BlockBeats News, April 19, Multi-chain liquidity staking platform KelpDAO was attacked early this morning, with the attacker transferring 116,500 rsETH from KelpDAO's LayerZero-based cross-chain bridge, equivalent to $2.92 billion. Approximately 46 minutes later, KelpDAO responded. The protocol urgently paused the multisig, freezing core components including the LRT deposit pool, withdrawal contract, oracle, and rsETH token. Kelp stated that it had identified abnormal cross-chain activity involving rsETH and had paused related contracts on the mainnet and several L2s, while conducting root cause analysis with LayerZero and others.

The two subsequent attacks launched by the attacker were unsuccessful, and the pause measures effectively prevented further fund loss. The attacker attempted to transfer an additional 40,000 rsETH (about $1 billion); if successful, the total loss could have expanded to around $3.91 billion. Due to the event, the Aave token price dropped by approximately 10%. The market is concerned that the lending protocol may face defaults due to this attack. Aave has frozen the rsETH markets in V3 and V4, stating that the event is related to the rsETH asset and not an issue with the protocol's smart contracts themselves. Aave is assessing the borrowing situation after the event and mentioned that if there are defaults in the protocol, they will "explore paths to cover the gap."

The majority of the rsETH stolen by the KelpDAO attacker was deposited into Aave as collateral to borrow ETH, with a small portion being directly sold for ETH. The hacker acquired a total of 106,466 ETH (approximately $2.5 billion) through collateralization and selling. For hedging purposes, over $54 billion in assets were quickly withdrawn from Aave after the hacker borrowed a large amount of ETH using illegally minted rsETH. This included Justin Sun reclaiming 65,584 ETH ($154 million). The fund utilization rate of ETH on Aave briefly reached 100%.

Curve founder Michael Egorov posted, "This incident is a direct result of the prevalent ‘non-isolated borrowing’ model. This model has good scalability but higher risk, making risk management crucial. Aave v4's hub and spoke model may be a step towards a semi-isolated, more secure direction."

Crypto KOL benmo.eth stated that the rsETH theft incident at KelpDAO has had a profound impact, breaking Aave's security "halo," and the risk of a unified lending market is now under renewed scrutiny by whales. Aave V4 and modular lending may become future trends, and the related transformation process could accelerate. DeFi will move away from the expansion route, shifting towards a more conservative security mode while further addressing AI-driven security threats like the Anthropic Mythos.

Bankless co-founder Ryan Sean Adams wrote, "The frequency of hacks in crypto has reached an all-time high. I believe this is related to AI. AI is giving hackers 'dark superpowers.' Defense must catch up quickly; we are running out of time."