How the Kelp rsETH Hack Left Aave With $193M in Bad Debt

The Kelp hack exposed a flaw at the center of monolithic DeFi lending. What comes next for Aave, for looping traders caught underwater, and for users who never knew the risk. A single compromised signature was enough.  When an attacker exploited Layer Zero's DVN network to mint 116,000 unbacked rsETH on Ethereum mainnet, Aave's unified pool design did the rest: within minutes, a $193M loan was originated against fraudulent collateral, ETH borrow rates went to 100% utilization, and thousands of leveraged looping positions flipped from positive carry to deeply negative.  Now Kelp faces a decision with no clean answer: socialize losses across all rsETH holders at a 17% haircut, or isolate the damage to the Layer 2 and blow through lenders on mainnet. Meanwhile, Aave's $250M umbrella module, designed precisely for moments like this, looks critically undercapitalized for a tail risk of this magnitude.  Blockworks researchers Luke Leasure, Shaunda Devens, and Carlos Gonzalez Campo walk through the mechanics of the exploit, the design choices that amplified it, and what the resolution scenarios mean for DeFi's future. Host: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Steven Ehrlich⁠⁠⁠⁠⁠⁠⁠, Head of Research, SharpLink Guest: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Luke Leasure (@0xMether), Head of Research at Blockworks Shaunda Devens (@shaundadevens), Research Analyst at Blockworks Carlos Gonzalez Campo (@0xcarlosg),  Researcher at Blockworks