Aave’s publish mortem particulars how a cast cross-chain message triggered a $292M rsETH exploit and the way a $300M DeFi coalition restored full backing.
The attacker was already gone by the point anybody realized the bridge had lied. On April 18, at 17:35 UTC, Kelp’s rsETH LayerZero V2 bridge accepted inbound nonce 308 on Ethereum whereas Unichain nonetheless sat at outbound nonce 307. No burn occurred. 116,500 rsETH got here out of the Ethereum-side adapter as if it had.
The LayerZero verifier accountable for signing inbound messages on Ethereum was working on a one-of-one DVN setup. One signer. It was hit by an RPC-poisoning assault that warped its view of source-chain state. The verifier attested to a transaction that by no means occurred, per Aave’s publish mortem revealed on X.
The Borrow Play No person Noticed Coming
Inside minutes, seven recipient addresses had the stolen tokens. 89,567 rsETH of it went into eight Aave V3 positions unfold throughout Ethereum Core and Arbitrum. Well being components sat between 1.01 and 1.03. The borrower pulled 82,650 WETH and 821 wstETH in opposition to collateral that had no actual backing.
AAVE the token fell roughly 10% as publicity experiences circulated. Greater than $5.4 billion in ETH left the protocol in the hours that adopted, with Justin Solar pulling 65,584 ETH, value close to $154 million, alone. It had the form of power the place no one waited for official affirmation.
Aave’s Protocol Guardian froze rsETH and wrsETH throughout V3 and set LTV to zero by 19:00 UTC the identical day. The Kelp Spoke on V4 was frozen in full. WETH borrowing on the Spoke was switched off. Containment got here quick.
The Restoration No person Thought Would Scale
By April 20, WETH was frozen throughout Ethereum Core, Arbitrum, Base, Mantle, and Linea. Borrow charges wanted managing. The Threat Steward minimize WETH Slope 2 to 1.50% throughout 4 chains to maintain issues from blowing out additional.
Aave Labs launched DeFi United to coordinate a restoration. Lido, EtherFi, Ethena, Mantle, Golem, Compound, LayerZero, Keyring, KelpDAO, Consensys and Joseph Lubin have been amongst these contributing. By April 25, as governance proposals moved by means of Arbitrum DAO, commitments had cleared $160 million. The quantity finally reached round $300 million.
The Arbitrum Safety Council had frozen 30,766 ETH linked to the attacker on April 21. That grew to become the middle of a authorized dispute on Could 1 when judgment collectors in a federal case unrelated to crypto served a restraining discover on Arbitrum DAO, in search of to grab roughly $71 million of these funds.
Courts, DAOs, and a Frozen Clock
Aave LLC filed an emergency movement to vacate the restraining discover on Could 4. ‘A thief doesn’t personal what he steals,’ Aave’s founder argued in court docket paperwork. On Could 8, a decide allowed an onchain Arbitrum DAO vote to switch the immobilized ETH to Aave LLC, with the restraining discover attaching to Aave LLC as an alternative.
The Arbitrum DAO vote handed. Onchain execution stays pending as of writing. 30,765.667501709008927568 ETH is ready for the switch.
In the meantime, AIP 478 executed on Could 6, liquidating all eight attacker positions. 89,567 rsETH transferred to the Aave Restoration Guardian. Then Kelp burned the exploiter’s liquidated rsETH on Arbitrum on Could 12, narrowing the circulating-supply hole the exploit had punched open. Per the Section II restoration replace, Kelp confirmed rsETH withdrawals, bridging, and claims went reside once more on Could 15.
5 Tranches, One Crammed Adapter
rsETH backing was restored in 5 tranches between Could 13 and Could 26. The primary two got here from the Aave Guardian, 25,000 rsETH every. Kelp contributed the third at 20,000. The fourth, 26,758.29 rsETH, got here from Aave Guardian once more on Could 22. The fifth and last tranche, 20,373.72 rsETH from Kelp on Could 26, accomplished the refill. All 5 totaled 116,131.72 rsETH deposited into the LayerZero OFT adapter.
WETH LTV throughout affected V3 markets was reset to pre-exploit values on Could 16 by way of AIP 482. The WETH rate of interest mannequin returned to plain parameters on Could 18. In line with Aave on X, markets throughout Ethereum Core, Arbitrum, Base, Mantle, and Linea are working usually.
Exterior of rsETH, Aave V3 is totally operational throughout all markets. That a lot is settled.
What Modifications Now
On Could 28, Aave Labs posted a brand new Technical Asset Itemizing Framework to the governance discussion board formalizing baseline necessities for brand spanking new listings and materials parameter enlargement throughout V3, V4, and Horizon. A Bridge Evaluation Framework is coming. LlamaRisk is making ready a brand new danger framework. Because the incident, Threat Stewards executed roughly 295 particular person parameter adjustments throughout Aave V3 reserves, 234 of them cap writes in a single risk-off sweep on April 23.
The bug bounty program acquired a fivefold reward improve. LTV0 automation is being developed to zero out a collateral’s borrowing energy robotically when danger thresholds journey. Aave Labs achieved SOC 2 Kind II attestation earlier than the incident, a element the publish mortem cited with out a lot fanfare.
Pending court docket deliberation on the restraining discover is the one piece not but resolved. The ETH is ready.