A significant exploit involving Kelp DAO and the LayerZero bridge has prompted alarming concerns for the lending protocol Aave, which could potentially face losses reaching $230 million. A recent report from Aave Labs and service provider LlamaRisk, shared on the Aave governance forum, details the events surrounding the exploit, primarily involving rsETH, a liquid restaking token created by KelpDAO.
At the heart of the incident is a flawed bridge mechanism that allows rsETH to be transferred between blockchains by locking tokens on one chain and issuing corresponding ones on another. An attacker took advantage of this setup by crafting a forged transfer message that appeared legitimate. This enabled the system to approve a transfer without the tokens being actually moved from the originating chain, effectively creating new tokens without any backing. As a result, the attacker managed to extract 116,500 rsETH from the Ethereum-side bridge.
Instead of selling these assets on the open market, the attacker deposited approximately 89,567 rsETH into Aave as collateral. Utilizing this collateral, roughly $190 million worth of ETH and related assets were borrowed across Ethereum and Arbitrum, exposing Aave to major risks concerning collateral value.
In response to the exploit, Aave Labs acted swiftly to mitigate potential damages by freezing rsETH markets across its platforms, setting loan-to-value ratios to zero, and halting new borrowing against rsETH. The future impact largely hinges on how Kelp DAO addresses the shortfall resulting from the exploit. Should losses be distributed among all rsETH holders, the token could experience a 15% depegging, translating to a bad debt of approximately $124 million for Aave. Conversely, if the losses are confined to Layer 2 networks, the resulting bad debt could escalate to around $230 million, heavily impacting networks like Arbitrum and Mantle.
The exploit primarily stemmed from vulnerabilities in how Kelp validates cross-chain messages using LayerZero. While LayerZero itself was not directly compromised, the flaws in Kelp’s messaging verification allowed the attacker to present certain assets as fully backed, enabling them to extract value illicitly.
As a result of the incident, there has been rising anxiety regarding the potential mispricing of collateral on Aave, as some positions may no longer be fully backed, heightening the risk of undercollateralized loans. Following the exploit, users reacted by withdrawing approximately $6 billion in total value locked from Aave, indicating a significant market retreat amid uncertainty.
The broader implications of the exploit have drawn attention to Aave’s indirect exposure to external systems, as it faced increased collateral risks, pressure on lending positions, and a substantial decrease in deposits. According to the report, Aave’s DAO treasury holds around $181 million in assets, and discussions are currently taking place with ecosystem participants to address the looming losses. However, Kelp has yet to clarify how it intends to manage the distribution of losses, leaving Aave’s ultimate exposure uncertain as the situation continues to develop.
