Rekt analyzes the May 9, 2025 LNDFi theft as a $1.18 million drain enabled by Pool Admin control over modified Aave-style token contracts. The article notes ZachXBT's DPRK claim but focuses on the on-chain mechanics: a deployer granted Pool Admin rights, deployed modified AToken and VariableDebtToken contracts, and added an aclManager.isPoolAdmin condition to an onlyPool check. That change allowed transferUnderlyingTo calls that drained USDC, ETH, Wrapped Sonic, Beets Staked Sonic, and scETH before funds were bridged to Ethereum and BSC wallets. The source contrasts LNDFi's compromised-key explanation with evidence of a staged backdoor deployed 41 days before the theft.