In two days, AAVE’s TVL dropped by $6.6 billion (-25%) amid the KelpDAO hack.

Reasons for mass outflows:
- Freezing of markets with $RSETH and $WETH in Aave V3/V4 and many other protocols
- Wave of hate toward LayerZero: the team, 10 hours after the hack, was able to write only: “We’re aware of the hack and are investigating the cause”
- Protocols suspend operations with the LayerZero OFT bridge.
$RSETH in over 20 networks has become undercollateralized.

Commentary by Mikhail Egorov (Curve):

This story started with LayerZero, which is relied upon by crypto worth a quarter of a trillion dollars! So what happened? Let’s figure it out.

rsETH from Kelp uses the LayerZero bridge. The bridge allows transferring rsETH to other networks and back. You can mint rsETH only on Ethereum, and all rsETH on other networks is backed by mainnet-rsETH stored in the bridge.

In LayerZero, you can choose so-called DVNs. DVNs are nodes that essentially bring a message from another network. A 2-of-3 DVN configuration would mean that two DVNs must agree that “issue 100,000 rsETH to Eve” is exactly what was requested on the other network. And here’s the problem: rsETH has a 1-of-1 DVN configuration—only one DVN is used and fully trusted (even though it’s the primary LayerZero DVN). So it confirmed the message allowing the hacker to take all the rsETH from the bridge, even though it was never sent on the original network (in this case—Unichain).

As you’ve probably heard, a 1-of-1 configuration for multisigs is inherently unsafe. The same goes for DVNs. But this was THE VERY SAME official LayerZero DVN—how could it have confirmed an incorrect message? Was it hacked? Was it tricked? We don’t know. But anything can happen when you trust just one single party—no matter who they are.

Alright, so the hacker tricked the official LayerZero DVN and got a bunch of rsETH. What happens next? It turned out to be most profitable for the hacker to stake rsETH in Aave and borrow as much ETH as possible there. And Aave was left with rsETH that’s essentially impossible to sell, and with ETH maxed out, so no one can withdraw ETH. Potentially bad debt amounting to ~$300 million. Maybe not—technically it’s still collateralized, but a bank run on Aave is happening right now.

So what conclusions can we draw from this?

* Non-isolated lending, like in Aave, is very risky (though it’s also the most capital-efficient!). Aave v4 with a hub-and-spoke model is probably less risky. Morpho too. And lending on Curve, like Silo, is probably the most isolated—thus the safest in this regard.

* Lending protocols are riskier for depositing funds than DEXs. The USDC/USDT pool on Curve has exposure only to two assets in the pool, while Aave has exposure to all assets added there.

* Asset onboarding into lending protocols needs to be approached more carefully. The 1-of-1 DVN configuration for rsETH was a real oversight—it should have been upgraded to at least 2-of-2 before onboarding.

* Cross-chain is complex and potentially dangerous. Use cross-chain infrastructure only when absolutely necessary, and do it REALLY carefully.

In any case, I think DeFi will learn from this incident and become stronger than ever. Crypto is a tough environment where no bank would survive—and yet we’re working in it anyway. Permissionless infrastructure requires extraordinary efforts to stay safe—and we’re making those efforts!

TVL fell from $26.4 billion to $19.8 billion

AAVE dropped by 25% from the April 17 highs