Author: Maher, Foresight News

On April 19, Kelp DAO’s rsETH cross-chain adapter experienced abnormal minting, and attackers generated tokens out of thin air through a bridging vulnerability. This batch of 116,500 rsETH minted out of thin air, with a total value of approximately US$293.7 million, accounting for 18% of the total circulation of the token, was accurately injected into the Aave V3 and V4 markets in less than 90 minutes.

This was not a direct attack on Aave, but it caused the largest indirect loss in Aave's history, approximately US$200 million. The attacker did not try to break into the Aave core contract, but chose to take advantage of the composability between DeFi protocols, using the vulnerability of Kelp DAO as a springboard to lend out real ETH assets in the Aave system, leaving behind a pile of "air collateral" whose value has returned to zero.

Slump in currency prices and whale withdrawals

After the hacker attack, Aave platform data showed that the USDT borrowing APY soared to 14.99%, and the deposit APY soared to 13.39%.

According to the Bitget market, Aave dropped from US$114 that day to a minimum of US$99. On April 20, Aave dropped to approximately US$93. Several whales even cut their flesh and sold it to Aave. The whale named “ThisWillMakeYouLoveAgain” sold 29,400 Aaves for 1,171 ETH (worth $2.73 million), resulting in a loss of more than $6 million. The whale initially spent $11.03 million to buy Aave and currently holds 14,993 Aaves worth $1.39 million.

The whale’s escape also triggered a sharp fall in TVL.

As of 3 pm on April 19, the amount of funds withdrawn from Aave has reached 6.6 billion US dollars, half of which (3.3 billion US dollars) is stable currency.

Lookonchain monitoring shows that Abraxas Capital withdrew US$392 million, MEXC withdrew US$431 million, and whale 0x7CD0 (possibly related to Nonco) withdrew US$405.7 million.

On April 20, according to the latest data from DefiLlama, Aave’s TVL plummeted from US$26.3 billion to US$18 billion, evaporating US$8.3 billion in two days, a drop of more than 31%.

In the face of sudden crises, the Aave team responds quickly. The team not only froze the rsETH deposit and borrow function on the Ethereum main network, but also simultaneously cut off related markets on second-tier networks such as Arbitrum and Optimism, and urgently adjusted the Loan-to-Value of rsETH to 0, technically completely blocking new borrowing paths.

Currently, Aave’s official update states that rsETH on the Ethereum mainnet is fully supported. Out of an abundance of caution, rsETH remains frozen on Aave V3 and V4, and exposure to the event is limited. WETH reserves also remain frozen on affected markets including Ethereum, Arbitrum, Base, Mantle, and Linea.

Aave founder Stani tried to stabilize military morale in the community AMA the next day. He made it clear that the Aave core contract has not been breached, and that this incident is an "upstream pollution" rather than a protocol vulnerability. He also revealed that the protocol's financial reserves and average monthly income stream of approximately US$12 million are sufficient to cover potential losses, and that no security module slash or token issuance plan will be launched in the short term.

But the community still has doubts about the specific details of "reserve coverage" - if the Aave tokens pledged in the security module are ultimately needed to fill the bad debt gap, it will essentially pass on the cost of Kelp DAO's vulnerability to Aave's most loyal stakers.

DeFiLlama founder 0xngmi commented on the Aave bad debt incident, saying that this time hackers stole approximately US$216 million in rsETH from KelpDAO. When KelpDAO did not have the money to pay full compensation, the losses would inevitably be transmitted to Aave. If KelpDAO chooses "social sharing" (giving all rsETH holders a 20% discount), those high-leverage revolving loan positions on Aave will be liquidated directly, resulting in approximately US$216 million in bad debts. Aave's security module (Umbrella) can pocket 55 million, and the treasury will take another 85 million, leaving a hole of 76 million - either borrowing money or selling coins to fill it.

0xngmi said that if KelpDAO chooses to "sacrifice L2 users" and let the rsETH on L2 return to zero to protect the main network, Aave has 359 million US dollars of rsETH deposits on L2. Once it is invalidated, it will be 341 million bad debts. Umbrella will not lose a cent, and Aave will bear all the treasury. It may only be able to save part of the chain and let Arbitrum, Mantle, and Base These big markets fend for themselves. So no matter how KelpDAO chooses, Aave cannot escape the fate of paying the order - the only difference is whether the amount of the order is 76 million or 341 million, and whether it will bleed all members or sacrifice users of a specific chain.

In addition, although the "snapshot rollback and return the money to the holder" solution is the most accurate in theory, the operation is extremely complicated and almost unrealistic.

The price of composability: lessons that Aave V4 needs to catch up

The deeper impact lies in the trust mechanism. Aave is a protocol that has been formally verified for six years and has more than 800 security rules. Its smart contract itself was indeed not breached in this incident, but this is precisely the most ironic thing - no matter how secure a protocol is, it cannot be immune to contamination in the upstream supply chain. This "dependence on contagion risk" is becoming the most difficult security challenge in the DeFi 2.0 era. Unlike the cross-chain bridge vulnerability in 2022 or the oracle manipulation in 2023, this attack demonstrates a more covert risk transmission path: the attacker does not need to face Aave's solid security defenses directly, and can indirectly extract the liquidity of top protocols through the "pollution" of standardized collateral.

From this incident, we can clearly see several obvious gaps in Aave’s risk structure.

Source verification for collateral admission is missing. Currently, Aave's evaluation of LST assets mainly relies on smart contract audit reports and market value thresholds, and lacks on-chain monitoring of the real-time status of the casting contract. When rsETH was attacked, Aave's oracle was still quoting normally because secondary market transactions were not suspended, but the underlying collateral actually no longer existed.

The risk pricing of some re-pledged tokens is too extensive. The depth of secondary market liquidity of rsETH is far less than that of stETH, but it enjoys the same high leverage ratio. The less liquid assets cause greater damage in the crisis.

Lags in cross-protocol risk monitoring. Aave's "Risk Manager" mechanism mainly monitors the health factors within this protocol and lacks real-time awareness of abnormalities in the upstream casting contract. The risk window period of more than 20 minutes is essentially because Aave cannot "see" what is happening inside the Kelp DAO contract.

These notches also provide realistic improvements for the upcoming Aave V4. The most urgent thing is to establish a collateral source verification mechanism, requiring cross-chain assets such as rsETH to provide real-time Merkle tree proof of the underlying collateral, so that the oracle machine can not only verify the price, but also verify the "asset authenticity". Once there is a deviation between the underlying reserves and the circulation, the freezing of borrowing capacity will be automatically triggered.

The second step is to establish a risk signal alliance with upstream protocols such as Kelp DAO, Lido, and Rocket Pool to achieve cross-protocol circuit breaker through a decentralized message layer. When abnormal casting occurs in the upstream, Aave can automatically reduce the LTV of related assets within minutes or even seconds, instead of passively waiting for 25 minutes before manual intervention.

This incident also raised a more acute question: When the DeFi protocol becomes a Lego-like stacking structure, who will pay for the "combination risk"? Aave users did nothing wrong in this incident. They deposited assets and provided liquidity in accordance with the rules, but they faced protocol-level losses due to the bridging vulnerability of Kelp DAO.

If the stakers of the Aave security module are ultimately responsible for the losses, this essentially transfers the risk of the upstream protocol to the Aave community members.

Curve founder Michael Egorov posted: "This incident is exactly the risk posed by the currently widely adopted "non-isolated lending" model. This model has good scalability, but the risks are higher, so risk management is crucial. The hub-and-spoke model of Aave v4 may be a step towards semi-isolation and more security. ”

The encrypted account is benmo.eth commented that KelpDAO's rsETH theft incident has far-reaching consequences, Aave's security "golden body" has been broken, and the risks of the unified lending market are re-entering the scope of whale scrutiny. Aave V4 and modular lending may become future trends, and the related transformation process may accelerate. DeFi will stop its expansion route and shift to a more conservative security model, while further needing to deal with AI-driven security threats such as Anthropic Mythos.

OneKey founder Yishi said bluntly, "The AAVE protocol itself has no design flaws in this incident. The root cause is that the underlying assets are too bad, and L2 is also a pseudo-narrative. It does not actually solve the asset quality problem, but only amplifies the illusion of liquidity."

In early April this year alone, more than $200 million was stolen from Drift. Less than a month later, KelpDAO’s $290 million vulnerability eventually turned into a liquidity crisis for Aave and a test of trust in the entire DeFi industry.

The boundaries of risk management of open financial protocols are no longer limited to the code audit scope of a single protocol, but extend to the source governance of the entire collateral supply chain.