Breaking: The price of AAVE has dropped by 10% as the AAVE-backed KelpDAO is targeted in a $292 million cyber attack.

A recent update related to a cryptocurrency breach involving Aave and KelpDAO caused sharp market fluctuations. According to a recent investigation, it is claimed that approximately $292 million was lost in a complex process of minting and borrowing tokens. This led to AAVE’s price falling more than 10% today, alongside a decline in ETH’s price due to KelpDAO’s rsETH involvement.

Another crypto breach drains $280 million from the market
Crypto expert ZachXBT revealed on Telegram that KelpDAO may have been subjected to a cyber attack exceeding $290 million. Based on circulating information, the attacker minted between $280 million and $300 million worth of rsETH, a liquid digital asset that can be re-staked on the EigenLayer platform.

Subsequently, the minted rsETH was used as collateral on Aave V3 to borrow large amounts of ETH and WETH. The attacker then transferred these funds through Tornado Cash to obscure the transaction trail, according to blockchain tracking tools.

Blockchain data shows the hacker seized 116,500 rsETH. The value of the stolen assets is estimated at around $292 million, based on current market prices.

At 17:35 UTC, the transaction occurred when a wallet linked to the attacker invoked the lzReceive contract on LayerZero’s EndpointV2 contract. This call caused the KelpDAO bridge contract to release 116,500 rsETH to another address associated with the attacker.

Reports indicate that the Aave V3 protocol may now be vulnerable to nearly $177 million in zero debt losses. This incident has raised questions about the protocol’s guarantees and risk management settings.

KelpDAO and Aave protocols issue official statements
Hours after the incident, KelpDAO issued an official statement. The KelpDAO team wrote on X: “Earlier today, we detected suspicious activity across chains involving rsETH. We have paused rsETH contracts on the mainnet and several Layer 2 servers (L2) while we conduct an investigation.”

They added that they are working with LayerZero, Unichain, their auditors, and top security experts to analyze the root causes. The team concluded: “We will keep you updated as we learn more about this situation.” This incident is concerning, as the Drift protocol previously suffered a security breach on April 1st worth over $280 million.

Aave also issued a statement: “rsETH markets on Aave V3 and Aave V4 have been frozen. Aave contracts were not exploited; this is an exploit related to rsETH.” The company also mentioned that it will consider ways to compensate for deficits if zero debt accumulates on the protocol due to this incident.

AAVE’s average price has dropped by more than 10%.