More

    Aave Sees Massive $6 Billion TVL Decline Following Kelp Bridge Exploit Highlighting DeFi Vulnerabilities

    News

    Published on:

    Aave Sees Massive $6 Billion TVL Decline Following Kelp Bridge Exploit Highlighting DeFi Vulnerabilities

    The AAVE token plummeted 16% and deposits fled the protocol after attackers used drained rsETH as collateral to borrow wrapped ether, leaving Aave to quantify how much bad debt it is now carrying.

    Key Takeaways:

    — Aave’s total value locked plunged by about $6.6 billion and its token fell 16% after attackers used $292 million in stolen rsETH from Kelp’s bridge as collateral on Aave V3.

    — The exploit, which did not compromise Aave’s own contracts, left roughly $196 million in Aave-specific bad debt concentrated in the dominant rsETH–wrapped ether pair on Ethereum.

    — Aave’s Umbrella reserve may not fully cover the deficit, raising the prospect that stkAAVE holders could absorb losses and underscoring systemic risks from liquid restaking tokens across DeFi.

    Aave just watched $6.6 billion walk out the door, and it’s not because anyone hacked Aave.

    The protocol’s total value locked dropped from $26.4 billion on April 18 to nearly $20 billion in U.S. morning hours on Sunday, per DefiLlama. The AAVE token fell 16% to $92, and daily fees spiked to $1.99 million as liquidations ripped through the weekend.

    Depositors are running because Aave is carrying a hole it did not create. When attackers drained 116,500 rsETH from Kelp’s bridge on Saturday, they dumped the stolen tokens on Aave V3 as collateral and borrowed wrapped ether against them.

    On-chain trackers put the Aave-specific borrow at roughly $196 million, with total positions across Aave, Compound and Euler around $236 million.

    Aave is the largest lending protocol in DeFi, where users deposit crypto to earn yield and other users borrow against collateral. Kelp is a liquid restaking protocol, which takes ether that has already been staked on Ethereum and routes it through a separate yield-generating system called EigenLayer, issuing a receipt token called rsETH in exchange.

    That rsETH is what users trade and, critically, what some users posted on Aave as collateral to borrow against.

    On Saturday, attackers tricked Kelp’s cross-chain bridge into releasing 116,500 rsETH, about $292 million worth, to an address they controlled. They then deposited that stolen rsETH onto Aave V3 as collateral and borrowed wrapped ether against it.

    A bridge is a blockchain-based took that transfers tokens between different networks, where they may not be originally supported.

    Aave first said the Umbrella reserve would cover any deficit. By Saturday afternoon the language had softened to

    Related

    © Decrypt News. All Rights Reserved