Bitcoin(BTC) $76,219.31 +1.64%
Ethereum(ETH) $2,328.67 +1.29%
XRP(XRP) $1.43 +0.70%
Solana(SOL) $85.86 +0.51%
Mantle(MNT) $0.64 -1.01%
BNB(BNB) $630.42 +1.23%
Cardano(ADA) $0.25 +0.86%
Chainlink(LINK) $9.32 +1.44%
Pieverse(PIEVERSE) +
Pepe(PEPE) $0.00 +1.84%
Hyperliquid(HYPE) $41.18 -1.10%
Chiliz(CHZ) $0.05 +11.60%
SKYAI(SKYAI) $0.16 -12.76%
Sui(SUI) $0.95 +0.45%
MemeCore(M) $3.56 -0.26%
Pudgy Penguins(PENGU) $0.01 +5.21%
Hedera(HBAR) $0.09 +1.35%
GUNZ(GUN) +
Avalanche(AVAX) $9.31 +1.09%
River(RIVER) $6.83 -9.13%
Bitcoin(BTC) $76,219.31 +1.64%
Ethereum(ETH) $2,328.67 +1.29%
XRP(XRP) $1.43 +0.70%
Solana(SOL) $85.86 +0.51%
Mantle(MNT) $0.64 -1.01%
BNB(BNB) $630.42 +1.23%
Cardano(ADA) $0.25 +0.86%
Chainlink(LINK) $9.32 +1.44%
Pieverse(PIEVERSE) +
Pepe(PEPE) $0.00 +1.84%
Hyperliquid(HYPE) $41.18 -1.10%
Chiliz(CHZ) $0.05 +11.60%
SKYAI(SKYAI) $0.16 -12.76%
Sui(SUI) $0.95 +0.45%
MemeCore(M) $3.56 -0.26%
Pudgy Penguins(PENGU) $0.01 +5.21%
Hedera(HBAR) $0.09 +1.35%
GUNZ(GUN) +
Avalanche(AVAX) $9.31 +1.09%
River(RIVER) $6.83 -9.13%

Massive crypto hack triggers $9 billion panic withdrawal

By TheStreet Roundtable
about 3 hours ago
CASH AAVE DRIFT TORN TCORE
Send

A nearly $300 million exploit on a smaller crypto project has sent shockwaves through the decentralized finance (DeFi) industry

Panic over the weekend caused investors to pull $9 billion from Aave, the market's largest lending platform, creating a massive liquidity crisis.

The chaos started when hackers took about $200 million of stolen digital tokens and deposited them onto Aave. Instead of selling the stolen funds immediately, the attackers used them as collateral to borrow other cryptocurrencies. 

This unusual move terrified everyday depositors, who feared the collateral backing the platform might now be worthless.

According to data from industry tracker DefiLlama, the net outflows since the news broke on Saturday have slashed Aave’s total value locked by more than a third, dropping it down to $17.5 billion.

At press time, the native Aave token was trading at $90.42, reflecting a 2.54% decline over the past 24 hours.

Related: Major DeFi hack becomes the largest of 2026 yet

The Kelp DAO bridge exploit

The stolen funds originated from Kelp DAO, a liquid restaking protocol. Users deposit popular assets like Ether into Kelp and receive a "receipt" token called rsETH in return. 

To allow rsETH to operate across more than 20 different blockchain networks—including Arbitrum, Base, Linea, and Scroll—Kelp utilizes a cross-chain bridge.

On Sunday at 17:35 UTC, the attacker targeted LayerZero, the software system that allows these blockchains to communicate. The attacker successfully tricked LayerZero’s EndpointV2 contract into believing a legitimate instruction had arrived from another network. 

As a result, the Kelp bridge released 116,500 rsETH directly to the attacker. This haul represented roughly 18% of the entire 630,000 circulating supply of rsETH.

Kelp DAO’s emergency team responded 46 minutes later at 18:21 UTC by activating a protocol-wide pause, freezing all deposits, withdrawals, and the rsETH token itself.

Usually, hackers use tools like crypto mixers to hide and launder their stolen funds. In this case, the attacker funded a wallet using the privacy tool Tornado Cash about 10 hours before the strike. 

However, rather than simply cashing out, they borrowed an estimated $236 million across multiple platforms using the stolen rsETH, with the bulk of the activity happening on Aave, according to cybersecurity firm PeckShield.

To stop the bleeding, Aave responded by freezing rsETH markets. On Sunday, the platform stated in an X post that its analysis shows the rsETH traded on the Ethereum blockchain remains fully backed, but restrictions will stay in place as a precaution. 

Despite the reassurance, many users chose to withdraw their funds because it was unclear who would cover any potential losses if the tokens were effectively minted out of thin air.

Cybersecurity researcher Cyvers and LayerZero both indicated that the hackers are likely affiliated with North Korea, given the massive scale and sophistication of the attack. 

This breach highlights the persistent vulnerabilities of cross-chain bridges and comes just weeks after $280 million was stolen from Drift Protocol, another DeFi platform.

Related: Why I withdrew everything from Aave this weekend

Related News
Twitter-owned short video app Vine set to return in AI form after 8 years
Bullish MACD Flash: Is DOGE Set to Hit $0.70 Next?
Google unveils new AI Community Center in Accra
27 Shocking Signs You’re Trapped in a Market Bubble Right Now!
Ethereum Skyrockets, Powell Under Attack, + MEGA IPOs Incoming
Nigeria Stablecoin Summit: Stakeholders champion real-world use cases for explosive adoption
Court affirms FIRS’ authority to levy VAT on Bolt’s ride-hailing and food vendor services
Neobanks vs. Traditional Banks in Nigeria: Who is winning?
Nigeria’s 90,000km fibre
NLC calls for legislation to regulate Uber, Bolt, inDrive operations in Lagos