Aave has suffered a significant security breach, with attackers exploiting a vulnerability in the LayerZero cross-chain protocol to steal 116,500 rsETH. The incident, described as the largest DeFi hack of 2026, has led to a freeze in Aave's global liquidity, exposing systemic weaknesses in cross-chain trust mechanisms. The attackers forged cross-chain messages, allowing them to siphon off rsETH and use it as collateral to borrow large amounts of WETH, leaving Aave with substantial uncollateralized debt. In response, Aave has paused all WETH and rsETH transactions across affected markets, while other DeFi protocols like Morpho and Fluid have taken measures to mitigate the impact. Morpho's isolated market design limited its exposure to just $1 million, while Fluid launched an aWETH redemption protocol to assist affected Aave users. The incident has sparked a broader discussion on the risks associated with cross-chain bridges and liquid staking derivatives, highlighting the need for more robust security standards in the DeFi ecosystem.