Aave Protocol Recovers from $292M Exploit with $300M Coalition

Aave's protocol has made a significant recovery from a recent exploit that drained $292 million in wrapped Ether (wETH) and rEther (rsETH).

The attack, which occurred on April 18, was triggered by an RPC-poisoning attack on the LayerZero verifier. The attacker used this vulnerability to forge cross-chain messages, allowing them to siphon off rsETH from Aave's protocol.

Within minutes of the attack, seven recipient addresses had received the stolen tokens, with 89,567 rsETH being placed into eight Aave V3 positions across Ethereum Core and Arbitrum. The attacker then used this borrowed capital to pull 82,650 WETH and 821 wstETH against collateral that had no real backing.

Aave's Protocol Guardian quickly responded by freezing rsETH and wrsETH across V3 and setting the loan-to-value (LTV) to zero by 19:00 UTC on April 18. The Kelp Spoke on V4 was also frozen in full, with WETH borrowing switched off.

A coalition of DeFi protocols, led by Aave Labs' DeFi United initiative, coordinated a relief effort that ultimately raised over $300 million to restore the protocol's backing. The recovery effort included freezing WETH across multiple chains, cutting borrowing rates, and re-securitizing rsETH through five tranches.