Aave founder Stani Kulechov pushed back on criticism of the lending protocol after a shock wave of withdrawals drained roughly $8.45 billion from the platform in the wake of a major DeFi exploit earlier this year.
Speaking at the Proof of Talk conference in Paris, Kulechov said Aave weathered “one of the most severe stress events in decentralized finance” after the April attack on KelpDAO’s LayerZero-powered bridge triggered market-wide turmoil. He argued that Aave’s V3 infrastructure proved resilient through extreme volatility and emphasized that the incident did not stem from a bug in Aave’s smart contracts.
Security researchers later traced the initial breach to an RPC‑spoofing and DDoS campaign that targeted LayerZero verifier nodes tied to KelpDAO. Although the exploit began outside Aave, fear spread quickly and users pulled funds en masse: about $8.45 billion in deposits exited Aave within 48 hours, creating one of the largest liquidity shocks DeFi has seen.
The response required both community and leadership action. Aave DAO deployed 25,000 ETH as part of an emergency package, and Kulechov personally added 5,000 ETH (roughly $8.4 million at the time) to help stabilize the protocol during the outflows.
Not everyone accepts Kulechov’s framing. Risk modeller LlamaRisk says attackers used the KelpDAO exploit to mint worthless collateral, deposit it into Aave, and then withdraw genuine wrapped Ether — leaving Aave V3 with an estimated $123.7 million in bad debt. The Bank Policy Institute also warned the episode highlighted gaps in DeFi insurance and how rapid, large-scale withdrawals can mirror traditional bank-run dynamics.
Kulechov acknowledged that growing interdependence across DeFi introduces new systemic risks and said architectural changes are required. To address that, Aave Labs is moving forward with a V4 upgrade that abandons traditional pooled liquidity for a modular hub-and-spoke model. The design is intended to let the protocol apply localized risk premiums and quarantine problematic collateral, reducing the chance that a single failure cascades across markets.
Kulechov also argued that public blockchains offer an advantage: open code and transparent risk models allow researchers and market participants to inspect systems and spot weaknesses. Meanwhile, Aave Labs is expanding its regulated footprint — subsidiaries Push Labs Limited and Push Virtual Assets Limited were approved by the UK Financial Conduct Authority as registered cryptoasset exchange providers. Those registrations sit alongside Aave’s existing FCA Electronic Money Institution authorization and follow its MiCA authorization in the EU in November 2025.
The episode underscores how DeFi’s maturation depends not just on hardened smart contracts, but on stronger, more resilient infrastructure and clearer arrangements for handling extreme stress events.
Read more AI-generated news on: undefined/news
