A forged bridge message released 116,500 rsETH, which attackers used as collateral to borrow WETH and wstETH on Aave. Aave froze affected markets, reduced risk parameters, and coordinated wit
Aave has released a detailed post-mortem on the April 18, 2026 rsETH bridge exploit that affected several Aave V3 markets. According to Aave, the incident began at 17:35 UTC when Kelp’s rsETH LayerZero V2 bridge accepted a forged cross-chain message, releasing 116,500 rsETH on Ethereum without a matching burn on Unichain. The attacker later supplied the assets into Aave positions and borrowed WETH and wstETH against the collateral.
According to Aave, the exploit originated from third-party bridge infrastructure rather than the lending protocol itself. The bridge relied on a one-of-one Decentralized Verifier Network configuration, where a single verifier approved inbound messages.
Aave said an RPC-poisoning attack manipulated the verifier’s view of source-chain activity. As a result, the Ethereum adapter released 116,500 rsETH that lacked backing on the originating chain.
The attacker then distributed the assets across multiple addresses. Subsequently, 89,567 rsETH entered eight Aave V3 positions on Ethereum Core and Arbitrum.
Those positions enabled borrowing of 82,650 WETH and 821 wstETH. Health factors reportedly remained between 1.01 and 1.03 during the activity.
As exposure became clear, Aave's Protocol Guardian and Risk Steward activated emergency protections. The protocol froze rsETH and wrsETH reserves, reduced loan-to-value ratios to zero, and later froze WETH across several deployments.
Meanwhile, Kelp paused affected rsETH linked to the exploit. Additionally, the Arbitrum Security Council froze more than 30,765 ETH connected to the attacker on April 21.
As containment continued, LlamaRisk published an incident report. Aave also paused rsETH reserves across Ethereum Core, Arbitrum, Base, Mantle, and Linea.
Alongside containment efforts, Aave Labs coordinated DeFi United, a recovery initiative involving Lido, EtherFi Foundation, Ethena, Mantle, Compound, Consensys, Joseph Lubin, LayerZero, KelpDAO, and others.
According to Aave, recovery commitments exceeded $160 million by April 25 and later reached roughly $300 million.
The technical recovery included liquidating attacker-linked positions, burning recovered rsETH, and refilling the LayerZero adapter through five separate tranches. By May 26, 116,131.72 rsETH had been redeposited, restoring full backing.
Aave said WETH and rsETH markets now operate normally. However, reviews covering asset listings, bridge dependencies, risk frameworks, and security standards remain underway.
The post Aave Reveals Full Timeline of rsETH Recovery Effort appears on Crypto Front News. Visit our website to read more interesting articles about cryptocurrency, blockchain technology, and digital assets.
