A DeFi user details their dramatic withdrawal from Aave, revealing the chilling events that unfolded following a major exploit elsewhere.
On a quiet Sunday morning, one DeFi user found themselves glued to DefiLlama, anxiously awaiting transaction confirmations as chaos erupted in the Aave ecosystem. In a matter of hours, a staggering $6.6 billion vanished from Aave deposits, leaving the WETH pool at full capacity and depositors facing the grim reality that withdrawals might not proceed as expected.
The user, who had active exposure to Aave V3 with lent stablecoins and ETH, recounts the events leading to their decision to pull out completely, choosing decisive action over passively waiting for the storm to pass.
Contrary to initial impressions, Aave itself wasn’t hacked. The smart contracts functioned as designed. The real damage originated from an external exploit that cascaded into Aave, triggering a rapid and devastating outflow of funds.
The root of the crisis lies in a vulnerability exploited on April 18 within Kelp DAO’s cross-chain bridge, which relies on LayerZero’s messaging infrastructure. By manipulating the bridge’s lzReceive function, the attacker fraudulently authorised the release of approximately 116,500 rsETH, valued at around $292 million, to a wallet under their control, according to CoinDesk. Although Kelp’s team swiftly intervened to pause the contracts, the rsETH was already gone.
Subsequent attempts to siphon off an additional 80,000 rsETH were thwarted by the freeze, preventing further losses estimated at $100 million.
For those unfamiliar with this corner of the crypto world, rsETH is a liquid restaking token. Users deposit ETH with Kelp, which then routes it through EigenLayer to generate additional yield, providing rsETH as a receipt. This receipt is theoretically redeemable for the underlying ETH. Crucially, rsETH across multiple Layer 2 solutions was backed by reserves held within Kelp’s mainnet bridge contract. The draining of this bridge left receipts on over 20 chains pointing to an empty vault.
Here’s where Aave depositors were significantly affected: the attacker used the stolen rsETH as collateral on Aave V3 to borrow as much WETH as possible. Approximately $196 million in WETH was withdrawn against rsETH that had become essentially worthless. Smaller exposures also surfaced on Compound and Euler. The attacker consolidated the stolen funds into roughly 74,000 ETH and moved them elsewhere.
