Did North Korean Hackers Just Play Aave Twice?

The Lazarus Group's attack on the Kelp platform may have generated additional profits for North Korean hackers by shorting the AAVE token. Five days after the launch of the V4 protocol with its new 'hub-and-spoke' architecture, the attackers timed the deposit of 89,567 'non-existent' rsETH into the Aave death contract.

This triggered a five-day rally in AAVE, which ended with the Kelp hack. This allowed the hackers to earn a 26% profit on their short position. The Lazarus Group had previously employed a similar strategy with the Ronin bridge, where the hack was accompanied by short positions on AXS and RON in anticipation that the news would cause the price to crash.

In that case, however, Ronin validators remained unaware for a week that $600 million had been stolen, and the hackers’ short positions were closed via margin calls. In contrast, news of the AAVE hack became public instantly, sending prices plummeting to yearly lows.

The resulting crisis of user confidence led to an outflow of liquidity from the platform. DeFiLlama data shows a loss of $6.6 billion in TVL. According to Cryptomus analysts, investors are continuing to sell AAVE tokens and the inflow of coins to exchanges is growing.