Unchained - 3. Why Aave's Unified Pool Turned a Bridge Hack Into $193M in Bad Debt
Episode Date: April 26, 2026Luke Leasure and Shaunda Devens of Blockworks Research explain how three compounding failures, Kelp's one-of-one bridge signer, Layer Zero's permissive default settings, and Aave's failure to flag it ...as a collateral risk, set up the conditions for the exploit. Shaunda Devens then breaks down the monolithic pool design that concentrated risk, showing how 98% of rsETH collateral was backing a single leverage looping strategy. This clip is from a longer conversation on the Kelp rsETH hack and its implications for DeFi. Full episode here: https://youtube.com/live/hJ9X_btsvD0 We go live every Thursday at 12:00 PM ET — subscribe to catch it live. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Yeah, I'd say there's certainly some fault to be shared across the board here.
You know, kelp with over a billion and client deposits can do better than a one-of-one.
And certainly we know at this point a one-of-one is pretty frowned upon.
Then, of course, Layer Zero, who had their off-chain RPC infrastructure, compromised.
perhaps they shouldn't allow the one-of-one to be the out-of-the-box kit for new
deployers on the OFT standard and perhaps push back more.
I think the numbers show close to 40% of those unique OFT deployments are on that,
that one-of-one.
Really?
So you're saying that 40% of people that use this infrastructure still have that one-of-one?
Not a total capital, but of unique OFT deployments.
and a number have since been upgraded as well following the exploit.
Hopefully.
We saw a lot of unique asset issuers who run the Lair Zero OFP.
They had to freeze their infrastructure as well to evaluate any compromises on their end.
And then third, downstream for AVE when listing the RSE as collateral,
perhaps, of course, that the one-of-one signer on OFT deployment, that could have been flagged as a risk for the collateral listing and parameters adjusted accordingly for that.
Yeah, you would think, I mean, I know we're going to, I think in this conversation, we'll get to things like circuit breakers or rate limiting.
But, yeah, all those things certainly could have helped.
So, Shandra, back to you.
I want to focus on AVE and there's different levels of, I guess, knowledge about how these DFI platforms operate.
I mean, to a certain baseline, like how they function, but then also how they're used.
And your report does break out some delineations.
I mean, AVE, sort of their implementation on Mainend Avey Version 3, which is the main pool,
the blue chip pool that sort of like commingles all deposits.
and that's part of what makes it a very powerful platform for DFR participants to use,
but then it also kind of socialized this risk that the extent of which was unknown.
I'd love for you to just explain the design choices that went into that.
But yeah, let's just start with that.
Why did they choose that setup?
And then I have a follow-up.
Sure.
So this kind of ties into modular versus monolithic lending.
And it also ties into a very interesting point that we made about looping and its impact on severity of the attack.
So with protocols like this, you have two sides, right?
You have the lenders that are supplying their collateral, and that gives them borrow power to allow them to borrow assets against that collateral.
But in this collateral pool, assets are all pooled together, and there's no distinction between what assets are allowed to be borrowed against it or different rates of interest rate.
So normally under a lending setup, you would expect if I were to deposit ETH in the protocol,
do you expect a very diverse set of lenders using different collateral at different loan to value
ratios to borrow against that, right?
I might have one fund that has deposited Bitcoin borrowing my ETH, some users depositing
stable coins.
But when we look at the actual user behavior on these lending platforms and we think why would
someone borrow ETH as an asset, there's only one real reason.
which is to go short that asset, right, to borrow it and then sell it on the market.
So we don't really see much organic behavior borrowing eat.
We see a lot of people using it as collateral, depositing to borrow USC,
but we don't really see much organic borrowed demand.
And an example we can give here is RAPBTC, which is another market.
That has a utilization rate of only around 4.8% at the moment,
and it's extremely cheap to borrow, around 40 basis points per year.
What we're seeing instead, the type of behavior is people taking these pooled reserves, right,
because ETH can be borrowed and there's no distinction between what collateral types are used.
And we see a lot of leverage looping, which is the activity of a user using an active state version of ETH that generates yield to borrow a passive wrapped ETH version of it,
converting that back into the active asset that generates yield, and looping that back and forth.
So that is basically the primarily use case of using this wrapped ETH in the pool reserves.
And when we looked a little bit deeper, we saw that around 98% of collateral backing these
positions, the wrapped Ead that was bored, was in these LSTs.
Yeah.
It's interesting.
I mean, the looming idea, it's something I've been familiar with for years.
Anyone who actively follows crypto is aware because it's just a very simple way to get leverage.
and when things are going well and the numbers add up,
it's sort of a market neutral way of juicing returns.
But it can be dangerous.
I mean, for one thing, again,
I don't know how much people understand the way these markets work,
but just because when you borrow money,
my understanding from a platform like AVE,
you borrow it a certain interest rate, but it's not fixed.
It's variable and it can change.
People can get caught on the wrong side of it.
And then it leads to rapid de-leveraging
and real problems getting out of these leveraged positions.
But then also, I wonder, too, I mean, this looping,
do you think it constitutes any real economic activity
or is it just a way of getting excess leverage?
And to what extent does that sort of just sort of looking for?
Like warp, like incentives and sort of risk guardrails.
I mean, I guess it would depend on your definition of real economic activity.
I would say it is real economic activity, right?
Because without this looping demand,
ETH would have no utilization.
The looping traders are borrowing ETH,
which increases the utilization.
It also increases the interest rate for the lenders.
So when you deposit Eid onto the platform,
I think you would have historically earned around 1.7% APY
versus the example of Bitcoin that I gave
where you earn 0.01 because no one's borrowing it.
So it is generating economic activity
a lot of demand, a lot of views from lending platforms is this looping.
The question is just, does that kind of obscure the risk that you're taking on as a lender
when you believe you're depositing into this diversified pool when in reality,
98% of it is just running this trade?
But I would say that it does constitute real activity.
I know in your report, you also pointed out that the majority of the rapt Eath debtors
are concentrated in the top 10.
Do you have any sense of who those people are?
And I guess, like, yeah, do you know who they are?
Yeah, so we did take those wallets and we just ran them through Arkham
to see what they were labeled as.
And these wallets are essentially vaults, right?
If you think about what leverage looping is,
you could do it manually where you take the LST,
borrow, you convert that into LST and do that loop again.
but a lot of people are just doing this automatically through vault programs.
So for example, the top wallet is etherfi's fault product, right?
So that basically just abstracts all the looping in the background,
and you basically present it to the user as high yield eat product.
Okay.
And I am curious to it.
I mean, before we move on to Luke,
you did contrast like this setup with Morpho,
which is a bit more segmented.
Can you maybe expand on that a little bit more
and sort of think about design choices
that might impact the way Defi looks in the future?
Yeah, exactly.
I think we'll get a little bit more into this in the end,
but the meat of it is that you have a pooled option,
which is Avey, where each asset can be borrowed
and you're not choosing what assets you can be lent again.
So if I'm depositing ETH in the pool, any user with a health factor who has deposited to collateral can borrow that EVE.
I cannot say, for example, I'm not comfortable with a looper borrowing my ETH.
I want to make that available only to someone with BTC or USC.
On Morpho, you have this extra layer of customizable where you are able to choose what assets are allowed to borrow your collateral.
But the reason that we saw this do so well on AVE versus Morpho, like,
The looping trade has been very concentrated on AVE is just because when you have this one risk
parameter that's shared to the entire pool, you're essentially forcing each ETH lender to opt into
the system. Now you have billions of dollars of ETH TVL that's compounded over the years,
and the risk team has just made that available to be borrowed at a low interest rate for LUBERS.
So you have a lot more liquidity and lower interest rates on Avey, which is why the trade has just
flourished over there.