事件报告：Llamarisk 与 Aave 服务提供商详述 Kelp rsETH 在 Ethereum 和 Arbitrum 市场遭黑客攻击事件

📄完整原文· 由 trafilatura 自动抓取6349 字

An incident report published by Llamarisk to the Aave forum explains that a bridge exploit targeting KelpDAO’s Layerzero V2 rsETH route on Saturday allowed an attacker to extract 116,500 rsETH from Ethereum’s OFT adapter without burning any tokens on the source chain. Llamarisk’s report notes that this incident exposed Aave V3 markets to potential bad debt ranging from $123.7 million to $230.1 million, depending on how losses are allocated. Incident Report: Llamarisk, Aave Service Providers Detail Kelp rsETH Hack Across Ethereum and Arbitrum Markets Key Takeaways: - According to Llamarisk, an attacker exploited Kelp’s Layerzero V2 bridge on April 18, 2026, minting 116,500 rsETH without any corresponding burn. - Llamarisk estimates bad debt between $123.7M and $230.1M across 7 affected markets, depending on how Kelp socializes losses. - The Aave DAO treasury holds $181M as of April 20, 2026, and service providers are already securing indicative recovery commitments from ecosystem participants. Llamarisk Details rsETH Exploit Scenarios After Kelp OFT Adapter Drained The analysis published by risk management company Llamarisk and Aave service provider co-authors explained that the attack occurred at 17:35 UTC in Ethereum block 24,908,285. The Unichain-to-Ethereum route was configured as a 1-of-1 DVN path, meaning a single verifier could attest an inbound packet without any corresponding outbound action, according to the report. Llamarisk authors said the attacker forged a packet that was verified, committed, and delivered on Ethereum, releasing 116,500 rsETH from the adapter, the Aave report notes. The adapter balance fell from 116,723 rsETH to 223 rsETH in a single block. The attacker fanned the stolen rsETH from one intake wallet across seven branch addresses. Of the 116,500 rsETH received, 89,567 were deposited into Aave V3 markets on Ethereum and Arbitrum as collateral. Those positions were used to borrow approximately 82,650 WETH and 821 wstETH, with health factors settling between 1.01 and 1.03. All seven attacker addresses remain active on Aave at the time of publication. Aave service providers co-authored Llamarisk’s full incident report and confirmed that Aave’s own smart contracts were not compromised. All protocol logic, including supply, repayment, and liquidation mechanics, continued to function as designed throughout the event. The Protocol Guardian began freezing all rsETH and wrsETH reserves across all Aave V3 deployments at approximately 19:00 UTC on April 18. The action set LTV to zero and disabled new supply and borrowing while leaving existing positions eligible for repayment and liquidation. Eleven markets across Ethereum, Arbitrum, Avalanche, Base, Ink, Linea, Mantle, MegaETH, Plasma, and Zksync were affected, according to the Aave forum analysis. The report says the Risk Steward adjusted WETH interest rate models on Arbitrum, Base, Mantle, and Linea at approximately 14:30 UTC on April 19, reducing Slope 2 to 1.50 percent and cutting the borrow rate at 100 percent utilization from between 8.5 and 10.5 percent down to 3.0 percent APR. A corresponding adjustment was applied to Core at approximately 05:00 UTC on April 20, with Slope 1 set to 2 percent, Slope 2 to 3 percent, and optimal utilization set to 94 percent. The Protocol Guardian also froze WETH on Core, Prime, Arbitrum, Base, Mantle, and Linea at approximately 02:00 UTC on April 20 to prevent new borrowing and contain potential stress from spreading to stablecoin reserves. The 2 Scenarios The two scenarios modeled by Llamarisk’s analysis reflect how Kelp’s loss allocation decision will determine the protocol’s final exposure. Scenario 1 assumes uniform socialization of the 112,204 unbacked rsETH across the entire rsETH supply, producing a 15.12 percent depeg and an estimated $123.7 million in bad debt, with Ethereum Core absorbing $91.8 million in absolute terms and Mantle facing a 9.54 percent WETH reserve shortfall. Scenario 2 treats the loss as isolated to L2 rsETH only, applying a 73.54 percent haircut to collateral on remote chains while leaving Ethereum mainnet rsETH fully intact, producing an estimated $230.1 million in bad debt concentrated on Mantle at a 71.45 percent WETH shortfall and Arbitrum at 26.67 percent. The current adapter balance stands at 40,373 rsETH, the only confirmed backing for all remote-chain rsETH across every L2 path, against total remote claims of 152,577 rsETH. Kelp has not publicly confirmed how the recovered funds will be allocated. As of April 20, 2026, the report said that the Aave DAO treasury holds $181 million in assets, including $62 million in Ethereum-correlated holdings, $54 million in AAVE, and $52 million in stablecoins. The DAO generated $145 million in revenue during 2025 and $38 million year-to-date in 2026. Llamarisk confirmed that several indicative commitments from ecosystem participants are already in place to address potential bad-debt scenarios. WETH reserves on Ethereum, Arbitrum, Base, Linea, and Mantle are at 100 percent utilization, with idle balances below $20 on every chain. At full utilization, liquidators receive aWETH rather than underlying WETH, which slows liquidation throughput. Llamarisk’s report flagged Base and Arbitrum as the least buffered markets, with first liquidations triggered at WETH price drops of 0.77 percent and 1.77 percent, respectively, due to positions running at health factors around 1.03. DeFi Lender Aave Battles Withdrawal Crisis After KelpDAO rsETH Exploit DeFi Lender Aave Battles Withdrawal Crisis After KelpDAO rsETH Exploit Aave, one of DeFi's largest lending protocols, is managing a liquidity crisis and an estimated $177 million to $200 million… Read NowAave, one of DeFi's largest lending protocols, is managing a liquidity crisis and an estimated $177 million to $200 million… Llamarisk recommended an immediate pause of the WETH Umbrella staking module under Scenario 1. As of the report’s publication, 18,922 of 23,507 staked aWETH had entered the unstaking cooldown. A pause would block deposits, withdrawals, transfers, and slashing while keeping rewards distribution active. The remaining four rsETH-listed markets, Ethereum Lido, MegaETH, Plasma, and Zksync, carry trivial balances and no bad debt. Twelve additional Aave V3 markets do not list rsETH and are unaffected.

数据状态✓ 已抓取全文阅读原文（Bitcoin.com）

🔍历史类似事件· 关键词 + 标的比对6 则

2026-04-18

KelpDAO 在 Ethereum 和 Arbitrum 上的 DeFi 錢包遭竊，損失 2.8 億美元

相似度 380%標的 ETH關鍵字 across/arbitrum/ethereum

2026-04-18

KelpDAO 在 Ethereum 和 Arbitrum 上因 DeFi 錢包被盜損失 2.92 億美元

相似度 380%標的 ETH關鍵字 across/arbitrum/ethereum

2026-04-21

Arbitrum 冻结 KelpDAO 被盗资金，揭露了 Crypto 最大的谎言

相似度 370%標的 ETH關鍵字 hack/arbitrum同分類 hot

2026-04-21

Arbitrum Security Council 冻结了与 $292M KelpDAO 漏洞利用相关的 $71.5M ETH

相似度 370%標的 ETH關鍵字 arbitrum/ethereum同分類 hot

2026-04-21

Arbitrum Security Council 冻结了与 $292M KelpDAO 漏洞利用相关的 $71.5M Ethereum

相似度 370%標的 ETH關鍵字 arbitrum/ethereum同分類 hot

2026-04-16

Polkadot-Ethereum Bridge 被黑損失是此前報告的 10 倍，團隊承認

相似度 370%標的 ETH關鍵字 hack/ethereum同分類 hot

💡 目前用关键词 + 标的比对（MVP）· 之后会升级为 embedding 语义搜寻

原始信息

ID：6cd6920b62

来源：Bitcoin.com

发布：2026-04-20 22:30:08

分类：hot · 导出分类 hot

标的：ETH

社群投票：+0 / −0 · ⭐ 1 重要 · 💬 0 留言