Summary5 min read

Unchained Podcast: Bits + Bips: How the Kelp rsETH Hack Left Aave With $193M in Bad Debt

Host: Laura Shin
Air date: April 28, 2026

Episode Overview

This episode delves into the catastrophic consequences of the Kelp rsETH hack, which left the decentralized finance (DeFi) protocol Aave carrying $193 million in bad debt. Laura Shin, together with her guests, dissects the technical missteps, governance gaps, and systemic risks that underpinned the exploit, exploring not only what went wrong, but also how increasingly complex DeFi systems may be incubating future vulnerabilities. The discussion ranges from protocol architecture choices and exploit vectors to the nuanced behavior of DeFi users and possible safeguards for the future.

Key Discussion Points & Insights

1. Shared Faults: Kelp, LayerZero, and Aave ([00:00] – [01:38])

Kelp’s Lax Security: Kelp, which managed over a billion in client deposits, failed by relying on a "1 of 1" signer setup—an industry no-no due to its single point of failure.

"Kelp with over a billion and client deposits can do better than a one of one. And certainly we know at this point a one of one is pretty frowned upon." ([00:04], Speaker A)
LayerZero’s Infrastructure Risk: LayerZero’s off-chain Remote Procedure Call (RPC) system got compromised, exposing more protocols using the “OFT” (Omnichain Fungible Token) standard, many of which (about 40%) initially shipped with insecure 1-of-1 signer configs.

"Perhaps they shouldn't allow the 1 of 1 to be the out of the box kit for new deployers on the OFT standard… I think the numbers show close to 40% of those unique OFT deployments are on that one of one." ([00:14], Speaker A)
Collateral Listing on Aave: Aave failed to flag the risky 1-of-1 signer setup as a high-risk parameter when rsETH was listed as acceptable collateral.

"...the one of one signer on the OFT deployment… could have been flagged as a risk for the collateral listing and parameters adjusted accordingly…" ([01:18], Speaker A)

2. Aave’s Lending Model: Modular vs. Monolithic and Risk Socialization ([01:38] – [04:59])

Aave v3 Design: Deposits and risk are fully pooled; all types of collateral commingle, meaning problems can ripple throughout the entire protocol.

"…AAVE version 3… commingles all. All deposits. And that's part of what makes it a very powerful platform for, for DFAR participants… But then it also kind of socialize this risk that the extent of which was… unknown." ([01:57], Host Laura Shin)
Lending Pool Mechanics: On DeFi lending platforms, lenders supply assets as collateral, which are pooled. There’s little restriction on which assets can be borrowed or against which types of collateral, and loan-to-value ratios are not segmented by collateral type.
"Looping" Strategy: Most activity involves “leveraged looping” rather than genuine organic borrowing; users borrow ETH by staking liquid staking tokens (LSTs) such as rsETH, repeatedly cycling between the LST and ETH for yield.

"…the primarily use case of using this wrapped ETH in the pool reserves… around 98% of collateral backing these positions that was bored was in these LSTs." ([04:53], Speaker C)

3. The Dangers and Functions of Leverage Looping ([04:59] – [07:04])

Tightly Coupled Risks: Looping is a classic DeFi risk—good for juicing returns when markets are calm, but leads to rapid deleveraging in times of stress. Interest rates are variable and can spike unexpectedly, potentially liquidating borrowers en masse.

"People can get caught on the wrong side of it, and then it leads to rapid deleveraging and real problems getting out of these leveraged positions." ([05:22], Speaker B)
Does Looping Count as Real Economic Activity?:
- Pro: Looping increases asset utilization and lender yields; without it, pools like ETH would see little to no use.
- Con: It may give depositors a false impression of a diversified pool, when almost all activity centers on one risky trade.
"…does that kind of obscure the risk that you're taking on as a lender when you believe you're depositing into this diversified pool, when in reality 98% of it is just running this trade?" ([06:38], Speaker C)

4. User Concentration and Automation ([07:04] – [07:59])

"Who’s Looping?": Most looping is done not by individuals, but by vault products (e.g., EtherFi’s vault), which automate and abstract the looping process for regular users.

"…these wallets are essentially vaults… the top wallet is EtherFi's vault product. That basically just abstracts all the looping in the background and you basically present it to the user as high yield ETH product." ([07:36], Speaker C)

5. Pool vs. Segmented Lending: Aave vs. Morpho ([07:59] – [08:54])

Morpho Protocol: Offers more granular control—depositors can choose which assets their collateral is lent or borrowed against, isolating risks.
Aave’s All-Comers Approach: Offers deep liquidity and lower rates, at the cost of every ETH depositor sharing in all risks, including those posed by aggressive loopers.

"…when you have this one risk parameter that's shared to the entire pool, you're essentially forcing each ETH lender to opt in into the system." ([08:34], Speaker C)

Notable Quotes & Memorable Moments

On systemic design flaws:

"Certainly we know at this point a one of one is pretty frowned upon." ([00:04], Speaker A)
On risk socialization:

"All deposits… socialize this risk that the extent of which was… unknown." ([02:01], Host Laura Shin)
On looping and risk opacity:

"…does that kind of obscure the risk that you're taking on as a lender when you believe you're depositing into this diversified pool, when in reality 98% of it is just running this trade?" ([06:38], Speaker C)
On user experience and risk:

"…the top wallet is EtherFi's vault product… present it to the user as high yield ETH product." ([07:36], Speaker C)

Timestamps for Key Segments

[00:00] Shared blame: Kelp, LayerZero, Aave
[01:38] Aave’s risk-socializing design & basic mechanics
[04:59] DeFi users’ looping strategies and market impact
[06:07] Real economic activity vs. leverage games in DeFi
[07:04] User concentration/Vaults automating looping
[07:59] Comparing Aave (pooled) vs. Morpho (segmented) lending models

Summary

This episode offers a sharp, technically grounded look at how a single hack exploited weaknesses up and down the DeFi stack, saddling Aave with extraordinary bad debt and unveiling deeper design questions for the future of lending protocols. The guests highlight how security shortcuts, risk pooling, and economic incentives often collide, and suggest that more modular, granular approaches (like Morpho’s design) may better manage risk. Still, as DeFi continues to evolve, the tension between liquidity, user yield, and systemic safety remains unresolved.

Loading summary

Transcript11 lines

[00:00]
A
Yeah, I'd say there's certainly some fault to be shared across the board here. You know, Kelp with over a billion and client deposits can do better than a one of one. And certainly we know at this point a one of one is pretty frowned upon. Then of course Layer zero who had their off chain RPC infrastructure compromised. Perhaps they shouldn't allow the 1 of 1 to be the out of the box kit for new deployers on the OFT standard and perhaps push back more. I think the numbers show close to 40% of those unique OFT deployments are on that one of one.
[00:44]
B
Really? So you're saying that 40% of people that use this infrastructure still have that one of one?
[00:51]
A
Not of total capital but of of unique OFT deployments. And a number have since been upgraded as well following the exploit. And hopefully we saw a lot of unique asset issuers who run the layer 0 oft. They had to freeze their infrastructure as well to evaluate any compromises on their end. And then third downstream for AAVE when listing the the RSE as collateral. Perhaps of course that the one of one signer on the OFT deployment that could have been flag flagged as a risk for the collateral listing and parameters adjusted accordingly for that.
[01:38]
B
Yeah, you would think, I mean I know we're going to, I think in this conversation we'll get to things like, like circuit breakers or rate limiting but yeah, all those things certainly could have helped. So Chandra, back to you. I want to focus on aave and there's different levels of, I guess knowledge about how these defi platforms operate. I mean to a certain baseline, like how they function, but then also how they're used. And your report does break out some delineations. I mean AAVE sort of their implementation on mainnet, AAVE version 3, which is, which is the main pool, the blue chip pool that sort of like commingles all. All deposits. And that's part of what makes it a very powerful platform for, for DFAR participants to use. But then it also kind of socialize this risk that the extent of which was. Was unknown. I'd love for you to just explain the design choices that went into that, but. Yeah, let's just start with that. Why did they choose that setup? And then I have a followup.
[02:42]
C
Sure. So this kind of ties into modular versus monolithic lending and it also ties into a very interesting point that we made about looping and its impact on severity of the attack. So with protocols like this you have two sides, right. You have the lenders that are supplying their collateral and that gives them borrow power to allow them to borrow assets against that collateral. But in this collateral pool, assets are all pooled together and there's no distinction between what assets are allowed to be borrowed against it or different rates of interest rate. So normally under lending setup you would expect if I were to deposit ETH in the protocol, do you expect a very diverse set of lenders using different collateral at different loan to value ratios to borrow against that? Right. I might have one fund that has deposited Bitcoin borrowing my ethnic, some users depositing stablecoins. But when we look at the actual user behavior on these lending platforms and we think why would someone borrow ETH as an asset? There's only one real reason which is to go short that asset right to borrow it and then sell it on the market. So we don't really see much organic behavior borrowing eth, we see a lot of people using it as collateral depositing to borrow usdc, but we don't really see much organic borrower demand. And an example we can give here is wrapped btc which is another market that has a utilization rate of only around 4.8% at the moment and it's extremely cheap to borrow around 40 basis points per year. What we're seeing instead that type of behavior is people taking these pooled reserves, right? Because it can be borrowed and there's no distinction between what collateral types are used. And we see a lot of leverage looping which is the activity of a user using an active staked version of ETH that generates yield to borrow, a passive wrapped ETH version of it, converting that back into the active asset that generates yield and looping that back and forth. So that is basically the primarily use case of using this wrapped ETH in the pool reserves. And when we looked a little bit deeper we saw that around 98% of collateral backing these positions that was bored was in these LSTs.
[04:59]
B
Yeah, yeah, it's, it's interesting. I mean the looming idea, it's something I've been familiar with for years. Anyone who actively follows crypto is, is aware because it's just a very simple way to, to get leverage. And when things are, are going well and the, the numbers add up, it's, it's a sort of a, a market neutral way of, of juicing returns. But it can be dangerous. I mean it, I mean for one thing again I don't know how much people understand the way these markets work, but just because when you borrow money, my understanding from a platform like aave you borrow at a certain interest rate, but it's not fixed, it's variable and it can change. People can get caught on the wrong side of it, and then it leads to rapid deleveraging and real problems getting out of these leveraged positions. But then also I wonder too, I mean, this looping, do you think it constitutes any real economic activity or is it just a way of getting excess as excess leverage? And to what extent does that sort of just. What's the word I'm looking for, like warp, like incentives and, and sort of risk. Risk guard rails?
[06:07]
C
I mean, I guess it would depend on your definition of real economic. Real economic activity. I would say it is real economic activity. Right, because without this looping demand, it would have no utilization. The looping traders are borrowing eth, which increases the utilization. It also increases the interest rate for the lenders. So when you deposit ETH onto the platform, I think you would have historically earned around 1.7% APY, versus the example of Bitcoin that I gave where you earn 0.01 because no one's borrowing it. So it is generating economic activity, a lot of demand, a lot of use from lending platforms. Is this looping? The question is just, does that kind of obscure the risk that you're taking on as a lender when you believe you're depositing into this diversified pool, when in reality 98% of it is just running this trade? But I would say that it does constitute real activity.
[07:04]
B
Fair enough. And I know in your report you also pointed out that the majority of the wrapped ETH debtors are concentrated in the top 10. Did you have any sense of who those people are? And I guess, do you know who they are?
[07:23]
C
Yeah. So we did take those wallets and we just ran them through Arkham to see what they were labeled as. And these wallets are essentially vaults. Right. If you think about what leveraged looping is, you could do it manually where you take the lst, borrow eth, convert that into lst, and do that loop again. But a lot of people are just doing this automatically through vault programs. So, for example, the top wallet is EtherFi's vault product. Right. So that basically just abstracts all the looping in the background and you basically present it to the user as high yield ETH product.
[07:59]
B
Okay, And I am curious too. I mean, before we move on to Luke, you did contrast like this setup with Morpho, which is a bit more segmented. Can you maybe expand on that a little bit more and sort of think about design choices that might impact the way DEFI looks in the future.
[08:24]
C
Yeah, exactly. I think we'll get a little bit more into this in the end. But the meat of it is that you have a pooled option, which is aave, where each asset can be borrowed and you're not choosing what assets you can delent again. Right. So if I'm depositing ETH in the pool, any user with a health factor who has deposited collateral can borrow that eth. I cannot say. For example, I'm not comfortable with a looper borrowing my eth. I want to make that available only to someone with BTC or usdc. On Morpho, you have this extra layer of customizability where you are able to choose what assets are allowed to borrow your collateral. But the reason that we saw this do so well on AAVE versus Morpho, like the looping trade has been very concentrated on aave, is just because when you have this one risk parameter that's shared to the entire pool, you're essentially forcing each ETH lender to opt in into the system. Now you have billions of dollars of ETH TVL that's compounded over the years, and the risk team has just made that available to be borrowed at a low interest rate for Lubers. Right. So you have a lot more liquidity and lower interest rates on aave, which is why the trade has just flourished over there.