Fluid Ships $136M Aave Escape Hatch in Under 24 Hours

Anyone who has run an on-call rotation for a lending market knows the worst page in the book: utilization at 100%, lenders queuing to withdraw, and the invariant that lets them exit quietly has just broken. That is the page Aave shipped on April 18. What followed over the next 96 hours is the most interesting DeFi war story of the year so far, and it is not the exploit.

It is the cleanup.

What Happened

On April 18 an attacker hit Kelp DAO's LayerZero-based rsETH bridge adapter and minted 116,500 rsETH on an L2 without locking the matching ETH on mainnet. That is roughly $293 million in synthetic collateral, about 18% of rsETH circulating supply. The attacker parked the unbacked rsETH on Aave V3 and V4, borrowed around $236 million in WETH, and left before markets were frozen.

Aave's WETH pool hit 100% utilization within hours as real lenders sprinted for the exit. Variable borrow rates spiked into triple digits. aWETH started trading at a discount on secondary markets, with early exits clearing near 23% below par. As The Defiant reported, Fluid and a coalition of DeFi protocols responded by shipping the aWETH Redemption Protocol in under 24 hours.

Lido and Ether.fi brought LST liquidity. 1inch shipped the front end. 0x and Kyber routed orders. In the first 48 hours the redemption protocol processed 58,510 aWETH, approximately $136 million, out of Aave's frozen WETH pool. The discount for a 1,000 aWETH swap settled near 2.21%, roughly ten times cheaper than the secondary-market haircut.

Aave's risk team published an April 20 incident report modelling bad debt between $123.7 million and $230.1 million, depending on how claims on the under-collateralized rsETH L2 adapter are allocated. Kelp and LayerZero are still arguing. Kelp's April 19 statement said the 1-of-1 DVN configuration was LayerZero's documented default in its quickstart guide, and was re-confirmed by the LayerZero team during Kelp's L2 expansion. LayerZero has pinned the attack on the Lazarus Group's TraderTraitor subgroup and said new OFT deployments will no longer ship with 1-of-1 DVN configurations.

Technical Anatomy

The elegance of the redemption protocol is that it adds no new directional risk. It exploits a position Fluid already holds. Fluid is the single largest user of the Aave WETH market, carrying approximately $1.5 billion in ETH debt against its looped Lite Vault positions. That is not a typo. One protocol owes Aave one and a half billion dollars in ETH, and that debt is exactly what makes the unwind possible.

Here is the flow. A trapped lender hands aWETH into Fluid's Lite ETH Vault. The vault returns wstETH or weETH. The vault then calls Aave's permissionless repayWithATokens path, using the inbound aWETH to retire part of its own WETH debt. No WETH ever leaves Aave's pool. A liability is extinguished on one side and a receipt is burned on the other. The pool's utilization math improves without a single new WETH deposit.

The lender pays a modest haircut, around 2.21% on a 1,000 aWETH swap. The vault shrinks its borrowed exposure. The LST providers get flow. 1inch, 0x, and Kyber handle discovery and routing. It is netting, not magic, and it only works because Fluid was already the biggest counterparty on the other side of the book.

The ERC standards underneath deserve credit. aWETH is a standard receipt token. wstETH and weETH are standard LSTs. Aave's repay-with-aTokens function is public and permissionless. Aggregator routing is composable by default. The same openness that let an exploit cascade across Aave, Compound, and Fluid in hours is what let five teams assemble a coordinated exit without a governance vote, treasury drawdown, or new counterparty agreement.

My take: this is the first large-scale DeFi incident where composability was a net positive on the response side, not just the attack surface. Production incidents I've seen in centralized fintech rails would have taken a week of legal calls to achieve the same netting. Fluid did it in a day because the primitives were already wired together.

Who Gets Burned

Aave depositors who exited early through secondary markets took the 23% haircut. That loss is permanent. Nobody is reimbursing the difference between par and panic.

Aave itself carries modeled bad debt of $123.7 million to $230.1 million. On a mid-sized protocol treasury that is not survivable without socialization, insurance draw, or token dilution. The redemption protocol does not reverse the attacker's borrowing, does not claw back the $236 million in WETH that walked, and does not affect the Kelp versus LayerZero blame game. It just gives honest lenders an exit that does not require waiting for governance.

LayerZero takes a reputational hit that matters. Dune Analytics found 47% of LayerZero OApps use minimal DVN security after the hack became public. That is not a niche issue. Half the deployed OApp surface was one forged message away from a similar incident. The policy change on new OFT deployments is correct, but it does nothing for the apps already in production.

Kelp DAO is fighting for survival. Eighteen percent of rsETH supply was unbacked at the moment of exploit. Trust in the peg is what LSTs sell, and that trust is cheap to lose.

The uncomfortable read: every protocol running a 1-of-1 DVN today is holding a ticking pager. Teams I've worked with in iGaming would have failed a basic security review with that configuration, and here it was the documented default. $293 million in synthetic mint from one forged message is roughly the annual operating budget of a mid-sized regulated operator. That is the scale at which bridge defaults stop being a developer-experience concern and become a board-level risk.

Playbook for Crypto and DeFi

If your protocol touches cross-chain messaging, this week is for audits, not roadmaps. Concrete actions:

• Inventory every DVN configuration in production. If anything runs 1-of-1, file a change ticket today, not next sprint. Review the oracle and messaging assumptions end to end.
• If you operate a lending market, model what happens when a single collateral type is revealed as partially unbacked. Aave's invariant broke within hours. Yours will break faster if you have thinner liquidity.
• If you supply liquidity to Aave or any lending market, check aWETH-style receipt token exposure. Know where the exits are before utilization hits 100%, not after.
• If you looper and your debt sits on a single venue, treat that as single-vendor risk. Fluid carried $1.5 billion against Aave and got lucky that the netting worked in its favor.
• If you build integrations, study the redemption protocol's architecture. A 24-hour build with five teams and no governance vote is a template for future incident response, not a one-off.

For CTOs watching from the sidelines: the lesson is not that DeFi is fragile. The lesson is that openness cuts both ways and the teams that win are the ones who can ship coordinated fixes faster than attackers can compound damage.

Key Takeaways

• Fluid, Lido, Ether.fi, 1inch, 0x, and Kyber shipped the aWETH Redemption Protocol in under 24 hours and cleared $136 million out of Aave's frozen WETH pool in 48 hours.
• The unwind works because Fluid already owes Aave roughly $1.5 billion in WETH, so inbound aWETH retires existing debt rather than drawing new liquidity.
• The root cause was a 1-of-1 DVN configuration on Kelp's LayerZero-based rsETH bridge, which let an attacker mint 116,500 rsETH and borrow $236 million in WETH.
• Aave faces modeled bad debt between $123.7 million and $230.1 million; the redemption protocol does not reverse that exposure.
• 47% of LayerZero OApps still run minimal DVN security, so the next incident of this shape is a configuration audit away.