🚨 Aave has released its post-mortem on the April 18 rsETH exploit, revealing how the attacker drained liquidity through a forged cross-chain message.
According to Aave, Kelp's rsETH LayerZero V2 bridge accepted a fake message during a Unichain-to-Ethereum transfer, allowing the attacker to mint 116,500 rsETH without a corresponding burn on the source chain.
The attacker then deposited the stolen rsETH into 8 Aave V3 positions and borrowed:
82,650 WETH
821 wstETH
$ETH $AAVE
Aave said recovery efforts have made significant progress. The attacker's rsETH on Arbitrum has been burned, while the LayerZero OFT adapter replenished 116,131.72 rsETH across five separate batches.
📊 Insight: The incident highlights the risks associated with cross-chain bridge infrastructure and why security remains one of the biggest challenges in DeFi.
#AAVE #Ethereum #DeFi #Crypto
According to Aave, Kelp's rsETH LayerZero V2 bridge accepted a fake message during a Unichain-to-Ethereum transfer, allowing the attacker to mint 116,500 rsETH without a corresponding burn on the source chain.
The attacker then deposited the stolen rsETH into 8 Aave V3 positions and borrowed:
82,650 WETH
821 wstETH
$ETH $AAVE
Aave said recovery efforts have made significant progress. The attacker's rsETH on Arbitrum has been burned, while the LayerZero OFT adapter replenished 116,131.72 rsETH across five separate batches.
📊 Insight: The incident highlights the risks associated with cross-chain bridge infrastructure and why security remains one of the biggest challenges in DeFi.
#AAVE #Ethereum #DeFi #Crypto