Aave Claws Back From $292M rsETH Exploit With $300M Coalition

Aave’s post mortem details how a forged cross-chain message triggered a $292M rsETH exploit and how a $300M DeFi coalition restored full backing.

The attacker was already gone by the time anyone realized the bridge had lied. On April 18, at 17:35 UTC, Kelp’s rsETH LayerZero V2 bridge accepted inbound nonce 308 on Ethereum while Unichain still sat at outbound nonce 307. No burn happened. 116,500 rsETH came out of the Ethereum-side adapter as if it had.

The LayerZero verifier responsible for signing inbound messages on Ethereum was running on a one-of-one DVN setup. One signer. It was hit by an RPC-poisoning attack that warped its view of source-chain state. The verifier attested to a transaction that never occurred, per Aave’s post mortem published on X.

The Borrow Play Nobody Saw Coming

Within minutes, seven recipient addresses had the stolen tokens. 89,567 rsETH of it went into eight Aave V3 positions spread across Ethereum Core and Arbitrum. Health factors sat between 1.01 and 1.03. The borrower pulled 82,650 WETH and 821 wstETH against collateral that had no real backing.

AAVE the token fell roughly 10% as exposure reports circulated. More than $5.4 billion in ETH left the protocol in the hours that followed, with Justin Sun pulling 65,584 ETH, worth near $154 million, alone. It had the kind of energy where nobody waited for official confirmation.

Aave’s Protocol Guardian froze rsETH and wrsETH across V3 and set LTV to zero by 19:00 UTC the same day. The Kelp Spoke on V4 was frozen in full. WETH borrowing on the Spoke was switched off. Containment came fast.

The Recovery Nobody Thought Would Scale

By April 20, WETH was frozen across Ethereum Core, Arbitrum, Base, Mantle, and Linea. Borrow rates needed managing. The Risk Steward cut WETH Slope 2 to 1.50% across four chains to keep things from blowing out further.

Aave Labs launched DeFi United to coordinate a recovery. Lido, EtherFi, Ethena, Mantle, Golem, Compound, LayerZero, Keyring, KelpDAO, Consensys and Joseph Lubin were among those contributing. By April 25, as governance proposals moved through Arbitrum DAO, commitments had cleared $160 million. The number eventually reached around $300 million.

The Arbitrum Security Council had frozen 30,766 ETH linked to the attacker on April 21. That became the center of a legal dispute on May 1 when judgment creditors in a federal case unrelated to crypto served a restraining notice on Arbitrum DAO, seeking to seize approximately $71 million of those funds.

Courts, DAOs, and a Frozen Clock

Aave LLC filed an emergency motion to vacate the restraining notice on May 4. ‘A thief does not own what he steals,’ Aave’s founder argued in court documents. On May 8, a judge allowed an onchain Arbitrum DAO vote to transfer the immobilized ETH to Aave LLC, with the restraining notice attaching to Aave LLC instead.

The Arbitrum DAO vote passed. Onchain execution remains pending as of writing. 30,765.667501709008927568 ETH is waiting for the transfer.

Meanwhile, AIP 478 executed on May 6, liquidating all eight attacker positions. 89,567 rsETH transferred to the Aave Recovery Guardian. Then Kelp burned the exploiter’s liquidated rsETH on Arbitrum on May 12, narrowing the circulating-supply gap the exploit had punched open. Per the Phase II recovery update, Kelp confirmed rsETH withdrawals, bridging, and claims went live again on May 15.

Five Tranches, One Filled Adapter

rsETH backing was restored in five tranches between May 13 and May 26. The first two came from the Aave Guardian, 25,000 rsETH each. Kelp contributed the third at 20,000. The fourth, 26,758.29 rsETH, came from Aave Guardian again on May 22. The fifth and final tranche, 20,373.72 rsETH from Kelp on May 26, completed the refill. All five totaled 116,131.72 rsETH deposited into the LayerZero OFT adapter.

WETH LTV across affected V3 markets was reset to pre-exploit values on May 16 via AIP 482. The WETH interest rate model returned to standard parameters on May 18. According to Aave on X, markets across Ethereum Core, Arbitrum, Base, Mantle, and Linea are operating normally.

Outside of rsETH, Aave V3 is fully operational across all markets. That much is settled.

What Changes Now

On May 28, Aave Labs posted a new Technical Asset Listing Framework to the governance forum formalizing baseline requirements for new listings and material parameter expansion across V3, V4, and Horizon. A Bridge Assessment Framework is coming. LlamaRisk is preparing a new risk framework. Since the incident, Risk Stewards executed approximately 295 individual parameter changes across Aave V3 reserves, 234 of them cap writes in a single risk-off sweep on April 23.

The bug bounty program got a fivefold reward increase. LTV0 automation is being developed to zero out a collateral’s borrowing power automatically when risk thresholds trip. Aave Labs achieved SOC 2 Type II attestation before the incident, a detail the post mortem cited without much fanfare.

Pending court deliberation on the restraining notice is the one piece not yet resolved. The ETH is waiting.