Aave allows withdrawing rsETH on five different blockchains

The attack on April 18 caused a crisis

The problem stems from a bridge attack and oracle exploiting Kelp DAO's LayerZero V2 integration flaw between Unichain and Ethereum. The attacker forged verification data, convincing the Ethereum side of the bridge that rsETH was burned on Unichain when in fact no burning had occurred, allowing them to unlock about 116,500 rsETH tokens from the escrow account on the main network without causing the corresponding cancellation on the original network. The attack exposed a fundamental vulnerability in Kelp's LayerZero configuration: the active bridge with a single Data Verification Network (DNVN) in a one-on-one setup, which means that fraudulent incoming messages can be authenticated without independent confirmation from the original chain.

The stolen rsETH was immediately deposited as collateral on Aave deployments on the Ethereum mainnet and many Layer 2 networks, where the attacker borrowed about 82,650 WETH worth $190 million based on unsecured collateral. At least seven accounts maintain lending positions near or below the liquidation threshold, creating a dangerous risk for lending protocols as the rsETH exchange rate plummets from a level on par with ETH to as low as $2,800 while ETH trades around $3,500. The attacker's ability to withdraw real value by using fraudulently created collateral means that the shortfall will eventually manifest as bad debt caused by legitimate lenders providing WETH to affected markets.

Aave's protocol protector and risk manager responded within hours by freezing rsETH and wrsETH reserves on all Aave V3 deployments, setting the lending rate above zero value and banning borrowing or providing new compromised assets. The group also modified interest rate models for WETH across multiple chains and frozen WETH reserves on selected markets to prevent spread in the lending ecosystem. Existing positions were still available for repayment and liquidation, but the freeze effectively isolated the damage while the recovery alliance was formed to address the lack of support.

DeFi United Alliance raised more than 300 million dollars

Just a few days after the attack, a concerted effort called DeFi United emerged, bringing together major DeFi protocols, infrastructure providers and individuals contributing to restore support for rsETH before the spread could cause chain failures in affiliate lending markets. The alliance finally raised more than $300 million in ETH pledges, enough to make up for the entire lack of support created by attackers and circulate unsupported rsETH tokens.

The Mantle network has made the biggest commitment with a credit limit of 30,000 ETH, taking advantage of its position as a Layer 2 network that is strongly integrated with Kelp's re-staking infrastructure. Aave DAO proposes to contribute 25,000 ETH to the treasury, with founder Stani Kulechov adding a personal commitment of 5,000 ETH in addition to the organization's commitment to the protocol. This personal contribution represents the management's view that successful recovery is vital to DeFi's credibility and the willingness to put personal capital at risk to prevent system failure.

Liquidation, burning and complicated legal issues

The restoration of the rsETH supply requires complex coordination between the Aave governance mechanism, Kelp DAO, the Arbitrum Security Council and federal courts. The first important step is to liquidate the remaining rsETH-secured lending positions of the miner on the Ethereum main network and Arbitrum, which Aave has done through a temporary administration process that manipulates the price of oracle rsETH to create a shortage in the attacker's fraudulent positions. The protocol emphasizes that all configuration changes made during the liquidation process will be reverted after completion without any permanent changes to Aave's core mechanism.

The recovered collateral has been transferred to Recovery Guardian, a designated multi-signature wallet managed by members of the DeFi United alliance. But settling the underground supply of the miner requires more than just liquidating the remaining positions. In cooperation with the Arbitrum Security Council and the Aave governance system, the alliance has succeeded in isolating and burning the rsETH that the miner used as collateral on Arbitrum, thereby effectively removing illegally generated tokens from circulation before the recovered funds can be used. This selective removal ensures that the newly injected ETH into the system will support users' legitimate tokens instead of providing liquidity to withdraw stolen assets.

Enhance security and switch to Chainlink CCIP

In parallel with the financial recovery, Kelp DAO has carried out a comprehensive security overhaul for its LayerZero bridge infrastructure and announced the transition to Chainlink's Cross-Chain Interaction Protocol (CCIP) for future cross-chain operations. These changes, audited by blockchain security company BailSec, aim to address the fundamental vulnerabilities that facilitated the April 18 attack, while establishing stronger verification requirements in the future.

The most significant security enhancement involves raising the verification requirement from LayerZero's previous single data verification network (DVN) to four independent authenticators, eliminating a one-on-one configuration that allows fraudulent messages to pass the authentication process without cross-checking. The block confirmation threshold increased from 42 to 64, providing more time to detect anomalies before messages were considered final and irreversible. And Kelp has completely removed all Layer 2 to Layer 2 bridges, forcing all cross-chain transfers to go through the Ethereum mainnet, where stronger security assumptions and more mature infrastructure help minimize the attack surface.

Disclaimer: The information presented in this article is the author's personal opinion in the field of cryptocurrencies. This is not financial or investment advice at all. Every investment decision should be based on careful consideration of your personal portfolio and risk tolerance. The opinion in the article does not represent the official position of the platform. We recommend that readers do their own research and consult experts before making any investment decisions.

Synthesized and analyzed by HCCVenture

Follow HCCVenture organization here: https://link3.to/holdcoincventure

Explore HCCVenture group

HCCVenture © 2023. All rights reserved.

About us

Clause

Privacy Policy

Connect with us

→ Strategic partner

→ Media Relations

→ Investors

Popular content

News

Market Analysis

→ On-chain Data

→ Market Report

→ ETFs Cash Flow

Strategic Insights

→ Project perspective

→ Trading floor

Share knowledge

Contact to us

E-mail : sp_contact@hccventure.com

Register : https://linktr.ee/holdcoincventure

Disclaimer: The information on this website is for informational purposes only and should not be considered investment advice. We are not responsible for any risks or losses arising from investment decisions based on the content here.

TERMS AND CONDITIONS • CUSTOMER PROTECTION POLICY

ANALYTICAL AND NEWS CONTENT IS COMPILED AND PROVIDED BY EXPERTS IN THE FIELD OF DIGITAL FINANCE AND BLOCKCHAIN ​​BELONGING TO HCCVENTURE ORGANIZATION, INCLUDING OWNERSHIP OF THE CONTENT.

RESPONSIBLE FOR MANAGING ALL CONTENT AND ANALYSIS: HCCVENTURE FOUNDER - TRUONG MINH HUY

Read warnings about scams and phishing emails — REPORT A PROBLEM WITH OUR SITE.