Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
KelpDAO's rsETH bridge was hacked for $290 million, and AAVE was implicated by freezing the market
$RAVE
On April 18th, the DeFi community had another major incident. The rsETH cross-chain bridge based on LayerZero at KelpDAO was exploited through a loophole, and the attacker cashed out about 116,500 rsETH in one go. Based on the price at the time, that was roughly worth $292 million. The attacker was pretty sly: they pre-funded the wallet value 10 hours earlier via Tornado Cash, washing the source of the funds clean.
$BTC
This one cut pretty deep. The rsETH that was stolen accounted for about 18% of the entire circulating supply. Kelp responded fairly quickly—about 46 minutes later, the emergency multisig hit the pause button and froze everything, including the deposit pool, the withdrawal contracts, the oracle, and the rsETH token itself. At the very least, they managed to stop the attacker from continuing to go on a further “farm for gains” after that.
$ETH
But the situation wasn’t over. The attacker put these stolen rsETH into AAVE V3 and V4 as collateral, and then borrowed large amounts of WETH. Once rsETH unpegged, these collateral assets turned into worthless scraps, and the borrowed WETH simply couldn’t be recovered—so AAVE’s WETH liquidity pool ended up carrying bad debt.
On AAVE’s side, the response was also fast. The multisig guardians directly froze the rsETH markets on V3 and V4, so rsETH couldn’t be deposited anymore, and rsETH couldn’t be used as collateral to borrow money either. AAVE themselves emphasized that their contracts had no issues; this blame has to be on rsETH. As for how the bad debt will be covered, it will most likely rely on AAVE’s own Umbrella system—users who had staked aTokens may have to take a hit, being forcibly liquidated to fill the hole. Solidity developer 0xQuit said directly that the WETH pool is already ruined—if you can withdraw, withdraw now, but it’s probably already too late.
On-chain sleuth ZachXBT issued an alert immediately, saying that this attack siphoned off over $280 million across Ethereum and Arbitrum. The price of AAVE tokens also fell right on cue by 10% to 13%.
This incident once again serves as a reminder: if you re-stake that kind of thing, and it gets mixed in with a cross-chain bridge, the damage caused by a single problem can be multiplied. If one link fails, the whole DeFi “LEGO” structure built on top of it collapses along with it.
#AI基建重心转向应用侧