News linked to both this project and an event.
Aave released the latest update on the rsETH security incident on the X platform, announcing that it has paused rsETH reserve-related operations on the Ethereum mainnet as well as networks including Arbitrum, Base, Mantle, and Linea. This measure is intended to prevent excess aETHrsETH from being withdrawn, thereby pushing positions close to the 95% liquidation threshold. This action aims to preserve as much capital as possible and reduce systemic risk while the asset recovery plan is underway. Aave stated that further progress and resolution plans will be continuously disclosed to the community.
Aave announced the latest developments regarding the rsETH security incident on X, stating that rsETH-related reserve operations have been suspended on Ethereum Mainnet and on networks including Arbitrum, Base, Mantle, and Linea. This measure aims to preserve as much capital as possible and mitigate systemic risk while the asset recovery plan is underway. Aave stated that it will continue to disclose subsequent updates and resolution plans to the community.
According to monetsupply.eth, Spark’s Strategy Lead, in a post on X, Spark has long maintained a relatively high borrowing interest rate cap for its SparkLend ETH market. Although this policy caused many users to migrate to Aave—resulting in substantial loss of business and revenue—the current market liquidity crisis has validated the prudence of this strategy. Presently, Aave is experiencing severe liquidity shortages across multiple chains—including Ethereum Mainnet, Arbitrum, Polygon Plasma, Mantle, and Base—with ETH borrowing utilization reaching 100%. This has prevented depositors from withdrawing funds and hindered normal liquidation of ETH collateral. He warns that if the current liquidity crunch persists, a 15–20% drop in ETH’s price could expose Aave to widespread bad debt—compounded by the potential impact of the rsETH vulnerability incident.
According to a post by 0xngmi, founder of DefiLlama, following the hack of KelpDAO, Aave is facing severe pressure in handling bad debt. Currently, there are three potential solutions: First, socializing the loss across all users—this would result in an 18.5% impairment for users, generating approximately $216 million in bad debt. Aave’s Umbrella Insurance could cover $55 million, and the treasury could contribute an additional $85 million, leaving a shortfall of roughly $76 million. Second, executing a “rug pull” on rsETH holders on L2 chains—this would generate approximately $341 million in bad debt, with Arbitrum, Mantle, and Base markets suffering the heaviest losses. Third, returning assets to holders based on a pre-attack snapshot—but this approach is extremely operationally challenging, and even after Umbrella Insurance coverage, an estimated $91 million in losses would remain. Additionally, some suggest confiscating the hacker’s collateral to offset part of the bad debt. Meanwhile, Aave’s OG Security Module still holds approximately $300 million worth of AAVE tokens; applying a 20% reduction would provide an additional ~$60 million in loss coverage.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.