TIME LINE OF THE HACK ON AAVE

Timeline of the exploit during April 2026
17:35 UTC — Start of the attack
The attacker sends a false cross-chain message proof to the Kelp DAO bridge based on LayerZero.
The contract accepts the message as valid.
116,500 rsETH are released unbacked to the attacker's wallet.
Approximate value at that moment: ≈ 292 million USD (18% of the token supply). �
defiprime.com +1
👉 This is where the hack really begins.
17:35 – 18:21 UTC — DeFi exploitation phase
During the following minutes, the attacker executes the second phase:
Deposits the stolen rsETH as collateral in various protocols:
Aave V3
Compound V3
Euler
Borrow in WETH (wrapped ETH).
Approximate results:
≈196 million USD loaned in Aave
≈39 million USD in Compound
≈840k USD in Euler 🥴
LeoDex
Total debt generated in DeFi:
≈236 million USD
18:21 UTC — Kelp DAO pauses the protocol
The Kelp DAO team executes an emergency 'pauseAll'.
This happens 46 minutes after the initial exploit. 🥴
KuCoin +1
Subsequent attempts by the hacker to extract more tokens fail.
~18:52 UTC — Aave activates emergency
The Aave Guardian detects suspicious activity.
Markets for rsETH and wrsETH are frozen across all protocol implementations. 🥴
Aave
Still, the damage was already done:
loans with fake collateral already existed.
~18:55 UTC — Public investigation
On-chain researcher ZachXBT alerts about the attack on Telegram.
Several wallets linked to the attacker identified.
20:10 UTC — First official statement
Kelp DAO publishes its first public statement.
Confirms:
suspicious cross-chain activity
contracts paused
ongoing investigation. 🥴
LeoDex
📉 April 19 — Crisis in Aave
Hours later, systemic consequences begin:
≈177-200 million USD of uncollectible debt in Aave. 🥴
KuCoin +1
The WETH pool reaches 100% utilization. 🥴
Binance
Users attempt to withdraw liquidity massively.
Over 5.4 billion USD in ETH exits the protocol. 🥴
BeInCrypto
The AAVE token drops around 20%. 🥴
CoinMarketCap
📊 April 19–20 — Domino effect
In the next 24–48 hours:
Aave's TVL drops from ~26.4B to less than 20B. 🥴
LeoDex +1
Governance discussion initiated to cover losses.
The Umbrella / Safety Module protection system is activated.
Kelp DAO opens white-hat negotiation with the hacker.
🧠 Summary of the attack (in one line)
A bridge hack in Kelp DAO → creates fake tokens → used as collateral in Aave → real loans → uncollectible debt.
Technical duration of the exploit:
≈46 minutes
Total financial impact on the ecosystem:
$292M stolen
$177M–$200M of debt in Aave
$6B–$9B of liquidity withdrawn 🥴
KuCoin +1
#HackAAVE #AaveProtocol #HackeoAAVE