#Gate广场五月交易分享

Ashes to ashes! Aave's hardcore clearance, hacker rsETH holdings wiped out

The biggest thrill of the year in the DeFi circle is here! On May 7th, Aave officially announced: completely clearing the remaining rsETH positions on Ethereum and Arbitrum chains that were attacked by Kelp DAO, sending all the hacker’s last “residue of crime” into the DeFi United recovery treasury. This epic hacker drama that erupted on April 18th, involving $292 million, finally comes to a satisfying end, worthy of being called the DeFi version of “Heaven’s way cycles back, who can escape?”

Rewinding more than half a month, that was the darkest moment in the DeFi circle. Hackers targeted the Kelp DAO cross-chain bridge vulnerability, exploiting LayerZero’s flaw to “print” 116.5k uncollateralized rsETH — in simple terms, an air token. How outrageous was this move? It was like a scammer holding a fake property deed, going to the bank (Aave) to get a mortgage, and actually borrowing nearly $200 million worth of real ETH from Aave.

At that time, the entire DeFi community exploded! Aave instantly faced over $200 million in bad debt, platform tokens plummeted, and hundreds of billions in funds panicked and fled, pushing the platform to the brink of “social death.” Meanwhile, the hacker was hiding in the shadows, secretly enjoying the loot, splitting the stolen funds into 7 addresses, transferring and laundering while watching Aave and Kelp DAO tear each other apart. Even Sun Yuchen couldn’t resist stepping in and saying, “Big hacker, you can’t even spend the money, why not sit down and talk?”

But the hacker clearly underestimated DeFi’s “revenge” resolve. Aave didn’t sit idly by; in collaboration with DeFi United, they launched a hardcore recovery plan, freezing the rsETH market, and community emergency fundraising exceeded $320 million, gradually tightening the hacker’s survival space. The most brilliant move was Aave’s governance vote to temporarily adjust the rsETH oracle price, precisely creating a gap in the hacker’s position — akin to a legal and compliant “stop-loss” liquidation, making it impossible for the hacker to escape.

This liquidation was a textbook “fugitive pursuit”: the hacker’s last rsETH holdings on both chains were wiped out by Aave with a single click, and all liquidated assets were transferred into the recovery treasury, specifically used to cover bad debts and compensate victims. Currently, DeFi United is only 10% away from fully restoring the rsETH asset backing — victory is within reach.

Looking back at the hacker’s move, it was a classic case of “smart people outsmarted themselves.” They thought they could leverage the vulnerability to make a quick profit with fake assets and run, but instead, they ended up on the DeFi global wanted list. The money was not hot, the positions were cleared completely, and the on-chain traces are clear — they’ll never wash their hands clean or reappear. Although Aave suffered heavy initial losses, through decisive self-rescue and community unity, they not only stabilized the situation but also rebuilt industry trust — telling all malicious hackers: DeFi is not lawless, stolen funds will eventually be doubled back.

This farce has also served as a harsh lesson for the DeFi community: cross-chain security is no small matter, protocol collaboration hides risks, but more importantly, the industry has never been a disorganized chaos. From Aave’s hardcore clearance to community collective fundraising, the entire process demonstrates DeFi’s resilience and tenacity.