PANews reported on May 31 that Aave released a post-incident investigation on its X platform regarding the April 18 attack on the Kelp rsETH LayerZero V2 bridge. The investigation emphasized that the exposure stemmed primarily from third-party bridge infrastructure, not the protocol itself. The attacker used an RPC poisoning attack to forge a cross-chain message targeting the LayerZero single validator. This resulted in 116,500 rsETH being released on the Ethereum side without any actual destruction on the Unichain. The attacker then deposited the stolen rsETH into Aave V3 (Ethereum Core and Arbitrum) and lent out approximately 82,650 WETH and 821 wstETH.

Aave Protocol Guardian and Risk Steward immediately implemented protective measures for the rsETH and WETH reserves. Currently, the WETH and rsETH markets are functioning normally in the affected V3 deployments. The attacker's rsETH on Arbitrum has been destroyed, the LayerZero OFT adapter has been fully deposited in five batches, rsETH support has been fully restored, and Kelp has reopened rsETH withdrawals, bridging, and claims functionality. The WETH LTV in the affected markets has been reset to its pre-attack value, and Aave V3 is fully operational in all markets except rsETH. The Arbitrum DAO has voted to authorize the transfer of frozen ETH to Aave LLC, which is currently awaiting on-chain execution. The court is still reviewing the substantive content of the restraining order, and Aave LLC will continue to comply with the restraining order during the court's review. Ongoing projects include: Llama Risk's Aave Risk Framework, bridging assessment framework, publishing assessment reports on currently listed assets, on-chain execution of the Arbitrum DAO vote, and the court's review of the restraining order.