TechFlow reports that on May 31, Aave published a post-mortem of the rsETH incident that occurred on April 18, 2026. According to the report, Kelp’s rsETH bridge from Unichain to Ethereum—built on LayerZero V2—was compromised due to an RPC poisoning attack against its verification network, causing it to accept forged cross-chain messages. As a result, 116,500 rsETH were erroneously released on the Ethereum side. The attacker subsequently deposited part of the stolen assets into eight Aave V3 positions and borrowed 82,650 WETH and 821 wstETH.
Aave stated that, following the incident, it froze the affected reserves, adjusted risk parameters, and coordinated with multiple parties to advance recovery efforts. By May 26, the Ethereum-side adapter had completed five rounds of replenishment, with a cumulative deposit of 116,131.72 rsETH, fully restoring collateral coverage; related markets have since resumed normal operations.
