Sonic Labs Co-founder Andre Cronje: L0/rsETH Incident Likely Due to Private Key Leak, Priority on Ensuring PUT Liquidity
Andre Cronje, co-founder of Sonic Labs and founder of Flying Tulip, stated that the team is continuously investigating the L0/rsETH incident, with preliminary assessments suggesting it may be due to a private key leak or configuration error that led to approximately $200 million in rsETH being stolen, which was subsequently deposited into Aave to borrow ETH, due to insufficient liquidity of rsETH.
He pointed out that the position is technically backed by collateral; Aave's own tokens and security module can serve as the first line of defense against bad debts. Aave has no mechanism to subsidize user losses, and in extreme cases, this could trigger a bank run, but Aave's current reserve of about $7 billion in ETH compared to the approximately $100 million withdrawal scale and $17 million exposure of PUT means the overall impact is limited. To ensure user PUT liquidity, the team has withdrawn all ETH from Aave to its own wrapped contract, as Aave's available liquidity has fallen below the minimum threshold.
Source: Public Information
ABAB AI Insight
Andre Cronje's explanation reveals the risk transmission path of cross-chain bridging and lending protocols under extreme events. The generation of uncollateralized rsETH due to private key or configuration vulnerabilities, followed by rapid deposit into Aave for leveraged ETH withdrawal, exposes the amplification effect of insufficiently liquid assets on high TVL platforms. Although the position is technically supported, Aave's security module provides a buffer, but the lack of a user loss subsidy mechanism means that trust relies on the protocol's reserve size and rapid response capability, which amplifies the potential risk of a bank run in a high-leverage environment.
This incident corresponds to the tension between productivity tools and institutional constraints in DeFi. As a re-staking asset, rsETH quickly accumulated supply and became one of Aave's main collateral types, while bridging standards (such as LayerZero OFT) pursue cross-chain efficiency but leave gaps in security assumptions. The action of Andre Cronje's team withdrawing ETH from Aave to their own wrapped contract directly reflects real-time monitoring of platform availability by liquidity providers and an exit mechanism, prioritizing the protection of specific products (such as PUT) liquidity rather than relying on a single lending pool.
From the perspective of the evolution of global financial structures, such vulnerabilities accelerate the reallocation of capital within the DeFi ecosystem. High-reserve protocols like Aave can absorb limited shocks, but the act of withdrawal itself reduces system liquidity, prompting participants to shift from reliance on external collateral to stronger isolation or self-custody designs. In the long run, it reinforces incentive mechanisms towards rigorous auditing, real-time risk parameter adjustments, and multi-layer buffering, driving wealth migration from projects vulnerable to single vector attacks to more robust mechanisms, rather than isolated security incidents.