3. Why Aave's Unified Pool Turned a Bridge Hack Into $193M in Bad Debt artwork

3. Why Aave's Unified Pool Turned a Bridge Hack Into $193M in Bad Debt

Unchained

April 26, 2026

Luke Leasure and Shaunda Devens of Blockworks Research explain how three compounding failures, Kelp's one-of-one bridge signer, Layer Zero's permissive default settings, and Aave's failure to flag it as a collateral risk, set up the conditions for the exploit.
Speakers: Luke Leasure, Laura Shin, Shaunda Devens
**Luke Leasure** (0:00)
Yeah, I'd say there's certainly some fault to be shared across the board here. Kelp with over a billion and client deposits can do better than a one-of-one. And certainly we know at this point, a one-of-one is pretty frowned upon.
Then of course, Layer Zero, who had their off-chain RPC infrastructure compromised. Perhaps they shouldn't allow the one-of-one to be the out-of-the-box kit for new deployers on the OFT standard and perhaps push back more. I think the numbers show close to 40 percent of those unique OFT deployments are on that one-of-one.

**Laura Shin** (0:44)
Really? So you're saying that 40 percent of people that use this infrastructure still have that one-of-one?

**Luke Leasure** (0:51)
Not a total capital, but of unique OFT deployments. And a number have since been upgraded as well following the exploit. And hopefully, we saw a lot of unique asset issuers who run the Layer Zero OFT. They had to freeze their infrastructure as well to evaluate any compromises on their end. And then third, downstream for Aave when listing the RSE as collateral, perhaps, of course, that the one of one signer on OFT deployment that could have been flagged as a risk for the collateral listing and parameters adjusted accordingly for that.

**Laura Shin** (1:38)
Yeah, you would think, I mean, I know we're going to, I think in this conversation, we'll get to things like circuit breakers or rate limiting. But yeah, all those things certainly could have helped. So Shaunda, back to you.
I want to focus on Aave. And there's different levels of, I guess, knowledge about how these DeFi platforms operate. I mean, to a certain baseline, like how they function, but then also how they're used. And your report does break out some delineations. I mean, Aave, sort of their implementation on mainnet Aave version three, which is the main pool, the blue chip pool, that sort of like co-mingles all deposits. That's part of what makes it a very powerful platform for DeFi participants to use, but then it also kind of socialized this risk that, the extent of which was unknown.
I'd love for you to just explain the design choices that went into that. But yeah, let's just start with that. Why did they choose that setup? And then I have a follow-up.

**Shaunda Devens** (2:41)
Sure, so this kind of ties into modular versus monolithic lending. And it also ties into a very interesting point that we made about looping and its impact on severity of the attack. So with protocols like this, you have two sides, right? You have the lenders that are supplying their collateral, and that gives them borrow power to allow them to borrow assets against that collateral. But in this collateral pool, assets are all pooled together, and there's no distinction between what assets are allowed to be borrowed against it or different rates of interest rate.
So normally, under lending setup, you would expect if I were to deposit ETH in the protocol, you expect a very diverse set of lenders using different collateral at different loan-to-value ratios to borrow against that, right? I might have one fund that has deposited Bitcoin borrowing my ETH, some users depositing stable coins. But when we look at the actual user behavior on these lending platforms, and we think, why would someone borrow ETH as an asset? There's only one real reason, which is to go short that asset, right? To borrow it and then sell it on the market. So we don't really see much organic behavior borrowing ETH.
We see a lot of people using it as collateral depositing to borrow USDC, but we don't really see much organic for demand. And an example we can give here is WRAP BTC, which is another market.
That has a utilization rate of only around 4.8% at the moment. And it's extremely cheap to borrow, around 40 basis points per year.
What we're seeing instead that have a behavior is people taking these pooled reserves, right? Because ETH can be borrowed and there's no distinction between what collateral types are used. And we see a lot of leverage looping, which is the activity of a user using an active state version of ETH that generates yield to borrow a passive wrapped ETH version of it, converting that back into the active asset that generates yield and looping that back and forth. So that is basically the primarily use case of using this wrapped ETH in the pool reserves. And when we looked a little bit deeper, we saw that around 98% of collateral backing positions wrapped in those board was in these LSTs.

**Laura Shin** (4:59)
Yeah. It's interesting. I mean, the looping idea, it's something I've been familiar with for years. Anyone who actively follows crypto is aware because it's just a very simple way to get leverage. And when things are going well and the numbers add up, it's sort of a market neutral way of juicing returns. But it can be dangerous.

4 more minutes of transcript below

Feed this to your agent

Try it now — copy, paste, done:

curl -H "x-api-key: pt_demo" \
  https://spoken.md/transcripts/1000763705324

Works with Claude, ChatGPT, Cursor, and any agent that makes HTTP calls.

From $0.10 per transcript. No subscription. Credits never expire.

Using your own key:

curl -H "x-api-key: YOUR_KEY" \
  https://spoken.md/transcripts/1000763705324