Crypto Hack Results in $9 Billion Outflow from Leading Decentralized Finance Lender

Cryptocurrency Heist Triggers Crisis of Confidence Among DeFi Investors

A weekend hack that saw nearly $300 million drained from a little-known crypto project has triggered a crisis of confidence among decentralized-finance investors. The incident has led to a rush for the exit, with users pulling billions of dollars from DeFi's biggest lending platform, Aave.

According to cybersecurity researcher PeckShield, the hackers deposited about $200 million of the stolen tokens on Aave as collateral for borrowing another cryptocurrency. This move sparked fears among depositors about possibly worthless collateral on Aave, causing a rush for the exit, crypto portfolio manager Pratik Kala said.

The impact on Aave has been significant, with the platform recording some $9 billion of net outflows since Saturday, when news of the heist first emerged, data from industry tracker DefiLlama shows. The total value locked on the platform, a measure of assets held there, plummeted by more than a third to $17.5 billion.

Read also: Bitcoin Price Sinks 6% Below $66,500 Amid ETF Outflows and Institutional Selling

Aave representatives didn't immediately respond to a request for comment. The incident underscores security vulnerabilities that persist in DeFi, where users trade, borrow, and sell crypto without a central intermediary.

The incident comes just weeks after a heist that saw $280 million stolen from Drift Protocol, another DeFi platform. Cybersecurity researcher Cyvers said the hackers are likely affiliated with North Korea based on the sophistication and scale of the exploit.

The hackers stole a derivative form of Ether, the second-largest cryptocurrency, by targeting software that connects different blockchains. The software protocol was operated by Kelp DAO, a platform that enables so-called restaking. Such protocols, called cross-chain bridges, represent a key vulnerability in the cryptoasset ecosystem and have been repeatedly targeted by hackers in past years.

Read also: Bitcoin's Inflation-Hedging Potential Erodes as Price Falls Below $70,000

LayerZero, which developed the bridge used by Kelp DAO, also said North Korean hackers are likely behind the latest exploit. Kelp DAO has paused operations while it investigates the breach.

Normally, hackers tend to launder their loot by swapping tokens through a series of transactions engineered to make it difficult to track, or by using so-called crypto mixers. In the latest attack, they deviated from that pattern. Rather than simply cashing out, the hackers deposited the tokens — called rsETH, short for "restaked" Ether — as collateral across multiple platforms. In total, they borrowed $236 million this way, the bulk of it over Aave, PeckShield estimated.

Aave responded by freezing rsETH markets on its platform. On Sunday, it said in a post on X that its analysis shows rsETH traded on the Ethereum blockchain remains fully backed, but restrictions will stay in place as a precaution. But the damage was already done. Many Aave users who were unsure whether the rsETH tokens were fully backed or effectively "minted out of thin air" elected to just withdraw their funds from the platform since it isn't clear who's on the hook for any losses, said Kala. In essence, it was the DeFi equivalent of a classic bank run, he added.