coin-img-ETHETH-3.11%coin-img-BTCBTC-2.12%coin-img-SOLSOL-3.47%coin-img-XRPXRP-2.87%coin-img-TOMTOM+31.58%coin-img-BENZBENZ+349.05%coin-img-USDCUSDC-0.01%coin-img-RAVERAVE-90.90%coin-img-ETHETH-3.11%coin-img-BTCBTC-2.12%coin-img-SOLSOL-3.47%coin-img-XRPXRP-2.87%coin-img-TOMTOM+31.58%coin-img-BENZBENZ+349.05%coin-img-USDCUSDC-0.01%coin-img-RAVERAVE-90.90%coin-img-ETHETH-3.11%coin-img-BTCBTC-2.12%coin-img-SOLSOL-3.47%coin-img-XRPXRP-2.87%coin-img-TOMTOM+31.58%coin-img-BENZBENZ+349.05%coin-img-USDCUSDC-0.01%coin-img-RAVERAVE-90.90%coin-img-ETHETH-3.11%coin-img-BTCBTC-2.12%coin-img-SOLSOL-3.47%coin-img-XRPXRP-2.87%coin-img-TOMTOM+31.58%coin-img-BENZBENZ+349.05%coin-img-USDCUSDC-0.01%coin-img-RAVERAVE-90.90%

Kelp DAO rsETH bridge reportedly exploited for $292M; Aave exposure grows

On April 19 (Beijing time), the DeFi market was hit by another major security incident. On-chain data indicates that around 1:35 a.m., Kelp DAO's rsETH bridge contract—built on LayerZero and tied to the market's second-largest liquid staking protocol—was allegedly exploited, with 116,500 rsETH stolen, valued at roughly $292 million. Tracing the attacker's activity shows the wallet received 1 ETH in seed funding from Tornado Cash about 10 hours before the event. The attacker then invoked the lzReceive function on LayerZero's EndpointV2 contract, which triggered Kelp's bridge contract to transfer the 116,500 rsETH to another attacker-controlled address. About two and a half hours later, Kelp DAO confirmed on X that it had detected suspicious cross-chain activity involving rsETH and had paused rsETH contracts on Ethereum mainnet and multiple Layer 2 networks. The team said auditors are working with security specialists from LayerZero and Unichain and that updates will be shared via official channels. Post-incident reviews by DeFi teams and security groups have focused on message origination. D2 Finance's analysis, widely circulated in the community, noted that LayerZero Scan labeled the remote endpoint as Kelp DAO and suggested the message came from Kelp's legitimately deployed remote contract, with the path previously recording 308 message nonces. The conclusion: the source chain private key was likely compromised. TinyHumans AI developer Steven Enamakel added that the setup relied on a 1/1 validator set (DVN), meaning a single validator's erroneous transaction could be enough to trigger a failure. Aave became a key venue for the attacker's exit. With rsETH liquidity limited, the attacker reportedly used lending markets to post rsETH as collateral and borrow WETH, which is more liquid. PeckShield Alert data shows that as of 4:30 a.m., the stolen rsETH had been deposited into lending protocols including Aave V3, Compound V3, and Euler, with WETH borrowings pushing total debt above $236 million. Aave accounted for about $196 million, Compound for $39.4 million, and Euler for about $840,000. Aave moved quickly to freeze the rsETH market on Aave V3 and V4. In a statement on X, the team said Aave's contracts were not compromised and that the incident was related to rsETH. The freeze was intended to prevent new rsETH deposits and collateral-based borrowing while the situation is reviewed. Aave said it is reviewing rsETH borrow activity that occurred after the exploit and will share additional details. The post was later updated to add: if the event results in bad debt, the protocol will explore ways to cover the shortfall. The scale of potential bad debt remains uncertain. monetsupply.eth, strategic lead at Spark, said that if rsETH trades at a 19% discount—matching the stolen amount as a share of total rsETH supply—Aave could face more than $100 million in bad debt due to highly leveraged circular lending. Marc Zeller, founder of the Aave Chan Initiative (ACI) and a key Aave governance representative who has said he will leave in July amid governance disputes, offered a more restrained view. Shortly after the incident, Zeller urged users to withdraw WETH from Aave V3 to reduce risk and said USDC and USDT markets on Aave were unaffected. Responding to speculation that losses could reach hundreds of millions, he wrote: "Significantly less than that number." Zeller also said the episode would be a real-world test for Umbrella, Aave's automated safety module designed as a reserve pool to absorb bad debt. Protocol data shows roughly $50 million in WETH currently available in Umbrella to potentially address losses tied to this event, though it is unclear whether that amount would be sufficient. Market reaction was immediate. AAVE fell nearly 10% in short-term trading, changing hands around 104.6 USDT at the time of writing. The episode adds to a growing list of major April security events. On April 1, Solana-based derivatives venue Drift Protocol was hit in an attack that reportedly led to losses of up to $280 million. Drift attributed the theft to "North Korean hackers," while entities including Tether pledged $147.5 million to compensate users. Just over 10 days later, an even larger incident has surfaced. With top-tier protocols now facing spillover risk, the incident has renewed questions about where DeFi users can park assets safely. Many details remain unresolved, and further updates are expected as investigations continue.
Sélectionné(s)
ETH
ETH-3.04%
STG
STG-7.02%
Avis de non-responsabilité : le contenu ci-dessus n'engage que l'auteur et ne constitue en aucun cas l'opinion de BingX. Ce contenu ne doit pas être interprété comme un conseil en investissement de la part de BingX. Pour plus de détails, veuillez vous référer aux Conditions générales.