Written by: Clow

On April 18, DeFi was pushed into the water.

This time it was not an exchange being hacked, nor a contract being directly drained. The attackers acquired a batch of collateral certificates worth approximately $290 million, sending them into Aave, an on-chain lending protocol, to borrow more liquid ETH assets like WETH and wstETH.

These certificates are called rsETH, akin to an "ETH receipt": users deposit ETH or related assets into KelpDAO, receiving a certificate that can be redeemed for the underlying assets in the future. Aave functions like an on-chain pawn shop where users deposit assets as collateral, then borrow ETH, stablecoins, or other assets.

The problem is that the warehouse behind this "receipt" encountered issues.

It's like someone trying to get a loan from a bank with an expired warehouse receipt. The warehouse is out of goods, but the banking system has not reacted yet and keeps lending at face value.

The most awkward part is that the bank's counter is not broken, and the loan process is still intact. What is truly broken is the relationship between that receipt and the warehouse. What Aave encountered this time is a similar problem.

If KelpDAO had just lost coins, it would have been a security incident for one protocol. However, when bad collateral entered Aave, the situation escalated into a run on the DeFi credit system.

Who suffers the most? Not KelpDAO, but those locked up

Incident reports reveal that the attack occurred on April 18, 2026, at 17:35 UTC. The attackers deceived KelpDAO's rsETH channel from Unichain back to Ethereum, releasing 116,500 rsETH.

Of these, 89,600 rsETH were deposited into Aave, borrowing 82,700 WETH and 821 wstETH, totaling approximately $193 million.

Aave was not the one being hacked. Its contracts were fine, and the price system was not directly attacked. The issue was that the attackers collateralized a batch of "seemingly valuable" rsETH and borrowed real, valuable assets from the Aave pool. WETH is the ETH balance that can be withdrawn from the pool. Once it was borrowed to the point of being empty, depositors still saw their account balances, but the withdrawable WETH was gone.

Multiple markets saw WETH reserves reach a utilization rate of 100%, with idle balances nearly nonexistent. For users, this translates to:

You have money, but you can't take it out right now.

This feels similar to an exchange pausing withdrawals, just a more glaring version on-chain. The page won’t tell you "the money is gone," it will only inform you "there is no liquidity right now." Depositors see their balances, but what is truly missing is the exit.

Aave subsequently froze rsETH, wrsETH, and WETH across multiple markets. It was not that users did something wrong, but rather the system had to first close the entry.

This is also why many people find this situation hard to grasp at first glance. Aave was not directly drained by hackers, but the collateral it received suddenly turned bad. Depositors thought they were merely putting ETH into a lending pool, only for someone on the other end to take out good assets with bad receipts.

This time, it wasn't the safe being pried open, but the doorman being deceived

The cross-chain channel of KelpDAO utilized LayerZero. The cross-chain bridge functions like a transfer system between two warehouses: a batch of rsETH is locked on Ethereum, and corresponding receipts are issued on the other chain; when users come back, the system confirms that the receipts have been destroyed before releasing the rsETH from the Ethereum warehouse.

The more people who validate this message, the safer it is. Yet KelpDAO at that time was 1-of-1 DVN, meaning there was only one verification source responsible for stamping the approval. One person stamps it, and one person releases it.

RPC nodes act like "audit windows." According to LayerZero's disclosures, attackers breached two RPC nodes and launched a DDoS attack against the unbreached external RPC, forcing the verification network to read states from a tainted data source. As a result, the validators saw a non-existent message: it seemed that enough rsETH had already been destroyed on another chain to permit the release of tokens from Ethereum.

The contract on the Ethereum side believed it and subsequently released 116,500 rsETH.

Every step on-chain resembled a normal transaction. The signatures matched, the messages were correct, and the processes were right. Yet the underlying event had never happened. The code executed according to the input, the problem was that the input had been tainted.

This was more awkward than an ordinary contract bug. At least a contract bug can point to a line of code that’s wrong; this was more like a surveillance camera feed being swapped, and the security guard opened the door according to procedures. The door opened following protocol, the issue was that the person outside shouldn't have been let in.

Therefore, the truly frightening aspect of this incident is not that a developer wrote a line of code wrong, but rather that many protocols’ underlying trusted infrastructures can also lie. Bridges, nodes, and verification networks usually operate in the background but can directly rewrite the lives and deaths of assets when issues arise.

Why was Aave dragged into bad collateral?

Lending protocols fear not price fluctuations. At least price fluctuations can lead to liquidations. The trouble is that the collateral appears to still be valuable while the underpinning support has collapsed.

rsETH was originally just an ETH receipt, with an additional layer over ordinary ETH. Once it crossed to secondary layer networks like L2, another layer of bridge risks was added. When it entered Aave, what is typically called capital efficiency transforms into a risk blind box during an incident.

If it were merely a price drop in ETH, Aave could liquidate per the rules. But the issue with rsETH is not simply a declining price but whether "this receipt can still be redeemed for goods." Once this question remains unanswered, liquidations can become awkward as the market may not be willing to absorb it.

Aave's accident report suggested two bad debt scenarios: if losses were borne collectively by all rsETH holders, the potential bad debt would be approximately $123.7 million; if it was isolated to L2 rsETH, the estimated bad debt could reach $230.1 million, primarily impacting Mantle and Arbitrum.

The two figures differ significantly, but they both convey the same message: Aave did not lose due to a faulty contract logic but rather overestimated the reliability of this "ETH receipt." The attackers were aware of this as well, hence they refrained from rushing to sell rsETH and instead flooded the lending market with bad collateral to borrow good assets.

In the past, everyone liked to praise composability: an asset from one protocol can seamlessly enter another. This time, the opposite has been observed. A hole in one protocol can also seamlessly enter another protocol.

Aave’s report indicated that as of April 20, the Aave DAO treasury had approximately $181 million in assets. A governance proposal on April 24 laid out a rescue plan: the DeFi United rescue alliance aims to coordinate funds from multiple parties to fill the rsETH endorsement gap.

The plan includes 40,400 rsETH frozen by KelpDAO, 30,800 ETH frozen by the Arbitrum Security Council, up to 30,000 ETH credit line from Mantle, and 25,000 ETH requested from the Aave DAO.

Circle was also drawn into this. It is the stablecoin issuer behind USDC, now starting to worry about the lending market. This is not charity; it is the self-preservation of the industry chain.

This also explains why the rescue came so quickly. Aave is not an isolated site; it is a hub for many wallets, yield strategies, stablecoin transactions, and market-making capital. Once this hub is blocked, many seemingly unrelated protocols outside will also suffer.

USDC must circulate in DeFi, relying on core lending markets like Aave. If the pool remains stuck for a long time, the use cases for stablecoins will also be harmed. Therefore, saving Aave not only saves one protocol, but it also preserves a channel for capital flow.

Thus, the issue left by this incident is not whether Aave will die, but how many more "assets that look like ETH" will have bridges, RPCs, verification nodes, and a bunch of configurations that no one bothers to check behind them.

DeFi does not have a central bank. But it already has temporary rescue groups, treasury voting, stablecoin companies, and lines of credit.

This is the most real aspect: it can have no center but cannot lack credit. The more layers of assets wrapped, the higher the efficiency, but the responsibilities are also buried deeper.

This is not purer finance.

Bad collateral is the most expensive.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。