Aave loses $8B TVL after $293M rsETH bridge hack
Aave lost $8 billion in TVL after attackers stole $293 million in Kelp DAO rsETH, used it as collateral on Aave v3 and left about $195 million in bad debt.
On April 18 attackers drained about $293 million, 116,500 Kelp DAO Restaked ETH (rsETH), from Kelp DAO’s LayerZero bridge and deposited the tokens as collateral on Aave v3 to borrow wrapped Ether (wETH). On-chain analytics firm Lookonchain estimated the borrowing left roughly $195 million in bad debt on Aave.
DeFiLlama data show Aave’s total value locked fell from about $26.4 billion to $17.9 billion, a decline of nearly $8 billion that removed the protocol from its position as the largest DeFi platform. The AAVE token dropped about 20%, from roughly $112 to $89.50 over about 25 hours.
Stablecoin lending pools on Aave v3 reached full utilization. The USDT and USDC pools hit 100% utilization, leaving more than $5.1 billion of stablecoins unavailable until new liquidity arrives or borrowers repay loans. At the time of reporting, $2,540 remained available to withdraw from the $2.87 billion USDT pool.
Large withdrawals accelerated the liquidity strain. On-chain records show the MEXC exchange removed about $431 million and trading firm Abraxas Capital withdrew roughly $392 million. Several services tied to rsETH or the LayerZero bridge paused bridge activity, including Curve Finance, Ethena and BitGo’s Wrapped Bitcoin service.
Aave’s risk team froze rsETH markets on both Aave v3 and v4 and froze wETH reserves on Ethereum mainnet, Arbitrum, Base, Mantle and Linea to block further borrowing. Aave said rsETH on Ethereum mainnet “remains fully backed by underlying assets” and described the freezes as measures to prevent additional contagion while teams investigate.
Aave defended its liquidation-based model, citing automated liquidations and overcollateralization as mechanisms designed to protect lenders and limit losses when positions become insolvent.
The incident is the first major stress test of Aave’s Umbrella security framework, introduced in June 2025 to automate protections against bad debt. A Bank of Canada review earlier this month found that Aave v3 avoided bad debt in prior scenarios through overcollateralization and automated liquidations.
The protocol ended a risk-services relationship with Chaos Labs on April 6. Markets remain frozen and liquidity is constrained in affected pools. Recovery will depend on repaying borrowed positions, returning stolen assets, or injecting new capital into the affected pools.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
