比特币橙子Trader|Apr 24, 2026 12:01
Aave is not wrong with a single line of code, but he is forced to take 200 million bad debts! Thoroughly dismantling the Kelp hacker textbook level 'Poisoning and Money Laundering Bureau'
On April 18th, the entire DeFi community witnessed an extremely cold-blooded and "perfect" dimensionality reduction blow.
As the absolute hegemon of the lending market, Aave experienced an epic nightmare: its smart contracts had no vulnerabilities in a single line of code, its security defenses were as solid as gold, but it was forcibly stuffed into nearly $200 million in terrifying bad debts, and its funding pool was completely drained at one point.
Why can an external project's cross chain bridge be hacked, forcing Aave to a dead end? By understanding the textbook level logic of "poisoning transmission" in hacking, you will understand how fragile DeFi structures are today.
1. Hands up move: Take down Kelp DAO's "paper defense line"
The source of everything was the breach of the cross chain bridge node of the liquidity re staking protocol Kelp DAO.
Due to Kelp DAO's extremely outrageous use of a 1-of-1 (single point of verification) node configuration, hackers effortlessly broke through this "single person security", directly forged cross chain messages, and forged 116500 rsETH out of thin air, with a book value of up to 290 million US dollars.
But hackers face a real problem: with so much rsETH, if they go directly to a decentralized exchange (DEX) to smash the market, the liquidity cannot bear it at all, and the huge slippage will cause the money to shrink by half in an instant.
So, the hacker resorted to the most deadly move.
2. High dimensional money laundering: exchanging "toxic assets" for Aave's "real money and silver"
The hacker did not smash the disk, but calmly deposited all of the nearly $300 million rsETH into Aave v3.
In Aave's system rules, rsETH was still recognized as a "high-quality collateral" on the whitelist at that time. Hackers used these fabricated rsETH as collateral and almost lent out highly liquid WETH.
Subsequently, the hacker fled directly with these clean WETH. This is the extremely vicious' poisoning ': hackers have perfectly achieved the goal of shedding the shell of a cicada, welding a bad debt that could explode at any time onto Aave's balance sheet.
3. Deadly backstab: The clearing engine is paralyzed, and bad debts are completely locked in
After the hacker succeeded, the Kelp DAO team finally reacted and urgently pressed the "pause button" to freeze the rsETH mainnet and L2 contract.
This operation is a timely stop loss for Kelp, but for Aave, it is a fatal 'backstab'!
The last line of defense in a loan agreement is "liquidation": when the price of collateral falls and problems arise, the liquidator will sell the collateral to repay the loan and preserve the agreement.
But Kelp's emergency suspension instantly rendered rsETH economically meaningless. It cannot cross chain or redeem underlying ETH, and the price discovery mechanism is completely paralyzed. This batch of collateral has become a 'dead book' with no liquidity. Even if Aave wants to liquidate, he can't sell it at all! Nearly $200 million in bad debts were forcibly settled.
4. Panic Escape: 100% Utilization and the Unbelievable Disaster of Depositors
When the market realized that Aave had eaten up a huge amount of bad debts, panic spread like a tsunami.
Due to hackers draining a large amount of WETH, the utilization rate of Aave's ETH fund pool skyrocketed to 100% in an instant. What does this mean? This means that if you are a WETH depositor who shares the capital, you cannot withdraw a penny now! In just a few hours, Aave experienced an epic run on withdrawals, with TVLs fleeing in panic for over $10 billion (even Sun Yuchen turned away $150 million overnight for safe haven). The APY of stablecoin deposits has been distorted and pushed up to 14%, which is the most intuitive signal that the market has entered the "extreme crisis mode".
5. DeFi Lego is becoming a 'death nesting doll'
This 290 million yuan bloody case has completely shattered the illusion in the DeFi circle: today, just looking at the code of a lending protocol to see if it is secure is useless.
DeFi nowadays is a crazy nesting game. LSD (Liquidity Pledge), LRT (Liquidity Re Pledge), Cross Chain Bridge... Each layer adds leverage and returns, but also amplifies the underlying systemic risk countless times.
Aave's acceptance of rsETH as collateral is equivalent to entrusting their life and fortune to Kelp DAO's node configuration, LayerZero's cross chain bridge security, and even EigenLayer's underlying logic. As long as there is a loose link on this long chain, the entire loan building will collapse instantly.
In the past half year, the entire network has been crazily chasing the "risk-free high return" of the re pledging track. But this crisis tells everyone in cold blood: there is absolutely no free lunch in DeFi. You think you are freeloading APY, but in fact, you are using your own capital to support those flawed cross chain bridges and mentally disabled configurations.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink