DeFi's Largest Heist: Hacker Forges Cross-Chain Messages to Steal $292 Million in rsETH and Transfers Risk to Aave
This content has been translated by AI
Summary
BroadChain has learned that on April 19 at 09:30, according to TechFlow, on April 18, an attacker stole approximately 116,500 rsETH (worth $292 million) from the Kelp DAO bridge contract by forging LayerZero cross-chain messages, subsequently collateralizing it on Aave V3 to borrow approximately $236 million in wETH. This attack exposed the structural risks of the cross-chain bridge reserve model: the depletion of mainnet reserves has left 18% of the total rsETH supply without underlying backing, potentially triggering a run by L2 holders. Aave's Umbrella fallback mechanism faces its first major stress test, needing to cover an estimated $177 million shortfall with staked assets.
BroadChain has learned that at 09:30 on April 19, according to TechFlow, on April 18, an attacker stole approximately 116,500 rsETH (worth $292 million) from the Kelp DAO bridging contract by forging LayerZero cross-chain messages, and subsequently used it as collateral on Aave V3 to borrow approximately $236 million in wETH. This attack exposed the structural risks of the cross-chain bridge reserve model: the depletion of mainnet reserves has caused 18% of the total rsETH to lose its underlying support, potentially triggering a run by L2 holders. Aave's Umbrella backup mechanism is facing its first major stress test, needing to cover an estimated $177 million in bad debt with staked assets. The incident has triggered a chain reaction, with multiple protocols including Aave and SparkLend freezing the rsETH market. This highlights the multi-layered nested risks of liquidity restaking tokens (LRT) as collateral, and how DeFi composability, while amplifying network effects, also broadens the attack surface.