Vercel’s Breach and Aave’s $6 Billion Exit Show Where Crypto Trust Breaks First

Vercel is the cleanest place to start today, because so much “decentralized” crypto still depends on a surprisingly small set of ordinary web vendors. Add Aave’s post-Kelp deposit flight, a story we began following yesterday, and the day looks less like a market call than a reminder that weak verification, brittle frontends, and poor supplier controls now feed directly into balance sheets and user access. Even the side-show token collapse fits. Crypto remains very good at scaling distribution before it confirms who or what it is trusting.

Aave’s $6 Billion Outflow Turns the Kelp rsETH Hack Into a DeFi Solvency Test

Aave did not get hacked, and yet about $6 billion to $6.6 billion of deposits still headed for the exits. That is the horror of the Kelp rsETH exploit: a bridge verifier mistake upstream can become a lender balance-sheet problem downstream quickly enough that “not our bug” stops sounding reassuring after about three minutes.

Yesterday’s security story has now widened into a loss-allocation story. The fresh numbers make that clear. Around $292 million of rsETH was illicitly released, with about 116,500 tokens affected, and a large share was posted to Aave V3 as collateral to borrow real WETH. By current estimates, about $196 million of bad debt sits specifically on Aave. So this was not abstract contagion. Fake or unbacked collateral was accepted, real assets left, and depositors responded exactly as depositors usually do when they hear the phrase “may not be fully covered.”

The operational detail matters here. Kelp’s rsETH is a liquid restaking token, already one step removed from plain ETH. To move across chains, it relied on a LayerZero-based verification setup that reporting describes as misconfigured, potentially down to a single-signer or otherwise too-thin verifier arrangement. Investigators are still sorting out the exact root cause, so that part remains unresolved. But the economic result is clear enough: the attacker seems to have produced rsETH the market could no longer trust as fully backed, then converted that doubtful collateral into borrowable, very real ether.

This is where composability stops looking like diversification and starts looking like shared dependence with better branding. Aave’s own contracts were intact. Its risk model was the problem. Lending protocols had broadly whitelisted liquid restaking tokens because they were yield-bearing, popular, and usually near peg. What they had not really priced was the chance that collateral could fail because of a bridge or verifier they did not control. A collateral policy turned into a credit decision on someone else’s security budget.

Now the question is who eats the loss. Aave initially pointed to its Umbrella reserve, then softened its language to exploring ways to offset the deficit. If the reserve cannot cover it, stkAAVE holders may end up as the backstop. That is the part of DeFi people rediscover on schedule: decentralization is often very good at distributing access, and eventually very specific about distributing losses.

The larger consequence is not just that bridges are dangerous, which is old news with a fresh crater. It is that external assumptions are now directly repricing supposedly internal protocol safety. In this market, infrastructure choices are no longer background implementation details. They are the credit file.

Vercel Breach Exposes Web3’s Supplier-Chain Security Problem

A remarkable share of “decentralized” crypto apps can still fail through the same handful of highly centralized developer vendors. Vercel’s confirmed breach makes that contradiction newly expensive.

The immediate issue is not that every app hosted on Vercel was compromised. It’s that the security boundary moved outward. Vercel says the intrusion began with a compromised third-party AI tool’s Google Workspace OAuth connection, then expanded into internal systems. It also says attackers could enumerate customer environment variables marked non-sensitive, while sensitive ones were stored in a way that prevented reading and there is no evidence those were accessed. That distinction is doing a lot of work right now, because crypto teams are unusually good at calling something “non-sensitive” right up until it unlocks three other systems.

For a web3 team, a frontend host is not just where the website sits. It often holds deployment credentials, API keys for RPC providers and analytics tools, feature flags, admin links, and build settings that determine what code users actually load in their wallet-connected browser. If an attacker gets enough of that context, they do not need to break the chain itself. They can impersonate the app around the chain, which is often cheaper and, from the attacker’s perspective, refreshingly customer-centric.

Teams like Orca reportedly rotated deployment credentials immediately even while saying onchain funds and protocol logic were unaffected. The boring work matters most here: audit every OAuth approval, reclassify environment variables, assume old keys are dead, and check whether vendors can alter build output or only store it. A lot of crypto risk management still treats frontend compromise as a phishing edge case. This looks more like shared vendor fragility with a login screen attached.

eth.limo’s Hijack Ran Through Customer Support, Not Ethereum

A gateway touching about 2 million ENS-linked names was put at risk not by a smart-contract failure, but by someone convincing a registrar’s support flow to hand over control. That is a very 2026 kind of decentralization problem.

EasyDNS has now accepted responsibility for the eth.limo hijack, which matters because it narrows the lesson from a vague frontend-risk warning into a specific dependency chain. eth.limo lets ordinary browsers reach content tied to .eth names by appending “.limo.” The naming layer may feel crypto-native, and the content may sit on IPFS or Arweave, but user access still passed through a conventional DNS registrar with an account-recovery process. An attacker allegedly impersonated a team member, triggered that recovery path, and got the domain redirected.

The saving detail was DNSSEC. Because the attacker did not obtain eth.limo’s signing keys, validating resolvers could see that the new answers did not match the trusted chain and returned failures instead of malicious destinations. So the defense here was not that decentralization simply worked on its own. It was that an old internet security standard was configured correctly, and enough resolvers honored it. Useful, but conditional.

That conditional piece is the policy story. Crypto teams keep building user-facing access on top of service providers whose support desks are optimized for recoverability and uptime, not for the possibility that a domain can become a high-value attack surface for wallets, swaps, and identity. EasyDNS says eth.limo will move to Domainsure, a higher-security setup with no account recovery mechanism. That sounds austere because it is austere. Removing the “helpful” path is often what security looks like once the help desk has been socially engineered.

The broader implication is uncomfortable and simple: decentralization at the protocol layer does not remove trust from the access layer. It just relocates it, sometimes to the person answering the recovery ticket.

RAVE’s $6 Billion Moment Ends in a 90% Crash

RAVE briefly wore the costume of a major token - about a $6 billion market cap at the highs - before the market had settled a more basic question: who actually controlled the supply. One day later, the costume caught fire. The token fell about 90% in 24 hours, wiping out about $5.7 billion in value and turning an absurd rally into a market-structure warning.

The fresh part is not just that a small token did a large-token impression. It is that distribution outran policing again. Onchain allegations said about 90% of the 1 billion-token supply sat in three team-linked wallets, and that large transfers to exchanges preceded a 10,800% surge that triggered about $44 million in liquidations. Those concentration claims remain allegations under review, and RaveDAO denies responsibility for the price action. But the trading sequence matters even before final proof arrives: if a market can discover concentration only after a squeeze, then surveillance is arriving after the incentives have already done their work.

That alleged “bait and liquidate” pattern is ugly in a very old-fashioned way. Visible exchange deposits can invite shorts expecting supply to hit the market. If tokens are then pulled back instead of sold, price jumps, shorts are forced to cover, and the squeeze becomes its own advertisement. By the time Binance and Bitget are publicly reviewing the activity, the spectacle has already distributed risk to late buyers and liquidated traders. Crypto is still very good at listing, promoting, and levering assets; it is less consistently good at deciding, in time, whether the float is real.