Aave Faces $200 Million Default After Vulnerability Exploit

Aave, a leading decentralized finance (DeFi) platform, is facing a major crisis after an attacker exploited its vulnerabilities, causing a sharp decline in the value of rsETH. The incident has left many users worried about their deposits and the future of the protocol.

According to reports, the attacker was able to inject a forged cross-chain message into the rsETH bridge contract of Kelp DAO, allowing them to withdraw 116,500 rsETH tokens. These tokens were then deposited as collateral on Aave V3, enabling the attacker to borrow a significant amount of WETH and ETH.

The incident has raised concerns about the DeFi industry's governance and risk management practices. The attack was made possible by a configuration error in Aave's CAPO oracle system, which led to an underestimation of the wstETH price. This resulted in 34 highly leveraged positions being liquidated without warning.

Aave's Umbrella safety mechanism may not be able to absorb the full loss, leaving many users with partial losses or even complete principal losses. The incident has sent shockwaves through the DeFi community, highlighting the need for better governance and risk management practices in the industry.