essentially a pool of funds to handle bad debt. Users can deposit assets into it for higher incentives, but the pool also bears potential losses if the protocol incurs bad debt.

Aave protocol data shows that Umbrella currently holds approximately $50 million worth of WETH that could be used to address potential bad debt from this incident, but it is uncertain whether this will be sufficient to cover the shortfall.

Affected by this event, AAVE's price fell sharply by nearly 10% in the short term, trading at around 104.6 USDT at the time of writing.

Another Hundred-Million-Dollar Security Incident in April

This is not the first massive security incident this month.

As early as April 1st, the Solana ecosystem derivatives trading protocol Drift Protocol was attacked, losing up to $280 million (see 《April Fool's Joke? Drift Protocol Hacked for Over $280 Million, Possibly Becoming Solana Ecosystem's Second Largest DeFi Heist》).

Afterwards, Drift Protocol directly blamed "North Korean hackers" for the theft, but fortunately, institutions like Tether pledged $147.5 million for user compensation, giving users some hope for reimbursement.

Just over ten days later, another, even bigger hacking incident erupted. How will this one be resolved?

Is There Any Safe Place Left in DeFi?

Security issues in DeFi are intensifying.

On one hand, there are continuous hacking incidents; on the other, there are persistent security threats posed by AI like Mythos (refer to 《Odaily Interview with Yu Xian: How Does the Leak of Anthropic's Nuclear-Grade New Model Affect Crypto Security Offense and Defense?》). For DeFi users, the previous countermeasure was to concentrate funds towards well-audited, reputable top-tier protocols. But now, even a top-tier protocol like Aave, which retail users subconsciously considered extremely unlikely to have problems, is indirectly affected. Where can users move their funds?

Personally, it is currently not advisable to keep large amounts of funds on-chain. If there is a genuine need, please ensure proper diversification and isolation of positions.

As of the time of writing, many details about this incident remain unclear. Odaily will continue to follow the developments of the event. Please stay tuned.

İlgili Sorular

QWhat was the total value of rsETH stolen in the Kelp DAO attack?

AThe attack resulted in the theft of 116,500 rsETH, valued at approximately $292 million.

QWhich lending protocol did the hacker use to borrow WETH using the stolen rsETH as collateral?

AThe hacker used Aave V3, Compound V3, and Euler to borrow WETH, with Aave V3 accounting for the largest debt of $196 million.

QWhat was identified as the root cause of the Kelp DAO bridge contract exploit?

AThe root cause was identified as a compromise of the source chain private key, allowing the attacker to send a malicious message from a legitimate Kelp-deployed endpoint contract.

QWhat is the name of Aave's automatic security module designed to cover potential bad debt, and how much WETH does it currently hold?

AAave's automatic security module is called Umbrella, and it currently holds approximately $50 million worth of WETH to cover potential bad debt from this incident.

QHow did Aave respond to the incident involving the hacker using its protocol?

AAave froze the rsETH market on its Aave V3 and V4 platforms to prevent new deposits and collateralized loans. The team also stated it would explore ways to cover any deficit if the protocol accumulated bad debt from the event.

İlgili Okumalar

The Exquisite Self-Interest of Former OpenAI CTO Murati: Personally Handing Over the Knife and Then Being the First to Seek Reconciliation

Court documents from Elon Musk's lawsuit reveal OpenAI's former CTO, Mira Murati, played a central and seemingly self-interested role in Sam Altman's November 2023 ouster and reinstatement. As early as 2022, she complained to Altman about his shifting priorities and pressure to prioritize revenue. By 2023, she privately supplied co-founder Ilya Sutskever with extensive internal evidence against Altman, which became a key 52-page memo for the board. She was appointed interim CEO after Altman's firing and informed Microsoft. However, text messages show Murati simultaneously relayed the board's stance to Altman while secretly urging Microsoft's CEO to help reverse the decision. Once employee backlash mounted, she refused to publicly defend the board's move she helped engineer. She then became the first signatory on the employee petition demanding the board resign and reinstate Altman. A former board member testified Murati was "waiting to see which way the wind blew," not realizing "she herself was the wind." The evidence depicts her actions as consistently aligning with her own interests throughout the crisis.

marsbit4 dk önce

The Exquisite Self-Interest of Former OpenAI CTO Murati: Personally Handing Over the Knife and Then Being the First to Seek Reconciliation

marsbit4 dk önce

AI Inference Bills Soar, Shopify and Roblox Warn: Savings from Layoffs Not Enough to Cover Chip Costs

The 2026 Q1 earnings season reveals a paradox: while AI helps companies freeze hiring and boost productivity, the soaring costs of AI inference—token consumption and GPU depreciation—are eroding savings from workforce reductions. Shopify reported that AI now writes over 50% of its code, enabling significant output with stable headcount. However, LLM costs, driven by heavy usage of its AI assistant Sidekick, are pressuring its subscription毛利率. Similarly, Roblox attributed a quarter of its full-year利润率下调 to increased AI investment. The article highlights a broader industry imbalance: combined AI capital expenditure for Amazon, Meta, Microsoft, and Google is projected to reach $725 billion in 2026, vastly outpacing potential savings from layoffs. For instance, Meta's planned裁员 would save about $2.4 billion annually, offsetting only ~12% of its incremental AI depreciation. While底层 model and chip suppliers like NVIDIA maintain high profitability, application-layer companies face a pricing squeeze. Their strategies now involve要么 tightly linking AI costs to user engagement (like Shopify) or introducing fees for advanced AI features (like Roblox), as covering AI bills with裁员 savings alone is financially unsustainable.

marsbit14 dk önce

AI Inference Bills Soar, Shopify and Roblox Warn: Savings from Layoffs Not Enough to Cover Chip Costs

marsbit14 dk önce

Has Hook Summer Really Arrived? sato, Lo0p, FLOOD Ignite the New Narrative of Uniswap v4

"Hook Summer" Arrives? Sato, Lo0p, FLOOD Ignite Uniswap v4 Narrative Amidst a slight market recovery, attention within the Ethereum ecosystem has shifted to Meme coins built on Uniswap v4's Hook protocol. Following ASTEROID, tokens like sato, sat1, Lo0p, and FLOOD have become market focal points, with market caps ranging from millions to tens of millions, bringing concentrated liquidity to a narrative-dry market. Uniswap v4 Hooks are "plugin smart contracts" that allow developers to inject custom logic at key points in a liquidity pool's lifecycle (initialization, adding/removing liquidity, swaps, etc.), making the AMM programmable. Recent representative projects include: * **sato**: Market cap peaked over $38M; uses a v4 curve mechanism for minting/burning, locking ETH as reserve. * **sat1**: Market cap briefly exceeded $10M, positioning as an "optimized sato," but later declined significantly. * **Lo0p**: Market cap neared $6.6M; a "lending AMM protocol" allowing users to borrow ETH against deposited LO0P tokens without immediate selling pressure. * **FLOOD**: Market cap approached $6M; channels trading reserves into Aave v3 to generate yield, which is retained in the pool. The emergence of these Hook-based tokens could drive long-term growth for the Uniswap ecosystem by attracting users and liquidity to v4 pools. Combined with Uniswap's activated fee switch (partially used to burn UNI), the long-term outlook for UNI appears positive. However, short-term UNI price appreciation is not directly guaranteed. Factors include the sustainability and lifecycle of these new tokens, their price volatility, overall market conditions, and regulatory pressures. Currently, Uniswap v4's TVL ($595M) lags behind v3 and v2, indicating Hook adoption still requires time to mature. In summary, the Hook ecosystem serves as "long-term nourishment" for UNI, but acts more as a "catalyst" than a direct "booster" in the short term. Note: These are early-stage experimental tokens and may carry unknown risks.

marsbit24 dk önce

Has Hook Summer Really Arrived? sato, Lo0p, FLOOD Ignite the New Narrative of Uniswap v4

marsbit24 dk önce

Has Hook Summer Truly Arrived? sato, Lo0p, FLOOD Ignite the New Uniswap v4 Narrative

With the broader market showing signs of recovery, a new wave of interest has emerged around Ethereum-based meme coins. Following ASTEROID, tokens like sato, sat1, Lo0p, and FLOOD, built upon the Uniswap v4 Hook protocol, are capturing market attention. Their market capitalizations range from millions to tens of millions of dollars, injecting much-needed focused liquidity into a market lacking narratives. This article explores whether this trend signifies an incoming "Hook Summer" and its potential impact on UNI's price. Hooks are essentially plug-in smart contracts for Uniswap v4 liquidity pools, allowing developers to inject custom logic at key points in a pool's lifecycle (like initialization, adding/removing liquidity, swaps). This transforms the AMM into programmable building blocks. Key highlighted projects include: * **sato**: Peaked over $38M market cap. It utilizes a v4 curve for minting/burning; buying locks ETH as reserve to mint new tokens, while selling redeems ETH from the reserve and burns tokens. * **sat1**: Market cap briefly exceeded $10M, promoted as an "optimized sato," but later declined significantly. * **Lo0p**: Reached nearly $6.6M. It's a lending AMM protocol where buying LO0P tokens locks them as collateral, allowing users to borrow ETH from the pool reserve at 40% LTV, aiming to improve capital efficiency for idle ETH in LPs. * **FLOOD**: Peaked near $6M. Its mechanism directs asset reserves from buys into Aave v3 to generate yield, with fees and interest retained in the pool to potentially influence the token's price long-term. In the long term, the development of the Hook ecosystem can attract users and liquidity to Uniswap v4, benefiting UNI's fundamentals—especially combined with the recent activation of the protocol fee switch, where a portion of fees is used to burn UNI. However, in the short term, these Hook-based tokens are unlikely to directly drive significant UNI price appreciation. Their impact is moderated by factors like token sustainability, price volatility, and broader market and regulatory conditions. Currently, Uniswap v4's TVL ($595M) still trails behind v2 and v3, indicating adoption and growth will take time. The article concludes that while the Hook ecosystem provides long-term "nourishment" for UNI, its short-term role is more of a "catalyst" than a "booster." Readers are cautioned that these are early-stage experimental tokens and may carry unknown risks.

Odaily星球日报36 dk önce

Has Hook Summer Truly Arrived? sato, Lo0p, FLOOD Ignite the New Uniswap v4 Narrative

Odaily星球日报36 dk önce

Interview with Michael Saylor: I Did Say I Would Sell Bitcoin, But Never a Net Sale

Interview with Michael Saylor: I Said We'd Sell Bitcoin, But Never Be a Net Seller In a recent podcast, MicroStrategy Executive Chairman Michael Saylor clarified the company's stance on potentially selling Bitcoin. Following MicroStrategy's earnings call statement about being prepared to sell BTC to fund dividends for its STRC (Strategic) credit product, Saylor emphasized the distinction between selling and being a "net seller." Saylor explained the core business model: MicroStrategy sells credit instruments like STRC and uses the proceeds to buy Bitcoin, which is viewed as "digital capital" expected to appreciate around 30-40% annually. A portion of these capital gains can then be used to pay the dividends on the credit products. He stressed that even if the company sells some Bitcoin for dividends, it simultaneously buys much more with new credit issuance. For example, after raising $3.2 billion from STRC sales in April, the dividend obligation was only $80-90 million, making the company a net buyer. The clarification aims to counter market narratives questioning the value of Bitcoin on MicroStrategy's balance sheet if it were never sold, and to dismiss claims of a "Ponzi scheme." Saylor reiterated his personal philosophy for investors: "Don't be a net seller of bitcoin" and ensure your Bitcoin holdings increase each year. Saylor also discussed Bitcoin's role as the foundation for "digital credit," noting that STRC has become the largest and most liquid preferred stock issue in the U.S., offering high risk-adjusted returns (Sharpe ratio). He highlighted Bitcoin's deep liquidity, stating that even large purchases by MicroStrategy do not move the market significantly, which is driven by macro factors, geopolitical tensions, and capital flows from ETFs and credit products. Finally, Saylor reflected on his early inspiration from sci-fi books, which motivated his path to MIT, and maintained his fundamental thesis on Bitcoin remains unchanged: it is superior digital capital enabling superior digital credit.

链捕手40 dk önce

Interview with Michael Saylor: I Did Say I Would Sell Bitcoin, But Never a Net Sale

链捕手40 dk önce

İşlemler

Spot

Futures