3. Why Aave's Unified Pool Turned a Bridge Hack Into $193M in Bad Debt

The rsETH exploit highlights systemic vulnerabilities across the DeFi stack, stemming from Kelp’s insecure one-of-one signer configuration, LayerZero’s compromised RPC infrastructure, and Aave’s failure to flag these risks during collateral listing. Aave v3’s monolithic design socializes risk by pooling all assets, which inadvertently fuels "leverage looping"—a process where users deposit yield-bearing Liquid Staking Tokens (LSTs) to borrow ETH. This activity accounts for 98% of ETH borrowing on Aave, driven largely by automated vault products like EtherFi that abstract complex leverage strategies for retail users. While this looping generates high utilization and yield, it creates a concentrated risk profile that contrasts with modular protocols like Morpho. Analysts Shaunda Devens and Luke Leasure observe that Aave’s liquidity dominance relies on forcing lenders into a unified system, whereas modular alternatives allow participants to restrict their collateral exposure to specific borrower types or assets.