Key Takeaways
- KelpDAO’s bridge suffered a devastating exploit worth $292–$293 million, causing total value locked in DeFi to plummet by $13.21 billion within 48 hours
- Attackers extracted 116,500 rsETH tokens and deployed them as illegitimate collateral on Aave to withdraw funds, generating approximately $195 million in uncollectible debt
- Total value locked on Aave plummeted from $26.4 billion to $18.6 billion, stripping the protocol of its position as DeFi’s largest platform
- Both USDT and USDC pools on Aave reached maximum 100% utilization rates, effectively trapping more than $5.1 billion in stablecoin deposits
- Despite the unprecedented capital drain, major DeFi tokens including AAVE, UNI, and LINK experienced relatively contained price corrections
A devastating $293 million security breach targeting KelpDAO’s bridge infrastructure last weekend catalyzed one of the most significant capital withdrawals from decentralized finance protocols in recent history, eliminating $13.21 billion in total value locked within a mere two-day period.
The breach unfolded Saturday when malicious actors successfully extracted 116,500 rsETH tokens—valued at approximately $293 million—from KelpDAO’s LayerZero-integrated bridge system. The attackers subsequently leveraged these compromised tokens as collateral within Aave, a prominent DeFi lending marketplace, to secure loans in wrapped Ether.
Since the stolen rsETH lacked genuine underlying asset support, these borrowing activities saddled Aave with an estimated $195 million in irrecoverable debt. The scenario resembles depositing fraudulent currency at a financial institution and successfully securing a legitimate loan against those worthless deposits.
Aave’s total value locked collapsed from approximately $26.4 billion to $18.6 billion by Sunday, based on DeFiLlama analytics. This dramatic contraction removed Aave from its throne as the leading DeFi protocol by deposited capital.
Throughout the entire DeFi ecosystem, TVL contracted from $99.5 billion to $86.3 billion during this identical timeframe. Protocols spanning the landscape—including Euler, Sentora, and Aave—registered double-digit percentage contractions, with the damage concentrated primarily within lending markets and restaking mechanisms.
The AAVE governance token tumbled nearly 20%, sliding from $112 on Saturday to approximately $89.50 within 24 hours. This price action was partially fueled by substantial withdrawals from institutional participants. Blockchain intelligence platform Lookonchain tracked MEXC exchange and Abraxas Capital as among the largest exiters, removing $431 million and $392 million respectively.
Stablecoin Liquidity Completely Exhausted
Aave’s USDT and USDC lending pools on version 3 have reached complete 100% utilization thresholds. This situation means over $5.1 billion in stablecoin deposits are presently inaccessible for withdrawal until fresh liquidity flows in or outstanding loans receive repayment. At press time, merely $2,540 remained available for withdrawal from the $2.87 billion USDT reserve.
Following the security incident, Aave implemented emergency freezes on rsETH markets across both v3 and v4 deployments. The protocol additionally froze WETH reserves spanning Ethereum mainnet, Arbitrum, Base, Mantle, and Linea networks. Aave subsequently verified that rsETH deposits on Ethereum’s primary network maintain complete backing by legitimate underlying assets.
Numerous additional protocols implemented precautionary suspensions of LayerZero bridge functionality, including Curve Finance, Ethena, and BitGo’s Wrapped Bitcoin service.
Forensic Analysis Reveals Bridge Vulnerabilities
Preliminary investigation from Peter Chung, research director at Presto Research, indicates the vulnerability likely originated within the bridge’s verification infrastructure rather than core smart contract code. He emphasized how this incident demonstrates the interconnected nature of DeFi protocols and how systemic risk propagates far beyond initial failure points.
This episode represents the inaugural major challenge for Aave’s “Umbrella” security framework, launched in June 2025 to deliver automated safeguards against bad debt accumulation. The timing proves particularly notable given Aave’s recent separation from risk management provider Chaos Labs on April 6, following disputes regarding Aave v4’s strategic direction and resource allocation.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
