Key Takeaways

• On April 13, 2026, Hyperbridge Token Gateway was attacked through an MMR proof verification logic flaw. The attacker minted roughly 1 billion bridged DOT and sold into pools; after later revisions, the realized loss was about $2.5 million, while native DOT and the Polkadot mainnet were not affected.
• On April 18, 2026, KelpDAO's LayerZero V2 rsETH pathway from Unichain to Ethereum was hit by a forged-message attack. About 116,500 rsETH was released; roughly 89,600 rsETH was deposited into Aave, against which about 82,700 WETH and 821 wstETH were borrowed.
• Aave's contracts were not breached, but the protocol had to freeze rsETH, wrsETH, and multiple WETH markets while modeling $124 million to $230 million bad-debt scenarios. The episode shows that cross-chain assets are rewriting DeFi collateral risk standards.

Two cross-chain incidents in mid-April exposed a layer of DeFi collateral risk that had long been underpriced. First, Hyperbridge's Token Gateway was pierced by a forged proof on April 13, allowing an attacker to mint roughly 1 billion bridged DOT. Five days later, KelpDAO's rsETH bridge pathway released about 116,500 rsETH after accepting a forged message, and part of that asset flow entered Aave, where it was used to borrow real WETH and wstETH. The size, technical details, and victim sets differed, but both incidents point to the same problem: once a bridged asset is treated by other protocols as borrowable, collateralizable, or redeemable, a bridge-side error can spread along DeFi funding paths.

Aave was not the entry point in the rsETH incident. Its contracts, supply, repayment, and liquidation logic kept functioning. The harder issue is that when Aave accepted this collateral, it assumed rsETH remained fully backed. Once the bridge broke that assumption, the problem was no longer limited to a single token. The basis for the collateral's credit also collapsed.

These incidents therefore cannot be reduced to "the bridge was hacked." The DOT incident shows how forged proofs can push fake bridged assets into EVM liquidity pools quickly. The KelpDAO incident went one step further: fake or under-backed assets could pass through a bridge, through liquidity routes, and ultimately into shared lending pools such as Aave. The first case attacked market liquidity. The second attacked collateral credit.

Two Incidents Exposed The Same Verification Boundary

The Hyperbridge incident is easy for the market to understate because the later revised realized loss was about $2.5 million, far below the eye-catching 1 billion DOT figure. Structurally, however, the risk was not small. On April 13, Token Gateway's MMR proof verification logic failed, and the system treated invalid proofs as valid. After processing a malicious message, the attacker gained administrative control over the bridged DOT token contract on Ethereum, minted roughly 1 billion bridged DOT, and sold it into decentralized exchange liquidity pools.

The incident is currently understood to have been limited to Hyperbridge Token Gateway and bridged DOT contracts on affected EVM networks. Native DOT, the Polkadot relay chain, parachains, and other bridged assets were not directly impaired. That distinction matters because it separates "Polkadot itself was minted" from "the bridged representation was forged." Cross-chain asset risk is not necessarily base-chain risk, but it is enough to impose real losses on liquidity providers and counterparties holding the bridged version.

The KelpDAO incident was larger in size and broader in transmission. At 17:35 UTC on April 18, an inbound packet claiming to come from Unichain passed LayerZero V2 pathway verification and released 116,500 rsETH on Ethereum. Aave's later incident report said there was no matching source-side burn. In other words, Ethereum accepted a cross-chain message that looked valid in format but was not supported by a real asset movement on the source chain.

The two incidents had different technical forms: one missed a required check in proof verification, while the other involved a polluted cross-chain message validation path. The result was similar. Destination-chain contracts believed a state they should not have trusted. The bridge promise is that facts on chain A can be safely reflected on chain B. Once that promise fails, the token on chain B is no longer just a price-volatility issue. It can become an accounting unit without sufficient source backing.

DeFi risk teams have to update how they think about collateral. Historically, collateral review focused on liquidity depth, market cap, volatility, oracle design, liquidation discounts, and concentration. Now it also has to ask: is this collateral native, wrapped, bridged, or a cross-chain representation of a restaked asset? How many verification layers sit behind it? If one layer fails, does the loss fall on token holders, bridge users, lending protocols, external insurers, or governance?

Aave Was Not Breached, But It Inherited An External Credit Hole

Aave was not directly breached in this incident, yet it could still be left with bad debt. After receiving 116,500 rsETH, the attacker quickly split the assets across seven branch addresses. Of that amount, 89,567 rsETH was deposited into Aave, against which 82,650 WETH and 821 wstETH were borrowed. These positions had health factors around 1.01 to 1.03, sitting close to liquidation but not easy to process immediately.

Aave's first response was to freeze. Around 19:00 UTC on April 18, rsETH and wrsETH were frozen across several Aave V3 deployments, LTV was set to 0, new supply and borrowing were disabled, and existing positions remained repayable and liquidatable. Around 02:00 UTC on April 20, Aave also froze WETH on Ethereum Core, Prime, Arbitrum, Base, Mantle, and Linea to prevent WETH stress from spilling further into stablecoin and other reserve markets.

These actions show that Aave's risk framework can respond technically, but they also expose the other side of shared lending pools. Once an attacker uses a problem asset to borrow real WETH, the remaining pool liquidity can be drained quickly. For ordinary suppliers, even if the contracts were not hacked, WETH at 100% utilization turns withdrawal into a waiting game. Protocol security and user liquidity safety split apart at that moment.

Aave's incident report modeled two scenarios. If the loss were shared across all rsETH holders, bad debt would be about $124 million, or $123.7 million precisely. If the loss were isolated to L2 rsETH, bad debt would be about $230 million, or $230.1 million precisely, mostly falling on Mantle, Arbitrum, Base, Ink, and other markets. The gap between the two scenarios is large because KelpDAO's definition of rsETH backing, redemption, and loss allocation directly determines the value of the collateral held by Aave.

The attacker borrowed real assets such as WETH and wstETH. The rsETH collateral left inside the protocol raises a harder question: should its value be haircut, by how much, and which chain should bear the loss? Aave's contracts can liquidate according to rules, but if the external value of the collateral suddenly falls below the debt, liquidation can only settle the problem. It cannot make the shortfall disappear.

Aave Risk Exposure

The attacker did not leave Aave with a contract exploit. It left a bad-debt scenario about how to discount collateral value

The left side shows the attacker's collateral and borrowings; the right side compares the two bad-debt models in Aave's report.

 

Scenario 1 About $123.7M bad debt

Assumes losses are shared across the entire rsETH supply, leaving each rsETH with about 84.89% of its oracle value. Ethereum Core has the largest absolute amount but lower proportional pressure.

Scenario 2 About $230.1M bad debt

Assumes losses are isolated to L2 rsETH, with L2 collateral repriced to 26.46% backing. Mantle, Arbitrum, Base, and Ink face the greatest pressure.

LayerZero's 1-of-1 Dispute Turned Parameter Configuration Into A Security Event

The KelpDAO incident involved LayerZero, but the fact that rsETH used a LayerZero V2 bridge pathway is only the first layer. The more direct issue was that the Unichain-to-Ethereum pathway was configured with a single DVN, or 1-of-1. In simple terms, before the destination chain accepted a cross-chain message, only one required verifier had to validate it. There was no independent optional DVN acting as a redundant check. Once that observation path was polluted, the destination-chain contract could still receive an executable message.

LayerZero's public explanation attributed the incident to KelpDAO's single-DVN configuration. It said the attacker polluted downstream RPC infrastructure used by the LayerZero Labs DVN, then used DDoS to knock clean RPCs offline and force reliance on the polluted source. LayerZero also said this did not mean protocol code, DVN private keys, or key management systems were directly breached, and that it would stop signing or verifying messages for applications configured as 1-of-1.

The point is not attribution. The point is that parameter configuration itself is the battlefield. LayerZero's statement argued clearly that production pathways should not use a single DVN. Its Integration Checklist also tells applications to manually configure DVNs, executors, and related security assumptions for each pathway. In live DeFi, many risks do not sit inside a contract function. They sit in deployment parameters, defaults, operations, RPC sources, and responsibility boundaries among service providers.

This kind of risk is hard for ordinary users to see. It is more hidden than a typical smart contract bug. Most people understand "the contract was hacked." It is harder to understand why a token can still sit in a wallet, with no reentrancy or overflow issue in the contract, and suddenly need a 15%, 70%, or larger haircut. The reason is that a token contract alone cannot preserve the value of a cross-chain asset. These assets also depend on remote-chain burn/mint or lock/release relationships, message verifiers, oracles, liquidity pools, and issuer commitments.

If those components are not reviewed together, collateral can look attractive on the surface. It has a ticker, TVL, liquidity pools, points or yield narratives, and perhaps a listing on a major lending protocol. But once the market discovers that a bridge configuration has a single point of failure, it suddenly realizes that collateral quality includes an entire cross-chain supply chain.

Pathway Configuration

This dispute pushed "security parameters" out of deployment details and into the center of collateral credit

The key issue in LayerZero is not only the DVN name, but whether every directional pathway has explicit verifier, executor, and redundancy settings.

KelpDAO incident pathway 1-of-1 DVN

The Unichain to Ethereum rsETH pathway required only one DVN. If the RPC observation path was polluted, the destination chain could still receive an executable message.

Redundancy No optional DVN

Risk Single point of failure

LayerZero documentation Manual setup for every pathway

The docs require checking send and receive libraries, Executor, DVN config, peer mapping, and delegate. A to B and B to A must be reviewed separately.

Focus Do not rely on defaults

Direction Pathways are one-way

Production baseline Multiple DVNs plus redundancy

LayerZero said production pathways should not be configured with only one DVN, and that the LayerZero Labs DVN would no longer sign or verify messages for apps using 1/1 settings.

Redundancy Multiple independent DVNs

Goal Reduce single-point trust

 

Fake Supply Hits Liquidity First, Then Tests Who Governance Is Willing To Make Pay

Putting the DOT and rsETH incidents in the same article helps isolate the first stage of fake-supply transmission. The 1 billion bridged DOT minted by the attacker did not mean the Polkadot mainnet had suddenly created 1 billion native DOT. But in affected environments such as Ethereum, Base, BNB Chain, and Arbitrum, bridged DOT liquidity pools absorbed the first market hit. When prices dislocated, arbitrageurs, bots, and ordinary users could remove the remaining real or redeemable assets from pools at very low cost.

Hyperbridge therefore opened a voluntary return window afterward. The team traced some wallets that withdrew funds from DOT escrow during or shortly after the incident. Those wallets might not have been the original attacker, but users who traded in severely mispriced pools and then bridged DOT back to Polkadot. These cases are hard to classify with a simple "hacker versus victim" split because the on-chain trades themselves may be valid, while their value came from a liquidity pool that had been broken.

KelpDAO and Aave represent the second stage of transmission. Fake supply or under-backed assets first flow into DEX selling, then are used as collateral in lending markets. Loss allocation therefore expands from "who provided liquidity in the pool" to "who supplied WETH, who held rsETH, who accepted the L2 bridged version, and who should fill the bad-debt hole." Once protocols start discussing treasury and insurance modules, and whether external partners or ecosystem participants should intervene, a technical incident has become a governance and credit event.

This spillover is easy to underestimate because DeFi has long treated composability as a source of efficiency. Assets can be minted, bridged, deposited as collateral, borrowed against, and sent into another pool within minutes. In normal times, that is capital efficiency. During an incident, the same route amplifies errors. Composability is not the problem by itself, but it shortens the time between a bridge failure and a lending-pool failure.

Even under a conservative reading, this round of incidents will not end cross-chain activity or push Aave-like lending protocols out of position. Aave's rapid freezes, rate adjustments, and scenario modeling instead show that mature protocols have some emergency response capacity. But that should not be extrapolated into "the risk has been absorbed." As long as loss allocation, recovery amounts, KelpDAO's decision-making, LayerZero's follow-up standards, and Aave's market unfreeze path remain unresolved, the episode is still rewriting how markets discount cross-chain collateral.

The Next Risk Standard: Review The Token, Bridge, Pathway, And Parameters Together

The most direct impact on DeFi lending is that collateral review can no longer stop at the token layer. If an asset is to be listed on Aave, Compound, Morpho, or another lending market, risk committees cannot only ask about market cap, volume, oracle source, and liquidation discount. They also have to ask whether the asset is cross-chain, which bridge it uses, which pathway, how many validators, whether on-chain config is readable, whether rate limits exist, whether emergency pauses exist, and whether the issuer has explicitly committed to how redemption rights work in bridge-loss scenarios.

More concretely, at least three variables need to be repriced. The first is the collateral haircut. Bridged assets, LSTs, LRTs, and OFT-style assets may need higher haircuts, lower LTVs, or even chain-specific pricing rather than allowing all versions to share the same risk parameters. The second is the liquidity assumption. When WETH reaches high utilization, liquidation and withdrawal may not work as smoothly as models suggest, so risk teams cannot rely only on theoretical collateral ratios. The third is the responsibility boundary. When a bridge, issuer, and lending protocol each say that "my core system was not breached," users care about who can fill the shortfall.

Put differently, DeFi collateral credit is moving from "verifiable on-chain" toward "accountable across multiple parties." If an asset needs cross-chain messages, external RPC, DVNs, oracles, issuers, and governance to preserve its value, it has moved beyond single-contract risk and closer to a small financial intermediation chain. Decentralization does not automatically eliminate credit risk. It divides credit risk into more configurable and observable components that are also easier to overlook.

This does not mean all bridged assets are unusable as collateral. Cross-chain assets will remain necessary components of multi-chain DeFi. But after the fake DOT and fake rsETH stress tests, the market will have a harder time accepting "it can transfer, trade, and be posted as collateral" as equivalent to safety. The next questions are: if the bridge fails, where is the error contained? Who can pause? Who can compensate? Which market freezes first? When does the oracle adjust? Does the bad debt fall on the treasury, insurance module, token holders, on-chain users, or external service providers?

What happens next depends on three questions. First, whether Hyperbridge's fixes, audits, and Token Gateway recovery timetable can give victims a clearer recovery path. Second, whether KelpDAO, LayerZero, and related ecosystem parties can produce an executable plan for rsETH backing, redemption, and loss allocation. Third, whether Aave can gradually restore normal WETH and affected-market liquidity without externalizing bad debt indefinitely.

The real flashpoint in cross-chain bridge risk often comes when another protocol mistakes a fake asset for real collateral. April's two incidents turned that line into market cost. If the next generation of DeFi risk review still reviews the token but not the bridge, TVL but not the verification path, collateral ratios but not who absorbs bridge-side failure, then fake supply will find the next real asset pool.