Kelp DAO Suffers $292 Million Attack, Aave V3 Bears $177 Million Bad Debt Pressure
This content has been translated by AI
Summary
BroadChain learned that at 12:16 on April 19, according to PANews, at 17:35 (UTC) on April 18, an attacker stole 116,500 rsETH (approximately $292 million) from the Kelp DAO bridge contract by forging LayerZero cross-chain messages. The attacker subsequently collateralized the stolen rsETH on Aave V3, borrowing approximately $236 million in wETH. As the bridge reserves have been emptied, this batch of rsETH effectively lacks underlying asset support, resulting in approximately $177 million in bad debt for Aave V3. 46 minutes later, Kelp paused the contract, but two subsequent attempts by the attacker failed. This
BroadChain has learned that at 12:16 on April 19, according to PANews, at 17:35 (UTC) on April 18, an attacker stole 116,500 rsETH (approximately $292 million) from the Kelp DAO bridging contract by forging LayerZero cross-chain messages. The attacker subsequently deposited the stolen rsETH as collateral into Aave V3, borrowing approximately $236 million in wETH. As the bridging reserves had been depleted, this batch of rsETH effectively lost its underlying asset support, resulting in approximately $177 million in bad debt for Aave V3. 46 minutes later, Kelp suspended the contract, but the attacker's subsequent two attempts both failed. This incident highlights the compounded risks of liquidity restaking tokens (LRT) in cross-chain architectures and protocol dependencies. Aave's next-generation backup system, Umbrella, faced its first major stress test, and multiple DeFi protocols have suspended related markets.