The pawnshop business in DeFi almost got wiped out by a single receipt

Article by: Clow

On April 18th, DeFi was pushed into the water.

This time, it wasn’t an exchange being hacked, nor was it a smart contract being directly drained. The attacker obtained a batch of collateral tokens worth about $290 million, and sent them into Aave, an on-chain lending protocol, to borrow WETH, wstETH, and other more liquid ETH assets.

This batch of tokens is called rsETH, like a “receipt for ETH”: users deposit ETH or related assets into KelpDAO, receive tokens in return, and can exchange them back for the underlying assets in the future. Aave acts like an on-chain pawnshop, where users deposit assets as collateral and borrow ETH, stablecoins, or other assets.

The problem is, the vault behind this “receipt” has been compromised.

It’s like someone using an expired warehouse receipt to get a loan from a bank. The goods in the warehouse are insufficient, but the banking system hasn’t realized it yet and still issues loans at the original value.

The most awkward part is, neither the bank counter nor the loan process is broken. What’s truly broken is the relationship between that receipt and the warehouse. What Aave encountered this time is a similar issue.

If it were just KelpDAO losing tokens, it would be a security incident of a protocol. But when the bad collateral enters Aave, it becomes a run on the DeFi credit system.

Who suffers the most? Not KelpDAO, but the people whose assets are locked.

The incident report shows that the attack occurred at 17:35 UTC on April 18, 2026. The attacker tricked the rsETH channel that connects Unichain back to Ethereum, releasing 116.5k rsETH.

Of these, 89.6k rsETH were deposited into Aave, which borrowed out 82.7k WETH and 821 wstETH, totaling about $193 million.

Aave itself was not hacked. Its contracts are intact, and the price system was not directly attacked. The issue is that the attacker used a batch of “still-looking valuable” rsETH as collateral to borrow real assets from the Aave pool. WETH is the ETH balance available for withdrawal in the pool. After borrowing it all out, depositors’ on-chain balances remain, but the withdrawable WETH is gone.

WETH reserves across multiple markets once reached 100% utilization, with idle balances dropping close to zero. The result for users is:

You have money, but you can’t access it right now.

This feels very much like a centralized exchange suspending withdrawals, only more glaring on-chain. The interface won’t tell you “the money is gone,” only “there is no liquidity now.” Depositors see their balances, but what’s truly missing is the exit.

Aave then froze rsETH, wrsETH, and WETH in multiple markets. It’s not that users did anything wrong; the system had to shut the gates first.

This is also where many people initially find it hard to understand. Aave wasn’t directly robbed of assets by hackers, but the collateral it accepted suddenly became “dirty.” Depositors thought they just put ETH into a lending pool, only to find that someone used bad tokens as collateral to borrow away the good assets.

This isn’t a safe being broken into; it’s the gatekeeper being deceived.

KelpDAO’s cross-chain channel uses LayerZero. Cross-chain bridges are like transfer systems between two warehouses: on Ethereum, a batch of rsETH is locked, and a corresponding receipt is issued on the other chain; when users come back, the system confirms that the receipt on that side has been destroyed before releasing rsETH from the Ethereum warehouse.

The more verifiers, the safer. But at the time, KelpDAO was a 1-of-1 DVN, with only one verification source responsible for sealing. One person seals, one person approves.

RPC nodes are like “auditing windows.” According to LayerZero disclosures, the attacker compromised two RPC nodes and launched a DDoS attack on external RPCs that weren’t compromised, forcing the verification network to read status from dirty data sources. As a result, verifiers saw a non-existent message: it appeared that enough rsETH had been destroyed on the other chain, allowing them to release assets on Ethereum.

The contract on Ethereum believed this, and thus released 116.5k rsETH.

Every step on the chain looked like a normal transaction. Signatures matched, messages matched, the process was correct. Only, the underlying event never actually happened. The code executed as input, but the input itself had been fed with dirty data.

This is more awkward than a typical smart contract bug. A bug usually points to a specific line of code that’s wrong; this time, it’s like the surveillance footage was tampered with, and the security guard opened the door according to procedure. The door opened legally, but the person outside shouldn’t have been allowed in.

So what’s truly frightening about this incident isn’t a developer writing a wrong line of code, but that many foundational infrastructures that protocols rely on—bridges, nodes, verification networks—are capable of lying. They usually operate in the background, but when something goes wrong, they can directly rewrite the fate of assets.

Why did Aave accept the bad collateral?

Lending protocols are most afraid of price volatility. Price swings can at least be liquidated. The trouble is, the collateral still appears to be worth something, but the support behind it has collapsed.

rsETH was originally just an ETH receipt, with an extra layer of structure. When it crosses into Layer 2 networks like L2, it adds another bridge risk layer. When it enters Aave, what’s called capital efficiency turns into a risk blind box.

If ETH’s price drops, Aave can liquidate according to the rules. But the problem with rsETH isn’t just a price drop; it’s whether this receipt can still be exchanged back for the underlying asset. If that question has no answer, liquidation becomes awkward because the market may not be willing to take the risk.

The Aave incident report outlined two bad debt scenarios: if the loss is borne collectively by all rsETH holders, the potential bad debt is about $123.7 million; if only the L2 rsETH is isolated, the bad debt is estimated at about $230.1 million, mainly impacting Mantle and Arbitrum.

The two figures differ greatly, but they both say the same thing: Aave didn’t lose because of a contract logic failure, but because it overestimated the reliability of this “ETH receipt.” The attacker also knew this, so instead of rushing to sell rsETH, they dumped bad collateral into the lending market to borrow out good assets.

In the past, everyone praised composability: assets from one protocol could seamlessly enter another. This time, the opposite was revealed. A vulnerability in one protocol can now seamlessly infiltrate another.

Aave’s report shows that as of April 20, the Aave DAO treasury held about $181 million in assets. On April 24, a governance proposal laid out a rescue plan: DeFi United, a rescue alliance, would coordinate multiple funds to fill the rsETH backing gap.

The plan includes the 40.4k rsETH frozen by KelpDAO, 30.8k ETH frozen by the Arbitrum Security Council, a maximum credit line of 30k ETH from Mantle, and 25k ETH to be provided by Aave DAO.

Circle was also pulled into the rescue. As the issuer of USDC, the stablecoin backing the project, it started to get involved in managing the lending market. This isn’t charity; it’s industry self-preservation.

This explains why the rescue came so quickly. Aave isn’t an isolated platform; it’s a hub where many wallets, yield strategies, stablecoin trading, and market-making funds pass through. If this hub gets blocked, many seemingly unrelated protocols outside will also feel the impact.

USDC’s circulation in DeFi depends heavily on core lending markets like Aave. If the pool remains locked for long, stablecoin use cases will suffer. So rescuing Aave isn’t just about saving a protocol; it’s about saving a vital capital flow channel.

The key question left by this incident isn’t whether Aave will survive, but how many “ETH-like” assets in the future are backed by bridges, RPC nodes, verification nodes, and a bunch of unseen configurations.

DeFi has no central bank. But it already has emergency rescue groups, treasury votes, stablecoin issuers, and credit lines.

This is the truest reality: it can be decentralized, but it cannot lack trust. The more layers of assets added, the higher the efficiency, but the deeper the responsibilities are hidden.

This isn’t pure finance anymore.

The most expensive assets are the bad collateral.