A roughly $292 million exploit tied to restaking protocol Kelp DAO has reverberated across DeFi, hitting lending markets and investor confidence hard — with Aave among the most affected platforms.
What happened
Over the weekend an attacker drained about 116,500 rsETH (roughly $292 million) from Kelp DAO’s LayerZero bridge. The attacker then supplied those tokens as collateral on Aave V3 and borrowed around $236 million in WETH. Because the rsETH later became effectively unbacked, those collateral positions can’t be liquidated in the usual way, leaving roughly $280 million of bad debt on Aave that the protocol cannot directly recover.
Immediate fallout at Aave
The shock was fast and severe. Aave’s ETH pool hit about 100% utilization, meaning there’s virtually no ETH available for withdrawals from that pool — a real liquidity constraint for users trying to exit. The incident triggered heavy withdrawals: since the exploit first surfaced Saturday, Aave has seen about $9 billion in net outflows and TVL dropped by more than a third to roughly $17.5 billion.
Broader DeFi impact
The contagion wasn’t limited to Aave. DefiLlama data show roughly $13 billion of TVL evaporated across decentralized lending protocols within 48 hours as market participants pulled funds amid the uncertainty.
Token reaction and market context
AAVE’s token price reflected the turmoil. After a recent rally pushed the token to about $118 last Friday, the news sent AAVE down roughly 26% over the weekend to near $88 at the time of writing. CoinGecko data show AAVE remains about 86% below its all-time high of $661.
On-chain and protocol response
Aave froze rsETH markets on its platform and said its internal analysis indicates rsETH traded on Ethereum remains fully backed; nonetheless, the protocol kept restrictions in place as a precaution while the situation unfolds.
Community tone
The episode sparked a classic flight-to-safety reaction. Crypto portfolio manager Pratik Kala described the dynamic as a bank-run-style response: “withdraw first, ask questions later,” driven less by protocol-native losses and more by uncertainty surrounding an external exploit affecting Aave’s positions.
What’s next
Investigations into the Kelp DAO bridge exploit are ongoing, and Aave’s restrictions remain in place as teams assess exposure and potential remediation paths. The incident underscores how a single bridge or restaking failure can cascade through composable DeFi stacks, tightening liquidity and shaking market confidence across the sector.
Read more AI-generated news on: undefined/news
