OxVulnHunter

Aave is considering 2 bad debt scenarios from rsETH. TLDR: Scenario 1 (all rsETH takes the hit) - 112,204 unbacked rsETH dilutes the full supply equally - rsETH depegs 15.12% and every rsETH retains 84.89% of oracle value on every chain - applied to 119 user positions, most opened at up to 95% LTV - depeg exceeds collateral buffer and shortfall will create WETH bad debt - ethereum WETH takes $91.8M absolute, but thats only 1.54% of reserve - mantle WETH is worst proportionally: 9.54% shortfall ($10.4M on a $109M reserve) - total bad debt: $123.7M Scenario 2 (only L2 rsETH takes the hit) - mainnet rsETH holds full value (backed by Kelp's staking deposits, not the bridge adapter) - L2 rsETH repriced to adapter backing ratio 40,373/152,577 = 26.46% (73.54% haircut) - mantle WETH: 71.45% shortfall - arbitrum WETH: $88.4M (26.67% shortfall) - base WETH: $47.5M (23.28% shortfall) - ink WETH: $13.9M (18% shortfall) - total: $230.1M bad debt (twice the size of scenario 1)

BREAKING: Now Claude Opus 4.7 finds you job autonomously! 🤯 Someone build a tool which finds job for you > Scans job openings at top companies > Fills out the forms for you automatically > Rewrites your CV tailored to each position No recruiter. no sending 200 identical CVs 100% free and open source

Following the KelpDAO hack, we built an open analysis of DVN security configurations across every active OApp on LayerZero over the last 90 days. Of ~2,665 unique OApp contracts: 47% run a 1-of-1 DVN security floor, 45% run 2-of-2, and ~5% run 3-of-3 or higher. As we know, KelpDAO's rsETH sat in the first bucket. Open query, public methodology, feedback welcome: https://t.co/7sQCMN1uCS

🚨$292 MILLION STOLEN IN A SINGLE TRANSACTION. AND THEN THE ATTACKER USED THE STOLEN TOKENS TO ROB A SECOND PROTOCOL. THIS IS THE MOST SOPHISTICATED DEFI HACK EVER EXECUTED. Here's what just happened to Kelp DAO. And why every DeFi user should be paying attention right now. On April 18, an attacker exploited Kelp DAO's LayerZero-powered cross-chain bridge. And drained 116,500 rsETH in one transaction. That's 18% of the entire circulating supply. Gone in seconds. But the hack itself wasn't even the scary part. What the attacker did next was: They took the stolen rsETH, which was now economically worthless because the bridge backing it had been drained. And deposited it as collateral on Aave V3. The largest lending protocol in DeFi. Aave's price oracle hadn't updated yet. It still thought the rsETH was worth full price. So the protocol accepted hundreds of millions in toxic collateral as if it were real. The attacker then borrowed massive amounts of real WETH against the worthless tokens. Withdrew it. And walked away. Leaving Aave holding bags of unbacked rsETH that no liquidator would ever touch. Because who's going to spend real ETH to receive tokens worth zero? That's how you turn a bridge hack into a lending protocol crisis. The bad debt was so severe that Aave's founder Marc Zeller publicly told users: "If you have WETH on Aave V3 Core, Withdraw now. Ask questions later." The AAVE token crashed 10-13% within hours. Aave lost over $3 billion in TVL as users panic-withdrew everything they could. And here's the timeline that should terrify every protocol builder: 10 hours before the hack, the attacker funded 6 wallets through Tornado Cash. Completely untraceable. 17:35 UTC: The exploit fires. $292 million drained. Within 60 minutes, the attacker swapped the stolen rsETH for raw ETH across KyberSwap, Curve, and Balancer. Consolidated 75,700 pristine ETH worth $178 million into a single wallet. 18:21 UTC: Kelp DAO's multisig finally paused the contracts. 46 minutes after the breach. 18:26 UTC: The attacker tried a second drain. 40,000 more rsETH. Another $100 million. The transaction reverted because the contracts were finally frozen. 18:28 UTC: A third attempt. Also reverted. If Kelp DAO had been 5 minutes slower, this would have been a $400 million hack. And this happened exactly 17 days after the $285 million Drift Protocol hack. That's nearly $600 million stolen from DeFi in a single month. The attacker exploited a vulnerability in the lzReceive function on LayerZero's EndpointV2. The same class of vulnerability that caused the $320 million Wormhole hack in 2022. Four years later, and the same fundamental flaw is still being exploited. Bridges remain the weakest link in all of crypto. They're designed to hold massive reserves of locked tokens. Making them the biggest honeypots in the ecosystem. And the scariest part: Aave had given rsETH a 93% loan-to-value ratio in E-Mode. Meaning users could borrow 93 cents for every dollar of rsETH deposited. Because governance assumed it was safe. It wasn't. DeFi just learned three lessons the hard way: Bridged derivatives are not safe collateral. Oracle lag kills. And composability is a weapon if you know how to use it. $292 million gone. In one transaction. On a Saturday afternoon.

The fallout from the Kelp rsETH exploit is going to be messy and could potentially be quite a bit more severe than some people are making out right now. It seems rsETH on mainnet is technically still backed, but, there's no liquidity to sell rsETH, and with rsETH contracts paused, there’s currently no usable redemption path either. In the unlikely case they socialised the loss across all rsETH holders, it would be worth something like 81.25% (1 - $300m/$1.6b) of its original value. I don't think they will do that though. It would likely push a number of large positions on Aave towards undercollateralisation and risk creating bad debt. That alone would be enough to trigger a long and painful lawsuit. So realistically rsETH holders on L2s are likely going to swallow the loss. Who are they? Why did they have rsETH on L2s in the first place? Could be other DAOs or funds etc who've taken a huge hit. That alone could have consequences we won't know about for some time. Impacted individuals on L2s will likely consider their own legal action to force socialisation, potentially prolonging the delay before redemptions are opened. Either way, once redemptions are eventually opened, it's unlikely any lending protocols would re-allow collateralisation, so there will be need to be a massive unwind of huge volume of rsETH/ETH looping trades. All those looping trades are currently massively negative ROE. Aave ETH utilisation is currently at 100% with ETH borrow rate at 8.71%. Since staked ETH yield is around 2.5%, the ROE for any LST or LRT borrow or looped borrow is anywhere between -6.21% and around -90%, depending how degen people are. So we could see an unwind of lots of LST loops aside from just rsETH/ETH ones. The normal path to unwind a loop is to swap collateral and repay, but this is unlikely to be possible for such a large amount of unwinds at once, and certainly won't be feasible for rsETH unless someone puts up significant liquidity for it. When the swap and repay path fails, you normally have to withdraw as much collateral as you can, manually redeem, repay some debt, withdraw more collateral, and so on. Here's the kicker. If rsETH is no longer collateral and no longer has borrowing power, this makes it much more difficult for people to manually unwind as well. If people get stuck for longer periods paying huge negative ROE for too long, and there’s no liquidity to liquidate them, their equity gets eroded. Once debt exceeds recoverable collateral value, bad debt appears, and can keep worsening as interest accrues and the position remains unresolved.

Another Yearn V1 vault attack is underway! This time, the loss is $250k. The root cause appears to be another configuration problem. The iearn TUSD vault configures one of its strategies as the "Fulcrum sUSD vault" and calculates its share price using the sUSD balance deposited. This allows donation attacks by transferring Fulcrum sUSD into the iearn TUSD vault to manipulate the iearn-TUSD share price. There's also a "rebalance" function that withdraws everything. For the misconfigured sUSD vault, it redeems into sUSD, which isn't included in share price calculations, causing a price shock (decrease). The attacker did the following: - Flashloaned a large amount of TUSD and sUSD. - Deposited sUSD to get Fulcrum sUSD tokens. - Deposited TUSD into the Yearn TUSD vault. - Transferred Fulcrum sUSD tokens to the Yearn TUSD vault (driving the share price up). - withdraw all yearn TUSD vault; At this point, all underlying of TUSD vault is the Fulcrum SUSD token. - call rebalance to let Fulcrum withdraw everything. This makes the yearn TUSD share price to 0 (0 underlying = a lot of shares). - transfer a bit TUSD to yearn TUSD to make share price extremely low (1000 underlying= a lot of shares). - Note that hacker cannot profit merely from this price manipulation, until he sell the deposited yearn TUSD token (which he got almost for free) on multiple Curve pools to profit. Interestingly, the hacker left 214k sUSD inside the Yearn TUSD vault (as intended), and now nobody can withdraw. Additionally, the Compound strategy of the TUSD vault is wrongly configured to cUSDC instead of cTUSD.