coin-img-ETHETH-2.73%coin-img-BTCBTC-2.04%coin-img-SOLSOL-3.28%coin-img-XRPXRP-1.95%coin-img-TOMTOM+17.61%coin-img-BENZBENZ+678.23%coin-img-RAVERAVE-90.05%coin-img-USDCUSDC-0.01%coin-img-ETHETH-2.73%coin-img-BTCBTC-2.04%coin-img-SOLSOL-3.28%coin-img-XRPXRP-1.95%coin-img-TOMTOM+17.61%coin-img-BENZBENZ+678.23%coin-img-RAVERAVE-90.05%coin-img-USDCUSDC-0.01%coin-img-ETHETH-2.73%coin-img-BTCBTC-2.04%coin-img-SOLSOL-3.28%coin-img-XRPXRP-1.95%coin-img-TOMTOM+17.61%coin-img-BENZBENZ+678.23%coin-img-RAVERAVE-90.05%coin-img-USDCUSDC-0.01%coin-img-ETHETH-2.73%coin-img-BTCBTC-2.04%coin-img-SOLSOL-3.28%coin-img-XRPXRP-1.95%coin-img-TOMTOM+17.61%coin-img-BENZBENZ+678.23%coin-img-RAVERAVE-90.05%coin-img-USDCUSDC-0.01%

Aave Sees $5.4B ETH Exit After Kelp DAO rsETH Bridge Exploit

A security incident tied to Kelp DAO's rsETH crosschain bridge, valued at nearly $300 million, has sparked a rush for the exits at Aave. More than $5.4 billion in ETH has been withdrawn as users moved to protect funds amid fears that bad debt could build on the lending protocol. According to the report, the attacker deposited rsETH into Aave and borrowed out ETH, leaving Aave with exposure that is difficult to unwind. The impact was immediate: Aave's ETH utilization rate hit 100%, indicating all available ETH in the pool is currently borrowed and there is no remaining liquidity buffer. Large holders helped drive the move. Justin Sun withdrew 65,584 ETH, about $154 million, in a single transaction. Onchain tracker Lookonchain linked the broader $5.4 billion outflow to concerns among sophisticated users about how bad debt could restrict depositors' ability to withdraw. Kelp DAO said it paused rsETH contracts on mainnet and multiple Layer 2 networks after detecting suspicious crosschain activity. The team said it is working with LayerZero, Unichain, auditors, and security specialists to identify the root cause. D2 Finance's onchain analysis pointed to a private key leak on the source chain, raising trust issues with OApp nodes and enabling bridge manipulation. Investigators outlined two potential failure paths: if a legitimate source transaction exists for the relevant nonce, the compromise likely involves the source-side OApp key; if no source transaction emerges, the issue may sit with the DVN, worsened by Kelp's configuration that relied on LayerZero Labs as the sole verifier. Kelp DAO's contracts remain paused as the investigation continues. With Aave's ETH utilization at 100%, depositors cannot withdraw until borrowed ETH is repaid or fresh liquidity enters the pool. The larger question is how any unrecovered losses tied to exploited rsETH positions would be handled across Aave's system, a process that has historically been contentious and slow. Investigators are still compiling full forensics and an attacker cluster map. Updates are expected through Kelp DAO's verified channels as the inquiry advances. Tags: Crypto news
Dipilih
AAVE
AAVE-18.86%
ETH
ETH-2.91%
Penafian: Konten di atas hanyalah pendapat penulis dan tidak mewakili sikap BingX. Konten tersebut tidak boleh ditafsirkan sebagai nasihat investasi dari BingX. Untuk keterangan lebih lanjut, lihat Syarat dan Ketentuan.