Overview
Chaos Labs provides a post-mortem related to the Bybit security event regarding Aave’s integration of sUSDe and USDe.
Timeline of Events
On Feb-21-2025 at 14:16 UTC, the attacker transferred the funds from Bybit Cold Wallet to his personal EOA.
The theft was performed over 4 transactions:
Following the transactions, at 14:32 UTC well known on-chain sleuth ZachXBT on telegram confirmed that it was an exploit.
At 15:16 Ethena confirmed that its funds are held with custody solutions such as Copper for Bybit, and that the unrealized negative PNL on Bybit at the time of the post was limited to $30M.
At 15:57 Ethena announced that the unrealized PNL was reduced from $30M to $10M.
At 16:12 Ethena announced that the unrealized PNL exposure to Bybit has been reduced to zero.
At 16:22 Bybit’s CEO began a livestream, announcing the following:
- Bybit was performing a regular Cold to Warm wallet transfer
- The signing interface was showing the correct transaction
- The transactions that were signed instead gave control of Bybit’s Ethereum Cold wallet to the attacker
- BTC and other assets were not affected
- Bybit was performing withdrawals
- Bybit CEO confirms that Bybit funds are 1-1 backed
- For immediate ETH withdraws, Bybit will obtain a loan from partners
Temporary USDe Depeg and Oracle Deviations
During the incident described above, USDe began to depeg across all venues. However, onchain depegs were less severe because redemptions functioned efficiently, which prevented further onchain price deviations; arbitrageurs were able to buy discounted USDe and redeem it for a profit.
Curve USDe/USDC Price
For instance, the USDC/USDe Curve Pool realized a depeg of $0.994 that lasted for approximately one hour before recovering to around $0.999 approximately at 16:15 UTC.
Bybit USDe/USDT Price
The same did not hold true on Bybit, which displayed a larger and longer lasting discount — dropping to 0.96 USDT — in part because of the greater friction involved with redeeming (s)USDe held on the exchange.
Chainlink USDe/USD Feed
This ultimately resulted in the Chainlink USDe/USD market feed trading at a significantly lower value than observed on chain, reaching as low as $0.977.
Curve sDAI/sUSDe Price
Additionally, sUSDe was also affected by this incident and began to depeg. Below, we present the sUSDe/sDAI price from the sDAI/sUSDe Curve Pool over the same timeframe. This pool currently holds $48.55M in TVL. The asset began depegging around 15:35 UTC, reaching a maximum discount of 800bps to sDAI; a much larger value due to liquidations and a lack of atomic offloading.
Similarly, the depeg lasted for approximately one hour before recovering at around 16:30 UTC.
Redemptions
Since the exploit, roughly $117M of USDe has been redeemed through the Mint/Redeem contract, primarily for USDT. Following the exploit and the initial redemption demand, Ethena quickly increased the Redeem Buffer significantly to $250M and maintained it at that value through continuous replenishments until the peg was recovered.
Below, we present the distribution of the top USDe redeemers since the exploit. The largest redemption came from address 0x08d92207a07e0789cfcf19413123c3eb919d3480, with a redemption amount of $30.6M.
On Ethena’s side, the majority of replenishments within the redemption contract came within a two block window, indicating that Ethena’s redemption mechanism was functioning effectively and allowing users to exit the asset without generating sell pressure in the market.
As displayed below, fee size did not increase along with redemption size, again indicating that Ethena efficiently processed redemptions, helping to maintain (s)USDe’s peg.
Liquidations
Due to the Chainlink market oracle deviations observed, there were six liquidation events involving sUSDe as collateral today, totaling $22M, as seen below. The largest event liquidated $13.33M worth of sUSDe, repaying $12.87M USDT. The protocol incurred no bad debt.
Conclusion
In the face of the largest hack in crypto’s history, both Aave and Ethena’s systems functioned well: no bad debt was generated, and the asset’s depeg was relatively minimal. While the exposure remains neutralized, the exact nominal exposure to Bybit today remains unknown.
With redemptions executed atomically onchain, ensuring that, assuming the protocol optimizes available liquidity in the withdrawal buffer, the onchain market price aligns closely with the redemption price.
However, when USDe has significant utilization as collateral on CEXes, when at risk, the VWAP market price is susceptible to artificial market price dislocations that deviate from the onchain efficiency, due to implied exposure to the CEX, users panicking into other stablecoins, and, on the flip side, a less reactive market due to the implied delta risk associated with performing redemptions through obtaining USDe on the CEX.
As such, this led to market price oracles returning values that were lower than anything observed onchain; a relatively inefficient phenomenon when considering the fundamental value associated with USDe as observed onchain. Among the deep research presented in this post, this provides additional reasoning for the imminent transition over to pegging USDe to USDT. Additionally, this shift paves the way for a more efficient Proof of Reserves (PoR) oracle, one that optimally and accurately defines the fundamental value by accounting for the various dynamic components within the complex and innovative Ethena Protocol.
Disclaimer
Chaos Labs has not been compensated by any third party for publishing this ARFC. Our pre-launch risk reports on Ethena, published over a year ago, bear no implications on the current state of the protocol and can be viewed here on our website.
Copyright
Copyright and related rights waived via CC0