Decentralized lending platform Aave’s danger administration supplier has outlined two situations on how dangerous debt from the Kelp DAO exploit over the weekend may influence the ecosystem, relying on how the losses are allotted.
The incident started on Saturday when hackers stole 116,500 Kelp DAO Restaked ETH (rsETH) tokens price $293 million from Kelp DAO’s LayerZero-powered bridge and used them as collateral on Aave V3 to borrow wrapped Ether (wETH).
On Monday, LlamaRisk modeled two attainable situations for a way this “dangerous debt” may materialize on Aave, noting that the ultimate determination rests with Kelp DAO.
The incident highlights the contagion danger in DeFi, the place a single bridge exploit can set off liquidity crunches and mass withdrawals throughout interconnected protocols like Aave, which has seen almost $10 billion in worth go away the protocol for the reason that Kelp DAO exploit came about.
Two situations and potential paths ahead
The primary state of affairs would see losses unfold throughout all rsETH token holders on Ethereum mainnet and Ethereum layer 2s, leading to roughly $123.7 million of dangerous debt on Aave whereas risking a 15% depeg in rsETH relative to Ether (ETH).
LlamaRisk mentioned this primary state of affairs would unfold losses extra thinly throughout all chains, whereas noting that wrapped Ether (wETH) could be “absorbing the majority in absolute phrases however barely noticing it relative to its reserve depth.”
Aave may additionally use its Umbrella safety mannequin to cowl losses in wETH below the primary state of affairs, noting that 18,922 Aave Wrapped ETH (aWETH) tokens price almost $43.7 million have entered the unstaking cooldown part.
The second state of affairs would shift all the shortfall to Ethereum layer 2 networks, comparable to Arbitrum and Mantle. Nonetheless, the dangerous debt could be considerably larger at $230.1 million.
LlamaRisk additionally famous that Aave has round $181 million in its treasury that could possibly be used to handle a possible dangerous debt shortfall.
Associated: Aave DAO backs V4 mainnet plan in near-unanimous vote
On Monday, Kelp DAO mentioned it’s nonetheless assessing the monetary influence of the exploit and the best way to safely unpause the protocol, including that it’s working with Aave, LayerZero and different stakeholders on a path ahead.
Kelp DAO sheds extra mild on the exploit
Kelp DAO additionally shared extra particulars in regards to the incident, saying that two nodes tied to the LayerZero bridge had been compromised, whereas a 3rd was hit with a distributed denial-of-service assault.
The attacker solid a seemingly legitimate switch message that the system authorised, permitting 116,500 rsETH to be minted on one in every of LayerZero’s bridges.
Kelp mentioned it paused all related contracts on Ethereum and Ethereum layer 2s and blacklisted all wallets tied to the exploiter shortly after, stopping them from stealing one other 40,000 rsETH price $95 million.
Journal: Are DeFi devs responsible for the criminality of others on their platforms?