Aave is keeping WETH markets frozen across its Prime deployment and several major layer 2 networks following the KelpDAO rsETH bridge exploit, which created serious stress in ETH markets. The protocol’s incident report says the Aave Guardian first froze rsETH and wrapped rsETH across all V3 deployments on April 18, then extended the freeze to WETH on April 20.
The KelpDAO exploit drained about 116,500 rsETH from its LayerZero-based bridge. It then pushed that unbacked collateral into Aave on Ethereum and Arbitrum.
Attack wallets supplied rsETH to Aave and borrowed large amounts of WETH. This activity drove several WETH pools close to full utilization and made withdrawals nearly impossible for regular lenders.
Aave stresses in its governance posts and public updates that no one has compromised its smart contracts. The incident arose entirely from the rsETH bridge conditions, not from a flaw in Aave’s lending logic, which continued to handle supply, repayment, and liquidations as designed.
What the WETH freeze Means on Prime and L2s
In the April 20 incident report, Aave explains that the Guardian froze WETH on Ethereum Core, Ethereum Prime, Arbitrum, Base, Mantle, and Linea at around 02:00 UTC. This move stopped new borrows against WETH collateral. It also aimed to prevent stress in WETH markets from spilling into stablecoins and other reserves.
A separate governance thread clarifies what “frozen” means in Aave’s vocabulary. When the protocol freezes a reserve, users cannot deposit more of that asset, nobody can borrow it, and governance sets the loan-to-value to zero, so users cannot use existing deposits to open new debt positions. Positions stay open, and users can still repay or face liquidation, but they can withdraw only when the pool has free liquidity.
Aave has already unfrozen WETH on the Ethereum Core V3 market. It now allows a new WETH supply to be created there. However, the loan-to-value on that reserve remains at zero for now.
WETH on Prime, Arbitrum, Base, Mantle, and Linea remains frozen. Service providers are monitoring markets and modeling various bad-debt scenarios.
The joint incident report from Aave service providers states that the attacker split the 116,500 rsETH across seven addresses. They then used those addresses to open rsETH-backed loans on Aave across Ethereum and Arbitrum. These loans have health factors hovering just above one. That level limits immediate liquidation and leaves the protocol with a block of risky positions.
READ MORE: Tesla Stock Price Analysis and Earnings Preview: Buy or Sell?
