Home
News
Details

Aave Faces $5.4 Billion ETH Withdrawals After Kelp DAO rsETH Exploit

iconCoinpedia
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$2,319.01-1.24%
This is the logo of the coin.
AAVE
$94.2271.81%
AI summary iconSummary

expand icon
ETH news: A $300 million exploit on Kelp DAO’s rsETH bridge triggered over $5.4 billion in ETH withdrawals from Aave as users rushed to secure funds. The attacker deposited rsETH into Aave to drain ETH, pushing utilization to 100%. Justin Sun withdrew 65,584 ETH ($154 million). Kelp DAO paused rsETH contracts and is investigating. ETH update: On-chain data suggests a private key leak enabled the exploit. Aave now faces bad debt and liquidity challenges.
Unleash Protocol Hack Drains $3.9M After Multisig Exploit, PeckShield Reveals

A nearly $300 million exploit targeting Kelp DAO’s rsETH cross-chain bridge has triggered a mass withdrawal event at Aave, with over $5.4 billion in ETH leaving the protocol as users rushed to pull funds following concerns about bad debt accumulating on the platform.

The attacker deposited rsETH into Aave to drain ETH, leaving the protocol holding exposure it cannot easily unwind. The consequence was immediate. Aave’s ETH utilization rate climbed to 100%, meaning every available ETH in the lending pool is now borrowed and the protocol has no liquidity buffer remaining.

The Whale Exodus

The scale of the withdrawal was driven by large holders acting quickly. Justin Sun alone removed 65,584 ETH worth approximately $154 million from Aave in a single move, a transaction that on its own would have been headline news on any other day.

According to on-chain tracking by Lookonchain, the broader exodus of $5.4 billion reflects a wider panic among sophisticated users who understood what bad debt at Aave means for depositors unable to withdraw at will.

What Actually Happened

Kelp DAO paused rsETH contracts across mainnet and multiple Layer 2 networks shortly after identifying suspicious cross-chain activity. The team said it was working with LayerZero, Unichain, auditors and security experts to determine the root cause.

On-chain analysis from D2 Finance pointed to a private key leak on the source chain as the root cause, creating a trust issue with OApp nodes that allowed the attacker to manipulate the bridge.

A further nuance was added by investigators following the forensics. Two possible failure paths exist. If a legitimate source transaction exists for the relevant nonce, the compromise originated from the source-side OApp key. If no source transaction surfaces, the failure is on the DVN side, compounded by Kelp’s configuration of a single point of failure using LayerZero Labs as the sole verifier.

What Comes Next

Kelp DAO’s contracts remain paused while the investigation continues. Aave’s ETH utilization at 100% creates a situation where depositors cannot withdraw until borrowed ETH is repaid or new liquidity enters the pool.

The bad debt question is the more pressing concern. If the exploited rsETH positions cannot be recovered, Aave will need to determine how losses are distributed across the protocol, a process that has historically been contentious and slow.

Full forensics and an attacker cluster map are still being compiled. Official updates are expected through Kelp DAO’s verified channels as the investigation progresses.

Tags
Crypto news
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.