Overview
- The attacker, who struck Saturday, drained 116,500 rsETH — a token that represents restaked ETH — from KelpDAO’s LayerZero-powered bridge, prompting KelpDAO to pause rsETH contracts across mainnet and several L2s.
- The stolen rsETH was deposited as collateral on Aave to borrow 106,467 ETH, creating roughly $177–$195 million of bad debt and leading Aave to freeze rsETH markets on V3 and V4 while stressing that its own contracts were not hacked.
- Following the weekend breach, total DeFi value locked fell about $13.21 billion in 48 hours, and Aave saw roughly $8.45 billion withdrawn with TVL sliding to about $17 billion as large depositors rushed to pull funds.
- Aave’s USDT and USDC pools hit 100% utilization, which left more than $5.1 billion in stablecoins unavailable for withdrawal until new liquidity arrives or loans are repaid.
- Investigators report that a large share of the haul was converted to ETH and moved through Tornado Cash, and coordination between KelpDAO, LayerZero, and security firms continues with no asset recovery announced.