Overview
- An attacker used LayerZero’s cross-chain messaging path on Saturday to push a forged instruction that released about 116,500 rsETH worth roughly $292–293 million.
- The rsETH, a liquid restaking token tied to ETH, was posted as collateral on Aave V3 and V4 on Ethereum and Arbitrum to borrow large WETH and wstETH positions, creating an estimated $177–$196 million in unliquidatable bad debt.
- KelpDAO paused rsETH contracts across mainnet and several L2s, and Aave froze rsETH markets while stating its own contracts were not exploited, with SparkLend, Fluid, Lido’s earnETH, and Ethena also pausing related markets or LayerZero bridges.
- Liquidity stress accelerated as Aave’s total value locked fell by billions to roughly the high teens in billions, DeFi-wide TVL dropped by about $10–$13 billion, and reports showed some Aave stablecoin pools reached full utilization, limiting withdrawals until new liquidity arrives.
- Aave governance is weighing use of its Umbrella backstop to cover the shortfall, investigators have traced attacker wallets initially funded via Tornado Cash, and the event spotlights the systemic risk of LRT collateral and infrastructure-level verification failures.