DeFi pawnshop business almost collapsed due to a single receipt

Author: Clow, Plain Language Blockchain

On April 18th, DeFi was pushed underwater.

This time, it wasn’t an exchange being hacked, nor was a contract directly drained. The attacker obtained a batch of collateral tokens worth about $290 million, sent them into Aave, an on-chain lending protocol, and borrowed WETH, wstETH, and other more liquid ETH assets.

This batch of tokens is called rsETH, like a “receipt for ETH”: users deposit ETH or related assets into KelpDAO, receive tokens, and can exchange them back for the underlying assets in the future. Aave acts like an on-chain pawnshop, where users deposit assets as collateral and borrow ETH, stablecoins, or other assets.

The problem is, the warehouse behind this “receipt” has had an issue.

It’s like someone using expired warehouse receipts to get a loan from a bank. The goods in the warehouse are insufficient, but the banking system hasn’t realized yet and still issues loans at the original value.

The most awkward part is that neither the bank counter nor the loan process is broken. What’s truly broken is the relationship between that receipt and the warehouse. What Aave encountered this time is a similar problem.

If only KelpDAO lost tokens, it would be a security incident of a protocol. But when the bad collateral enters Aave, it becomes a run on the DeFi credit system.

Who suffers the most? Not KelpDAO, but the people whose assets are locked up.

The incident report shows that the attack occurred at 17:35 UTC on April 18, 2026. The attacker tricked the rsETH channel that returns from Unichain to Ethereum, releasing 116.5k rsETH.

Of these, 89.6k rsETH were deposited into Aave, borrowing 82.7k WETH and 821 wstETH, totaling about $193 million.

Aave itself was not hacked. Its contracts are intact, and the price system was not directly attacked. The issue is that the attacker used a batch of “still-looking valuable” rsETH as collateral to borrow real good assets from the Aave pool. WETH is the ETH balance available for withdrawal in the pool. After borrowing it all out, depositors’ on-chain balances remain, but the withdrawable WETH is gone.

WETH reserves across multiple markets once reached 100% utilization, with idle balances dropping close to zero. The result for users is:

You have money, but you can’t access it now.

This feels similar to exchanges suspending withdrawals, just more glaring on-chain. The interface won’t tell you “the money is gone”; it only says “no liquidity right now.” Depositors see the balance, but what’s truly missing is the exit.

Aave then froze rsETH, wrsETH, and WETH in multiple markets. It’s not that users did anything wrong; the system had to shut the gates first.

This is also where many people initially find it hard to understand. Aave wasn’t directly hacked to lose assets, but the collateral it accepted suddenly became “dirty.” Depositors thought they just put ETH into a lending pool, but on the other end, someone used bad tokens to borrow good assets.

This isn’t a safe deposit box being broken into; it’s the gatekeeper being deceived.

KelpDAO’s cross-chain channel uses LayerZero. Cross-chain bridges are like transfer systems between two warehouses: Ethereum locks a batch of rsETH, and another chain issues corresponding tokens; when users come back, the system confirms that the tokens on that side are destroyed before releasing rsETH from the Ethereum warehouse.

The more verification nodes there are, the safer it is. But at the time, KelpDAO was a 1-of-1 DVN, with only one verification source responsible for signing. One person signs, one person approves.

RPC nodes are like “account checking windows.” According to LayerZero disclosures, the attacker infiltrated two RPC nodes and launched DDoS attacks on external RPCs that weren’t compromised, forcing the verification network to read status from dirty data sources. As a result, validators saw a non-existent message: It looked like enough rsETH had been destroyed on the other chain, so they could release tokens on Ethereum.

The contract on Ethereum believed this, and thus released 116.5k rsETH.

Every step on the chain looked like a normal transaction. Signature pairs, message pairs, process—all correct. But the underlying event never actually happened. The code executed based on the input, but the input had been fed dirty data.

This is more awkward than a typical contract bug. A contract bug at least points to a line of code that’s wrong; this time, it’s more like the surveillance footage being tampered with, and the security guard opening the door according to procedure. The door opens legitimately, but the person outside shouldn’t have entered.

So what’s truly frightening about this incident isn’t a developer writing a wrong line of code, but that many foundational infrastructures that are usually trusted—bridges, nodes, verification networks—can lie. They operate in the background, but when something goes wrong, they can directly alter the fate of assets.

Why did Aave accept the bad collateral?

The biggest concern for lending protocols isn’t price volatility. Price swings can at least be liquidated. The trouble is, the collateral still appears to be worth something, but the support behind it has collapsed.

rsETH was originally a receipt for ETH, with an extra layer of structure. Crossing into Layer 2 networks like L2 adds another bridge risk. When it enters Aave, what’s normally called capital efficiency becomes a risk blind box.

If ETH’s price drops, Aave can liquidate according to the rules. But rsETH’s problem isn’t just a price drop; it’s whether this receipt can still be exchanged for the underlying asset. If that question has no answer, liquidation becomes awkward because the market may not want to take the risk.

The Aave incident report presents two bad debt scenarios: if losses are shared among all rsETH holders, the potential bad debt is about $123.7 million; if only the L2 rsETH is isolated, the bad debt is estimated at about $230.1 million, mainly impacting Mantle and Arbitrum.

These two figures differ greatly, but both say the same thing: Aave didn’t lose because of a contract logic failure, but because it overestimated the reliability of this “ETH receipt.” The attacker also knew this, so instead of rushing to sell rsETH, they dumped bad collateral into the lending market to borrow out good assets.

In the past, everyone praised composability: Assets from one protocol could seamlessly enter another. But this time, the opposite was revealed. A vulnerability in one protocol can also seamlessly enter another.

Summary

Aave’s report shows that as of April 20, the Aave DAO treasury held about $181 million in assets. On April 24, a governance proposal laid out a rescue plan: DeFi United, a rescue coalition, will coordinate multiple funds to fill the rsETH backing gap.

The plan includes 40.4k rsETH frozen by KelpDAO, 30.8k ETH frozen by Arbitrum Security Council, a maximum of 30k ETH credit line from Mantle, and 25k ETH to be provided by Aave DAO.

Circle is also involved. As the issuer of USDC, it has started to worry about the lending market. This isn’t charity; it’s industry self-preservation.

This also explains why the rescue came so quickly. Aave isn’t an isolated platform; it’s a hub where many wallets, yield strategies, stablecoin trading, and market-making funds pass through. Once this hub is blocked, many seemingly unrelated protocols outside will also feel the impact.

USDC’s circulation in DeFi depends heavily on core lending markets like Aave. If the pools are long-term stuck, stablecoin use cases will suffer. Rescuing Aave isn’t just about saving a protocol; it’s about saving a vital capital flow channel.

The lingering question from this incident isn’t whether Aave will survive, but how many more “ETH-like” assets are out there, backed by bridges, RPC nodes, verification nodes, and a bunch of configurations no one’s looked into.

DeFi has no central bank. But it already has emergency rescue groups, treasury votes, stablecoin issuers, and credit lines.

This is the truest reality: it can be decentralized, but it cannot lack trust. The more layers of assets, the higher the efficiency, but the deeper the responsibility is hidden.

This isn’t pure finance anymore.

Bad collateral is the most expensive.