"The attacker forged a packet that was verified, committed, and delivered on Ethereum, releasing 116,500 rsETH from the adapter, causing the balance to drop dramatically."
"Of the 116,500 rsETH received, 89,567 were deposited into Aave V3 markets on Ethereum and Arbitrum as collateral, leading to significant borrowing."
"The Protocol Guardian began freezing all rsETH and wrsETH reserves across all Aave V3 deployments at approximately 19:00 UTC on April 18, setting LTV to zero."
On April 18, 2026, an attacker exploited Kelp's Layerzero V2 bridge, minting 116,500 rsETH without a corresponding burn. Llamarisk estimates bad debt between $123.7M and $230.1M across seven affected markets. The attack involved a forged packet that was verified and delivered on Ethereum, draining the adapter balance significantly. The attacker used the stolen rsETH to borrow assets on Aave V3 markets. Aave's smart contracts remained uncompromised, and the Protocol Guardian froze all rsETH and wrsETH reserves shortly after the attack.
Read at news.bitcoin.com
Unable to calculate read time
Collection
[
|
...
]