Hackers exploited Kelp DAO's LayerZero bridge vulnerability, stealing 116,500 rsETH and depositing 89,567 into Aave as collateral to borrow $193M in real assets within 46 minutes.
Cascading Impact
Aave faces potential bad debt of $123M-$230M depending on loss allocation, while protocol TVL crashed $8.45B as users fled. Arbitrum froze $71M exploiter funds using emergency powers.
Systemic Risk
Incident exposes critical cross-chain infrastructure weaknesses, with LayerZero's 1-of-1 DVN configuration and RPC node compromise raising questions about DeFi security architecture.