Feng 🛸

@xiaoyumama9968 😳

实在想不通啊……

@Predator_fund 如果一定要较真‘去中心化’洁癖，估计只有 BTC，极简功能设计+创始人消失+20年的时间积累，无法复制。其他所有项目不管如何包装，背后都有一个真实的权力结构

本来我还有点ARB，因为hyperliquid跑在Arbitrum上，看到这事刚刚全卖了，彻底败兴了，所有的二层全卖了，这已经不是区块链了，这是MySQL

@arbitrum Fast action, real teeth. As an Arbitrum LP user: this is exactly what "governance with boundaries" looks like in practice — emergency powers triggered, law enforcement coordinated, zero impact on other users, and funds now only movable by DAO governance.

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

👍支持 Arbitrum 快速冻结资金！作为长期在Arbitrum上跑LP策略的用户，说几个真实感受： 技术不吹牛，Nitro架构、Stylus多语言合约； 治理有牙齿，12人Security Council、9/12紧急授权、强制透明度报告。权力有边界这四个字不是口号； 生态有深度，Uniswap、Aave、GMX流动性深，不需要追新链冒险； 空投有诚意，2023年ARB至今是L2空投的标杆，后来者没有超越的。 #Arbitrum #DeFi

@hebi555 去中心化被过度浪漫化。。。现实的问题是：紧急权力的边界在哪里？谁来监督委员会？应急授权之后如何归还权力？ Arbitrum 9/12 多签触发，冻结资金通过治理解冻，权力有边界、有约束、有退出机制。 去中心化消灭不了权力，是让权力可被约束、替换、审计。

L2/跨链/质押/借贷都废了 以后都去CEX玩吧 去他妈的中心化

@justinsuntron 作为一个合法用户，我愿意选择一个能快速行动制止作恶的系统，下一步怎么处理冻结资金再走DAO投票治理都OK。但是的犯错机构也需要得到必要处罚

Ok. I'm officially announcing: the most decentralized blockchain in the world is Tron.

@_FORAB 金将军接受投降输一半么，要不正义联盟要启用回滚大杀器了。。

又是朝鲜黑客？币圈链上质押协议 KelpDAO，前几天遭到攻击，损失约 2.9 亿美元。初步迹象表明，此次攻击很可能是国家级行为体实施，信息指向朝鲜的 Lazarus Group 黑客组织。 目前他们在加密货币领域的战绩包括： Bybit 15 亿美金、DMM 3 亿美金、WazirX 2.3 亿、Ronin 6 亿。 下届以太坊开发者大会，可以举办在平壤了（误

@JaceHoiX @OKxiaohai OTC 呗

@OKxiaohai 更可怕的是，即使买了3万枚，盘面都不怎么见涨。

有点可怕，微策略一周买 3w 枚吗...

@TheDeFiPlug Who's actually Layer 0 here. KelpDAO's bridge failed. LayerZero's messaging was spoofed. Aave set high LTV on a cross-chain LRT with no concentration limits. A $196M single-position borrow should never have been possible. Three parties share this loss.

AAVE token down 20%. Everyone thinks that’s the market pricing $196M in bad debt. It’s not. It’s the market pricing who pays for that bad debt. The answer is: stkAAVE holders. Here’s what Aave’s safety module actually does, and why this event is different from anything that’s come before it. ● Quick background on the event. Saturday. Kelp DAO’s LayerZero bridge gets exploited. 116,500 rsETH minted out of thin air, no ETH locked on the other side. Attacker deposits unbacked rsETH into Aave V3 and V4 as collateral. Borrows real WETH against it. Exits. rsETH is now worthless collateral. The WETH is gone. Aave has $196M in bad debt. Aave’s contracts were not hacked. The collateral assumption was. Now. The question every AAVE holder should be asking: Who covers bad debt on Aave? The answer is Aave’s safety system; first Umbrella, then legacy stkAAVE as backstop. Aave Umbrella is a modular, onchain risk management system that automates bad debt coverage for Aave V3 pools. When deficits occur in specific assets, the system burns corresponding staked aTokens to cover the shortfall, no governance vote required. That’s the first line of defense. Here’s where it gets complicated. Aave first said the Umbrella reserve would cover any deficit. By Saturday afternoon, the language had softened to “explore paths to offset the deficit.” That language shift is not a communications update. It’s a capital adequacy admission. Umbrella was not sized for a $196M single-event loss concentrated in one collateral pair. Why wasn’t it? Aave’s loan book spans 22 chains. Ethereum alone holds $14.24B of the $17.82B in outstanding borrows. WETH is 39.49% of all loans on the protocol. The attacker didn’t hit a random market. They hit the rsETH–WETH pair; the exact pair that sits on top of Aave’s single largest loan concentration. A $196M deficit in WETH on Ethereum mainnet is not a tail risk. It’s center mass. So what happens when Umbrella isn’t enough? stkAAVE and stkABPT remain active in the legacy system, but with slashing disabled under Umbrella’s bootstrap phase, they now serve primarily as governance power with residual yield. The nuance: slashing is disabled on legacy stkAAVE under Umbrella’s current configuration. But that doesn’t mean stkAAVE holders are permanently protected. It means governance decides what happens next. ● Here’s the actual risk structure, bottom-up: Layer 1 — Umbrella aToken stakers (stkWETH, stkUSDC, stkUSDT): first to be burned. Automated, no governance required. Layer 2 — Aave protocol revenue and treasury: can be directed toward deficit coverage via governance vote. Layer 3 — Legacy stkAAVE: last resort. Requires governance to re-enable slashing. Up to 30% of staked AAVE can be seized and sold. The question is whether Layer 1 + Layer 2 can cover $196M before the market forces Layer 3 into the conversation. The legacy path seizes and sells AAVE to cover deficits. That creates direct sell pressure and mismatched coverage. The 20% drop is front-running that path. Not the debt, the sell pressure needed to resolve it. ● Why is this different from prior Aave bad debt events? The 2022 Curve exploit created bad debt on Aave. Governance voted not to slash stkAAVE. The bad debt was absorbed gradually via protocol revenue. That worked because the bad debt was contained, slow-moving, and Aave had time. That worked because the loss was contained and slow. Now: $196M concentrated in rsETH–WETH on Ethereum, alongside a $6.6B TVL outflow. WETH at 100% utilization leaves no gradual absorption path. ● The uncomfortable truth about LRT collateral on lending protocols: LRTs were whitelisted for yield and growth. Aave accepted rsETH as collateral. Its backing failed on a bridge Aave doesn’t control. Depositors lose either way. The risk wasn’t the contract. It was the bridge implied by that whitelist. ● What to watch from here: > Aave governance forum: any AIP to re-enable stkAAVE slashing or tap treasury. That’s the binary. > Umbrella aToken staker balances: how much staked WETH is in the Umbrella vault relative to $196M. If it’s undersized, the gap falls to governance. > rsETH peg on Ethereum mainnet: if it holds near 1:1, collateral recovery is possible. If it breaks, the bad debt number grows. > AAVE token price: it’s not a sentiment indicator right now. It’s the market pricing Layer 3 probability. ● My Take AAVE is down 20%. The market is pricing what most holders ignore. Three backstops: > Umbrella is undersized > Treasury accrual is slow > stkAAVE slashing needs governance That drop is the probability of slashing. If you hold stkAAVE for yield, you are first-loss. This week made it real.

@waleswoosh Short-term: Umbrella settlement is the key milestone. Mid-term: LRT LTV cuts, bridge risk in collateral ratings, circuit breakers become baseline. Long-term: tiered pricing between native and cross-chain assets is overdue. Steady the confidence first. Then find the gold.

Money is leaving DeFi at an unprecedented scale

短期流动性解冻取决于：新存款进来，或借款人还钱。Umbrella 结算完成是关键节点，时间线不明，煎熬期还没结束。 中期行业被迫升级：LRT抵押品LTV全面下调；跨链桥风险纳入抵押品评级；链上自动熔断从建议变标配。 长期每次大事件都是强制升级。这次暴露的是DeFi可组合性的系统性盲区，修复也会是系统性的。原生资产与跨链衍生资产分层定价需提上日程。 坏账边界明确之前，恐慌有其合理性。边界明确之后，才是重新定价的时机。 先稳住信心，再找黄金。

@aave Steady the ship before you go looking for gold.

Update on rsETH incident: According to our analysis, rsETH on Ethereum mainnet is fully backed. Out of an abundance of caution, rsETH remains frozen across Aave V3 and V4 and exposure to the incident is capped. WETH reserves also remain frozen across affected markets including Ethereum, Arbitrum, Base, Mantle, and Linea. Aave is actively validating information and assessing potential resolutions.

@sunlc_crypto 同意！信心比黄金重要，先稳住信心黄金总能找到

AAVE在这件事情的处理上非常傻逼。 大家都知道这件事情的主要责任是L0和KeplDao，不需要你再发这样一个推卸责任的推文了。 金融行业最怕的就是挤兑，之前bybit的被盗15个亿美金的处理堪称教科书，ben第一时间出来发推维稳并且短期内恢复了提币，挤兑自然慢慢解除了。 现在AAVE只是损失2亿多美金，相对几百亿的TVL来说是九牛一毛，之所以大家现在疯狂提币就是怕被分摊损失。 AAVE官方只需要出来说一句我们的储备金足够，无论如何损失都不会让用户分摊，大家马上会停止挤兑，甚至愿意把钱在存回来吃高额的利息。 如何划分损失AAVE、L0和Kepl肯定要扯皮很久，难道一天扯不清楚一天就不开提币吗？不管什么结果，我相信最终都不可能选择让ETH的存款人去分摊这笔损失的，否则AAVE以后彻底开不下去了。既然是这样，为什么不早点宣布呢？现在这点损失后面完全是可以cover的，万一现在市场来个暴跌，AAVE完蛋不说，整个以太坊都会崩溃。

AMC help

@0xfluid aArbWETH help😂

Introducing aWETH Redemption Protocol With ETH utilization at 100% on Aave, many lenders are currently unable to withdraw and face increasing risk if markets move. aWETH Redemption Protocol allows ETH lenders to: • Exit into wstETH or weETH • Regain immediate liquidity • Reduce exposure to liquidation risk If you’re just lending ETH — you can fully exit. If you have ETH collateral and another debt — your collateral is seamlessly swapped into wstETH or weETH while your debt remains the same. We’re working alongside @LidoFinance , @ether_fi, @0xProject, @1inch, @KyberNetwork, and other ecosystem partners to: • Reduce systemic risk in DeFi • Ease utilization pressure • Support a healthier DeFi market Our goal is simple: protect users while reinforcing the foundations of DeFi. Capacity is initially limited to $1B in ETH. fluid.io/lite/aave-v3/e…

@Yuanshan0626 没有无辜的雪花，能不能录质押品，按多大比例质押？怎么隔离质押品风险？大额借贷怎么风控？清算如何有效触发？

看一篇就够了 | Aave 出事。但这事真不怪 Aave KelpDAO 有个跨链桥被人钻了空子，凭空铸出来 11.65 万枚 rsETH，差不多 2.92 亿美元。 攻击者手快，立刻拿着这堆“假币”跑到 Aave，存进去当抵押品，借走了 8.26 万枚真 ETH，1.95 亿。等 Kelp 反应过来按下暂停键，46 分钟过去了。 Aave 自己一行代码都没出问题。但坏账留在了它账上。 为什么说不怪 Aave？ Aave 是 DeFi 里风控最严的协议，没有之一。Chaos Labs、Block Analitica、LlamaRisk 这些最贵的风控团队都审过参数。 rsETH 当抵押品借 WETH，最高 LTV 设到 93%，是因为大家真心觉得 rsETH 跟 ETH 是等价物。 那为什么还出事？ 因为 rsETH 这种东西，本质是把 ETH 的风险叠了好几层。ETH 先质押到 Lido 拿 stETH，stETH 再质押到 EigenLayer 赚一份额外收益， Kelp 把这个过程包装一下发个 rsETH 给你，这个 rsETH 还能跨 20 多条 L2 流通。每一层都有人在抽收益，出事的时候，没有任何一层站出来兜底 跨链桥的私钥泄漏，就是这次的导火索。但导火索之外，整个 LRT 赛道都在一个问题上心照不宣 —— 收益越高的 token，背后的链条越长，链条越长就越没人能为它兜底。 Aave 上层风控做到极致，也挡不住下游资产从根上烂。 其实更离谱的是，最惨的不是被盗的人，是其他人 想象一下，你只是去 Aave 存了点 ETH 吃利息，跟 Kelp 八竿子打不着。今天打开一看，取不出来了 为什么？因为 Aave 的 WETH 池子被借空了。利用率冲到 100%，池子里所有钱都被借走了，没钱给你取 两天内 184 亿巨鲸跑路，Aave TVL 从 263 亿掉到 179 亿，单协议蒸发 84.5 亿。整个 DeFi 全链 TVL 也从 994 亿掉到 862 亿 Aave 有个叫 Umbrella 的安全垫，本来就是为这种事准备的。但 Umbrella 只有 5000 万，坏账有 1.96 亿，差 1.46 亿 这 1.46 亿最后怎么填？先割 Umbrella 里质押的那批人，自动 slash 掉。还不够，普通存款人按比例承担。说白了，你存了 10 个 ETH，最后可能只能取出 9.5 个 这就是 DeFi 的“可组合性” 听起来很酷，出事的时候你才知道有多酷。。。 DeFi 这两年讲的故事，是把同一份 ETH 反复抵押、反复生息、反复跨链，硬生生把 1 美元的资产玩出 5 美元的流动性幻觉。 所有人都在赚那个差。但出事的那一刻，1 美元就是 1 美元 当然，DeFi 也不是时间线上大家说的什么要死了，只是需要升级下玩法。

@VentureWeb3 所以 kelpDAO 暂停赎回呗，没法清算，二级市场大甩卖就是实亏

怎么这么多人都在唱AAVE应该自己赔付被黑客借走的ETH的？ 难道不应该是KelpDAO的 rsETH 贬值，然后清算吗？ 道理非常简单，rsETH 如果是刚性兑付的，那AAVE就没任何坏账，如果不是刚性兑付的，就什么时候开始贬值就完了，只有一个事情需要考虑，就是如何平滑清算。

🥲 不求高息，还以为是杠铃策略稳定的一端，没想到是高风险的那端

@evilcos AAVE 手头上的 ‘fake’ rsETH 和其它 rsETH 技术上有区别么？是不是 KelpDAO 解除 pause 后还是有义务赎回

Kelp 被盗 116,500 rsETH 事件，初步分析了下： - 其使用的 LayerZero 跨链是 1/1 DVN 配置，也就是经典的“单签”配置，而 LayerZero 官方文档默认推荐的是 2/2 - 这个“单签单点”可能也是被社工手法干掉，当然这是猜测，具体等调查 - 攻击者在以太坊成功卷走 116,500 rsETH，实际上还尝试了两次继续卷 40,000 rsETH 失败了，攻击者手续费来自 Tornado Cash - 116,500 rsETH 分散洗走，压力丢给了各质押平台，尤其 Aave，现在巨额坏账 - 那么最终谁来承担这些损失？就看相关受影响平台的进一步信息了… @SlowMist_Team 我们会持续跟进。