DeFi Hit By $290M Exploit, AAVE Liquidity Nears Breaking Point

• Aave froze the rsETH markets after an exploit triggered stress in decentralized finance, with liquidity pools nearing 100% utilization and withdrawals limited.
• Bloomberg reported that hackers siphoned about 116,500 rsETH via a cross-chain bridge, resulting in losses of nearly $290 million.
• KelpDAO paused rsETH contracts after detecting suspicious cross-chain activity, working with LayerZero and security experts.

Aave (AAVE), the largest decentralized lending protocol, froze rsETH-related markets on Sunday after a cross-chain exploit. The attack triggered a liquidity crunch, pushing pool utilization near 100% and limiting withdrawals.

Bloomberg reported that hackers exploited a cross-chain bridge built on LayerZero to siphon roughly 116,500 rsETH, with total losses estimated at around $290 million, an event that quickly disrupted lending markets where the token was widely used as collateral.

KelpDAO, a liquid restaking protocol, clarified on Saturday that it had identified suspicious cross-chain activity involving rsETH and paused related contracts across the Ethereum mainnet and several layer-2 networks while investigations were underway. The team said it is working with LayerZero, auditors, and security experts to assess the incident.

The breach quickly spilled over into decentralized finance (DeFi) markets, as lending pools for Ethereum and stablecoins surged to near-full utilization, effectively restricting new withdrawals.

Aave’s price was down over 17% during the past 24 hours, trading at over $92. On Stocktwits, the retail sentiment around AAVE moved to ‘extremely bullish’ from ‘bullish’ as chatter around it rose to ‘extremely high’ from ‘high’ over the past day. 

Market Scrutiny Intensifies After Exploit

Market participants described the incident as a broader stress event for decentralized finance, highlighting risks tied to interconnected protocols. Michaël van de Poppe, founder of MN Fund, said the exploit marked a “massive test” for the DeFi ecosystem, pointing to Aave hitting 100% utilization levels following the hack.

Separately, blockchain researcher and YouTube personality Heidi outlined the mechanics of the exploit, saying the attacker minted unbacked rsETH through a bridge vulnerability, used it as collateral on Aave, and borrowed hundreds of millions in Ethereum against it. She added that the subsequent loss of the token’s peg left positions effectively unliquidatable, contributing to liquidity stress across lending pools.

Read also: Trump Slams Iran For ‘Serious Ceasefire Violation,’ Vows Deal Will Happen ‘Nice Or Hard Way’: Report

For updates and corrections, email newsroom[at]stocktwits[dot]com.