Over the weekend, Aave, a lending protocol, encountered potential losses up to $230 million due to an exploit involving the Kelp DAO and LayerZero bridge. As detailed in reports by Aave Labs and LlamaRisk on Aave’s governance forum, the core issue involved rsETH—a liquid restaking token from KelpDAO. The protocol uses a bridge system that locks tokens on one chain while issuing equivalents on another.
An attacker manipulated this mechanism by forging a transfer message, creating new rsETH tokens without backing them with actual assets. This resulted in 116,500 rsETH being released from the Ethereum-side of the bridge. Instead of selling these, the attacker used 89,567 rsETH as collateral to borrow approximately $190 million worth of ETH and other related assets on Ethereum and Arbitrum, leaving Aave exposed due to the potentially impaired backing of this collateral.
Aave Labs responded swiftly by freezing rsETH markets across all deployments, setting loan-to-value ratios to zero, and halting new borrowing against rsETH. The outcome hinges on KelpDAO’s handling of the shortfall. If losses are distributed among all rsETH holders, a 15% depegging is expected, leading to about $124 million in bad debt for Aave. Conversely, if losses are confined to Layer 2 networks like Arbitrum and Mantle, bad debt could escalate to around $230 million.
The exploit arose from vulnerabilities in Kelp’s validation of cross-chain messages via LayerZero, allowing the attacker to falsely present certain assets as fully backed. Although LayerZero was not hacked directly, its messaging layer exposed flawed assumptions within Kelp’s data verification process. This incident raised concerns regarding Aave’s collateral being mispriced or inadequately backed.
In response, users withdrew approximately $6 billion in total value locked from Aave, a move reflecting widespread uncertainty and efforts to reduce risk exposure. The situation underscored Aave’s indirect vulnerability through interconnected DeFi systems, as it experienced heightened collateral risks, pressure on lending positions, and a steep decline in deposits.
Currently, the report states that Aave’s DAO treasury holds about $181 million in assets, with ongoing discussions among ecosystem participants to mitigate potential losses. KelpDAO has yet to specify its plan for loss allocation, leaving Aave’s final exposure unclear as developments continue.