HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

Aave Overhauls Listing Standards After $292M Exploit

Created at 31 May · 2:51 PM3 sources↑ Market-relevant3 events
IN SHORT

Aave is overhauling its asset listing standards and risk management protocols following a $292 million exploit. The exploit involved a forged cross-chain message on LayerZero's bridge, allowing an attacker to use unbacked rsETH as collateral. A coalition of DeFi protocols contributed $300 million to restore backing for exploited assets, and Arbitrum froze 30,766 ETH linked to the attacker.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

$292MrsETH exploit amount
$300MDeFi coalition recovery funds
116,500 rsETHunbacked rsETH used as collateral
30,766 ETHAttacker's ETH frozen by Arbitrum

Who's Involved

Aave
DeFi lending protocol affected by exploit
LayerZero
Cross-chain messaging protocol with exploited bridge
Arbitrum DAO
DAO involved in fund seizure and transfer
KelpDAO
Staked ETH restaking protocol and contributor to recovery
Aave Overhauls Listing Standards After $292M Exploit

↳ Why This Matters

On April 18, 2024, Aave experienced a significant exploit where a forged cross-chain message allowed an attacker to steal $292 million worth of rsETH. This event highlighted vulnerabilities in cross-chain communication and the potential for rapid contagion in the DeFi ecosystem, leading Aave to re-evaluate its risk management and listing standards.

Key facts

  • Aave is overhauling asset listing standards and risk management after a $292 million exploit.
  • The exploit involved a forged cross-chain message on LayerZero's V2 bridge affecting rsETH.
  • An attacker used unbacked rsETH as collateral on Aave V3 to borrow other assets.
  • A coalition of DeFi protocols contributed $300 million to restore backing for exploited assets.
  • Arbitrum froze 30,766 ETH linked to the attacker.

On April 18, 2024, Aave experienced a significant exploit where a forged cross-chain message allowed an attacker to steal $292 million worth of rsETH. This event highlighted vulnerabilities in cross-chain communication and the potential for rapid contagion in the DeFi ecosystem, leading Aave to re-evaluate its risk management and listing standards.

Frequently asked questions

A forged cross-chain message on LayerZero's bridge, due to an RPC-poisoning attack, caused the bridge to accept a transaction that never occurred, leading to the theft of rsETH.

Approximately $292 million worth of rsETH was stolen, which the attacker used to borrow WETH and wstETH from Aave V3.

A $300 million coalition of DeFi protocols contributed funds, Aave froze affected assets, and legal action was taken to recover the stolen ETH.

Aave is implementing new Technical Asset Listing and Bridge Assessment Frameworks, and expanding collateral checks to include bridges, oracles, custodians, and operational risks.

What Happens Next

01Awaiting court deliberation on the restraining notice for the seized ETH.
02Onchain execution of the Arbitrum DAO vote to transfer immobilized ETH to Aave LLC.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

1 Jun · 6:42 AM
Aave blames LayerZero's verification failure for the exploit, not its own code, and is overhauling risk checks for listed assets.
CoinCentral via PiQSuite
1 Jun · 5:04 AM
Aave is overhauling its asset listing standards following the rsETH exploit, shifting focus beyond smart contract bugs to broader DeFi risks.
CoinDesk via PiQSuite
31 May · 2:45 PM
Aave recovered from a $292M exploit caused by a forged cross-chain message by freezing assets and forming a $300M DeFi coalition.
Live Bitcoin News via PiQSuite

Sources

T1
Aave Claws Back From $292M rsETH Exploit With $300M Coalitionm.piqsuite.com
T1
Aave overhauls listing standards after $230 Million rsETH exploit exposed bridge risksm.piqsuite.com
T1
Aave Tightens DeFi Risk Checks After LayerZero rsETH Exploit Lossesm.piqsuite.com

Related Stories

Trader loses $1M in Ethereum phishing token approval scam
9 Jul · 6:06 AM
AI accelerates crypto audit risks, researchers warn
9 Jul · 5:55 AM
Toss, Optimism to Pilot Korean Won Stablecoin for Payments
8 Jul · 11:40 AM
Cantor SPAC and Adam Back's Bitcoin Treasury Renegotiate Merger Terms
8 Jul · 3:15 PM
Schwab Strategist Backs Strategy's STRC Playbook Amid Bitcoin Weakness
8 Jul · 3:25 PM