The $292M $rsETH exploit wasn’t a typical bug. It was a bridge failure. The attacker found a weak verifier setup. Only one approval was required. They forged a cross-chain message. And tricked the bridge into releasing funds. 116,500 fake $rsETH were minted. Worth around 292M $ . That’s nearly 36% of total supply. These tokens had no real $ETH backing. The attacker moved fast. Deposited $rsETH into Aave as collateral. Borrowed 106,467 ETH (~$250M). Then started dumping rsETH. Creating heavy market pressure. Impact: Over $177M bad debt. $WETH pool utilization hit 100%. Aave had to freeze the rsETH market. Important: Core rsETH wasn’t broken. The exploit hit the bridged version. Attacker wallet is being tracked. Funds were routed via Tornado Cash. One of the biggest bridge failures of 2026. Reminder: Bridges are still the weakest link in crypto.
Share
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.