A new attack has rattled the Solana ecosystem, just as investors were recovering from the recent hack of its leading DeFi protocol. In this latest incident, another major DeFi platform has fallen victim to a security breach, dealing a heavy blow to the sector. The ripple effects were immediate: AAVE, a cornerstone in decentralized finance, saw its price tumble more than 10%, as total losses from this attack surpassed $200 million.
Kelp DAO exploit rocks rsETH markets
A vulnerability exploited in Kelp DAO led to the freezing of rsETH markets on both Aave V3 and V4. The attacker manipulated the minting process for rsETH, borrowing ETH against these tokens before obscuring the illicit proceeds through Tornado Cash. This caused AAVE’s value to nosedive by over 10%, while ETH also edged down 3% amid jittery markets.
Blockchain analytics platform Lookonchain discovered that even after the markets were frozen, the attacker managed to mint 116,500 rsETH—worth approximately $294 million. This freshly minted rsETH was used as collateral to borrow 106,467 ETH. Kelp DAO has since paused rsETH contracts on mainnet and several Layer 2 networks, issuing a public statement five hours after the incident. So far, however, there is no official word on a compensation plan or the full financial impact of the breach.
AAVE reels as losses trigger selloff
The core vulnerability stemmed from how rsETH, a liquid restaking token, was supposed to allow investors to stake ETH and receive tradable rsETH in return. Instead, the attacker exploited a loophole, minting vast quantities of rsETH without actually supplying underlying staked ether—effectively creating funds out of thin air.
This artificial rsETH was promptly deposited into Aave V3 as collateral. In a critical oversight, Aave accepted these tokens as good collateral and allowed the attacker to borrow real ETH and stablecoins. When Aave attempted to liquidate these positions, it found the collateral was worthless, resulting in significant “bad debt” left on AAVE’s books.
These losses are concerning for lenders: on Aave, bad debts are absorbed first by the platform’s Safety Module, distributing losses among liquidity providers. If the damage exceeds this buffer, lenders themselves may face direct losses, deepening the crisis. This chain reaction is why AAVE plunged into the double-digit losses immediately following revelation of the attack.
Both market sentiment and consequences of the hack have pushed AAVE’s price below the critical $100 threshold. It now trades nearly 15% lower than its April 17 peak. Ongoing sell pressure could see AAVE fall further, with analysts eyeing the $94 to $88 support range if the downturn persists.
At 05:05, the Aave Multisig Guardian moved to freeze WETH in lending markets as a precautionary measure.
