Aave Sees $5.4B ETH Outflows as rsETH Exploit Raises Concerns According to Lookonchain, the Kelp DAO exploit has left Aave saddled with bad debt after the attacker deposited rsETH to drain ETH. This has sparked a massive whale exodus, with over $5.4 billion fleeing the protocol in a panic. Justin Sun alone yanked 65,584 ETH (~$154M) from the platform. Driven by this mass flight, Aave's ETH utilization rate has now maxed out at 100%.

OK — Kelpdao hacker, how much you want? Let’s just talk. With KelpDAO’s help, of course. It’s simply not worth it to sacrifice both Aave and KelpDAO and let them go down over this hack. You can’t spend $300 million anyway.

KelpDAO's rsETH bridge seems to have been exploited for ~$292M. Hacker borrows WETH against stolen rsETH on Aave. Here's what we know.

🚨 SECURITY ALERT 🚨 We are aware of a potential domain hijack affecting the @eth_limo DNS. Please DO NOT use the following domains until further notice. ❌ staking.safenet-beta.eth dot limo ❌ explorer.safenet-beta.eth dot limo You can safely access these services via IPFS directly: 🔹 Staking: https://ipfs.io/ipfs/bafybeiemy5vn7xwsfr… 🔹 Explorer: https://ipfs.io/ipfs/bafybeigq44oghn3enl… This is NOT a Safe specific issue and any other dot limo domains should also be avoided till the @eth_limo team resolves the issue. Stay vigilant.

🚨 𝗠𝟮𝟵𝟯𝗠 𝗚𝗼𝗻𝗲 𝗶𝗻 𝗠𝗶𝗻𝘂𝘁𝗲𝘀: 𝗛𝗼𝘄 𝗢𝗻𝗲 𝗕𝗿𝗶𝗱𝗴𝗲 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗦𝗵𝗼𝗼𝗸 𝗗𝗲𝗙𝗶’𝘀 𝗙𝗼𝘂𝗻𝗱𝗮𝘁𝗶𝗼𝗻𝘀 𝗶𝗻 𝟮𝟬𝟮𝟲. The decentralized finance (DeFi) ecosystem just got a harsh reminder: no protocol exists in isolation. ⬇️

A summary of the RAVE -95% price fluctuation from $26 to $1 over the past 24 hours. RAVE Timeline: April 18, 2026 7:26 am UTC: I posted a call to action for Binance, Bitget, & Gate to investigate RAVE market manipulation and offered a $10K bounty. 10:56 am UTC: I posted an update increasing the bounty to $25K. 11:18 am UTC: Bitget publicly acknowledged the call to action. 2:08 pm UTC: Binance publicly acknowledged the call to action. 3:06 pm UTC: RaveDAO posted claiming they have no involvement. 4:19 pm UTC: Gate publicly acknowledged the call to action. In the days leading up, on April 13 & 14, I confronted RaveDAO co-founder Yemu Xu (wildwoomoo) but have yet to receive an answer. RAVE launched in Dec 2025 on Binance Alpha with a 1B total supply. The addresses below, linked to the initial distribution, control ~95% of the RAVE supply (h/t Mlm): 0x9831156F1a6E506Fca41503590b42F07c2e80f54 0x8Ed6245C3276307E1A9D9Dc872E98A0E770070fd 0x6020656d1EF182173E45D4Fc375BDD5a48c674B0 0x2664cB80a5ee7D8EC05fe7C752dD62E078056E6d 0x2D81F8AeBf3e58A5e638006c9fd8F38C5220ecab 0x31694d761A8e851cFFbCd286aC54D01e5Ce5aFe6 0x0A1F07993a51CcEb4f52CA67765AECeADDA790d7 0xEB74Df8588cFC1C179Df4bd96C0bB8B227B9bE92 0x53d7d52301366DC14E1916b14eFeC1aDD8F3487b I found suspicious CEX activity in April 2026 tied to RaveDAO team addresses onchain, which potentially contradicts their recent statement: Bitget 0x2dc20f2180582172f5450c5d71e23fa438a7031b 0xa3a02aeb97fc1737c66f50d07d024799c137891d 0x2d95eb42525e6087e0cb7869f98da6838ed2e743 Gate 0x31711246b05d71e9eda5e38a3abb654020ee3353 Given the supply concentration, the team at minimum knows who is responsible for this price action. A simple litmus test: $6B in market cap was wiped out on just $52M of 24hr liquidations (h/t CoinGlass). That ratio points to a manipulated and unsustainable valuation. RAVE is not the only token with manipulation we have seen on major centralized exchanges. It's just the most blatant, reaching a top 15 market cap within 10 days before dropping 95% in hours. Other projects with highly questionable price action recently include: SIREN, MYX, COAI, M, PIPPIN, RIVER. Exchanges need faster intervention on manipulation. Detection at scale isn't easy, but each day of delay means retail traders absorb losses while platforms collect fees on the volume. The outcome is the same regardless of intent. While it's good the exchanges responded, I find it unlikely this activity wasn't spotted internally before I raised it publicly. I recognize how much this behavior takes from retail traders, and I plan to investigate similar movements in hopes of identifying the responsible parties. I want to reiterate that I did not take a position. If I had, I would have been liquidated myself. I also could not anticipate if or when the exchanges would comment publicly. My $25K bounty will remain active since the only DMs received were unverified claims rather than non-public information with supporting evidence as requested.

The rsETH markets on Aave V3 and Aave V4 have been frozen. Aave's contracts have not been exploited and this is an exploit related to rsETH. The freeze follows an exploit of the Kelp DAO rsETH bridge. Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed. We are reviewing information about rsETH borrows on Aave that occurred after the exploit and will share more details as soon as possible. If the protocol accumulates bad debt from this incident, we'll explore paths to offset the deficit.

AAVE MULTISIG GUARDIAN FREEZES WETH ON LENDING MARKETS: ONCHAIN

@dcfgod is right! rsETH exploit forensics. Live on-chain. 1/ Attacker wallet: 0x1F4C1c2e610f089D6914c4448E6F21Cb0db3adeF @aave V3 supply ladder, one wallet: 1 → 400 → 5,000 → 20,000 → 27,999 rsETH. Textbook test-then-scale. Probe with 1 token, ramp each time the prior clears. 53,400 rsETH from this wallet. ~$134M. Cluster total: ~116,500 rsETH. ~$290M. 2/ Aave V3 ETH reserve, live: Supplied: 2.71M WETH ($6.37B) Borrowed: 2.71M WETH ($6.37B) Utilization: 100% Supply APY: 7.36% Borrow APY: 8.71% That is the bank run. WETH suppliers are locked. Withdrawals blocked, as first flagged by @Marczeller. 3/ The mechanic. Attacker drained rsETH (OFT bridge vector, per initial reports). Supplied it as collateral on Aave V3 mainnet. Borrowed max WETH up to liquidation threshold. Walked. Kelp paused redemptions. Secondary rsETH liquidity cracked. Aave oracle still marks near peg. Liquidators cannot close the position at mark. The gap becomes bad debt on the WETH reserve. 4/ Loss waterfall. a. Umbrella. First live stress test of the Q4 2025 replacement for Safety Module. Will it fully slash aWETH stakers to cover the deficit? b. Residual haircut flows pro-rata to remaining WETH suppliers. c. Kelp mainnet rsETH holders are intact. Native ETH backing untouched, circulating supply unchanged. This is not a Kelp mint exploit. It is a bridge theft that became an Aave bad debt via instant cash-out. 5/ The primitive lesson. Listing an LRT, or any bridged derivative, as collateral means underwriting the entire upstream dependency stack: - Bridge config and security (@LayerZero_Core OFT here) - Mint and burn permissions - Oracle feeds and redemption mechanics - Fee contracts and wrapper logic Any single point of failure upstream becomes WETH bad debt downstream. @StaniKulechov, this is a listing-authority problem more than a token problem. If the stack cannot be fully priced and simulated, do not list it.

Checked the chain No new rseth was minted recently - the circ supply has been pretty steady They still have 670k eth and there’s 629k rseth circulating Question is - is any rseth considered unbacked? Does it work like frax where they can protocol mint some that would never be redeemed? Or is all rseth always backed? in which case, there would be no aave bad debt as they can just redeem it But then whose rseth was this? Some whale?

our domaim appears to have been compromised and the http://eth.limo domain has been hijacked. We're actively working with all parties involved to assess the situation and remediate the problem.

Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA. We will keep you posted as we learn more about this situation. Please follow only the official @KelpDAO handle for the updates.