事件報告：Llamarisk 與 Aave 服務提供商詳述 Kelp rsETH 在 Ethereum 與 Arbitrum 市場遭駭經過

📄完整原文· 由 trafilatura 自動擷取6349 字

An incident report published by Llamarisk to the Aave forum explains that a bridge exploit targeting KelpDAO’s Layerzero V2 rsETH route on Saturday allowed an attacker to extract 116,500 rsETH from Ethereum’s OFT adapter without burning any tokens on the source chain. Llamarisk’s report notes that this incident exposed Aave V3 markets to potential bad debt ranging from $123.7 million to $230.1 million, depending on how losses are allocated. Incident Report: Llamarisk, Aave Service Providers Detail Kelp rsETH Hack Across Ethereum and Arbitrum Markets Key Takeaways: - According to Llamarisk, an attacker exploited Kelp’s Layerzero V2 bridge on April 18, 2026, minting 116,500 rsETH without any corresponding burn. - Llamarisk estimates bad debt between $123.7M and $230.1M across 7 affected markets, depending on how Kelp socializes losses. - The Aave DAO treasury holds $181M as of April 20, 2026, and service providers are already securing indicative recovery commitments from ecosystem participants. Llamarisk Details rsETH Exploit Scenarios After Kelp OFT Adapter Drained The analysis published by risk management company Llamarisk and Aave service provider co-authors explained that the attack occurred at 17:35 UTC in Ethereum block 24,908,285. The Unichain-to-Ethereum route was configured as a 1-of-1 DVN path, meaning a single verifier could attest an inbound packet without any corresponding outbound action, according to the report. Llamarisk authors said the attacker forged a packet that was verified, committed, and delivered on Ethereum, releasing 116,500 rsETH from the adapter, the Aave report notes. The adapter balance fell from 116,723 rsETH to 223 rsETH in a single block. The attacker fanned the stolen rsETH from one intake wallet across seven branch addresses. Of the 116,500 rsETH received, 89,567 were deposited into Aave V3 markets on Ethereum and Arbitrum as collateral. Those positions were used to borrow approximately 82,650 WETH and 821 wstETH, with health factors settling between 1.01 and 1.03. All seven attacker addresses remain active on Aave at the time of publication. Aave service providers co-authored Llamarisk’s full incident report and confirmed that Aave’s own smart contracts were not compromised. All protocol logic, including supply, repayment, and liquidation mechanics, continued to function as designed throughout the event. The Protocol Guardian began freezing all rsETH and wrsETH reserves across all Aave V3 deployments at approximately 19:00 UTC on April 18. The action set LTV to zero and disabled new supply and borrowing while leaving existing positions eligible for repayment and liquidation. Eleven markets across Ethereum, Arbitrum, Avalanche, Base, Ink, Linea, Mantle, MegaETH, Plasma, and Zksync were affected, according to the Aave forum analysis. The report says the Risk Steward adjusted WETH interest rate models on Arbitrum, Base, Mantle, and Linea at approximately 14:30 UTC on April 19, reducing Slope 2 to 1.50 percent and cutting the borrow rate at 100 percent utilization from between 8.5 and 10.5 percent down to 3.0 percent APR. A corresponding adjustment was applied to Core at approximately 05:00 UTC on April 20, with Slope 1 set to 2 percent, Slope 2 to 3 percent, and optimal utilization set to 94 percent. The Protocol Guardian also froze WETH on Core, Prime, Arbitrum, Base, Mantle, and Linea at approximately 02:00 UTC on April 20 to prevent new borrowing and contain potential stress from spreading to stablecoin reserves. The 2 Scenarios The two scenarios modeled by Llamarisk’s analysis reflect how Kelp’s loss allocation decision will determine the protocol’s final exposure. Scenario 1 assumes uniform socialization of the 112,204 unbacked rsETH across the entire rsETH supply, producing a 15.12 percent depeg and an estimated $123.7 million in bad debt, with Ethereum Core absorbing $91.8 million in absolute terms and Mantle facing a 9.54 percent WETH reserve shortfall. Scenario 2 treats the loss as isolated to L2 rsETH only, applying a 73.54 percent haircut to collateral on remote chains while leaving Ethereum mainnet rsETH fully intact, producing an estimated $230.1 million in bad debt concentrated on Mantle at a 71.45 percent WETH shortfall and Arbitrum at 26.67 percent. The current adapter balance stands at 40,373 rsETH, the only confirmed backing for all remote-chain rsETH across every L2 path, against total remote claims of 152,577 rsETH. Kelp has not publicly confirmed how the recovered funds will be allocated. As of April 20, 2026, the report said that the Aave DAO treasury holds $181 million in assets, including $62 million in Ethereum-correlated holdings, $54 million in AAVE, and $52 million in stablecoins. The DAO generated $145 million in revenue during 2025 and $38 million year-to-date in 2026. Llamarisk confirmed that several indicative commitments from ecosystem participants are already in place to address potential bad-debt scenarios. WETH reserves on Ethereum, Arbitrum, Base, Linea, and Mantle are at 100 percent utilization, with idle balances below $20 on every chain. At full utilization, liquidators receive aWETH rather than underlying WETH, which slows liquidation throughput. Llamarisk’s report flagged Base and Arbitrum as the least buffered markets, with first liquidations triggered at WETH price drops of 0.77 percent and 1.77 percent, respectively, due to positions running at health factors around 1.03. DeFi Lender Aave Battles Withdrawal Crisis After KelpDAO rsETH Exploit DeFi Lender Aave Battles Withdrawal Crisis After KelpDAO rsETH Exploit Aave, one of DeFi's largest lending protocols, is managing a liquidity crisis and an estimated $177 million to $200 million… Read NowAave, one of DeFi's largest lending protocols, is managing a liquidity crisis and an estimated $177 million to $200 million… Llamarisk recommended an immediate pause of the WETH Umbrella staking module under Scenario 1. As of the report’s publication, 18,922 of 23,507 staked aWETH had entered the unstaking cooldown. A pause would block deposits, withdrawals, transfers, and slashing while keeping rewards distribution active. The remaining four rsETH-listed markets, Ethereum Lido, MegaETH, Plasma, and Zksync, carry trivial balances and no bad debt. Twelve additional Aave V3 markets do not list rsETH and are unaffected.

資料狀態✓ 已擷取全文閱讀原文（Bitcoin.com）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-18

KelpDAO 在 Ethereum 與 Arbitrum 上的 DeFi 錢包遭駭，損失 2.8 億美元

相似度 380%標的 ETH關鍵字 ethereum/arbitrum/across

2026-04-18

KelpDAO 在 Ethereum 與 Arbitrum 上因 DeFi 錢包遭竊損失 2.92 億美元

相似度 380%標的 ETH關鍵字 ethereum/arbitrum/across

2026-04-16

Polkadot-Ethereum Bridge 遭駭損失為報導的 10 倍，團隊坦承

相似度 370%標的 ETH關鍵字 ethereum/hack同分類 hot

2026-04-18

ZachXBT 示警 KelpDAO 遭駭逾 2.8 億美元，波及 Ethereum DeFi 借貸市場

相似度 330%標的 ETH關鍵字 markets/ethereum

2026-04-16

Charles Schwab 考慮進軍預測市場，同時 BTC 與 ETH 交易即將上線

相似度 330%標的 ETH關鍵字 markets/ethereum

2026-04-20

量子鴻溝：為何 BTC 與 ETH 在安全性上採取不同路徑

相似度 320%標的 ETH關鍵字 ethereum同分類 hot

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：6cd6920b62

來源：Bitcoin.com

發佈：2026-04-20 22:30:08

分類：hot · 導出分類 hot

標的：ETH

社群投票：+0 / −0 · ⭐ 1 重要 · 💬 0 留言