Aave weathers $8.45B withdrawals after rsETH bridge exploit
Aave saw about $8.45 billion withdrawn after the April 2026 KelpDAO rsETH LayerZero bridge exploit that removed roughly $292 million in rsETH. Contracts were not breached.
In April 2026, users withdrew roughly $8.45 billion from Aave following an exploit of KelpDAO’s rsETH LayerZero bridge that resulted in about $292 million of rsETH being taken. The withdrawals followed concerns that some rsETH in circulation might be undercollateralized.
Aave’s core smart contracts were not compromised. The protocol’s risk teams activated emergency controls and adjusted parameters to manage liquidity and exposure. Those actions included emergency freezes and changes to loan-to-value limits, liquidation thresholds, supply and borrow caps, and the use of Isolation Mode and Efficiency Mode settings.
Because rsETH was used as collateral across lending markets, the bridge exploit prompted lenders and depositors to remove funds to limit exposure. Some Aave markets reached full utilization, meaning available liquidity had been fully borrowed or withdrawn. That created delays for some users trying to exit positions until liquidity or risk settings were restored.
On-chain records show the outflows and the timing of parameter changes. The public visibility of collateral and transaction flows allowed community members and risk teams to monitor activity in real time during the withdrawal surge.
Aave founder Stani Kulechov wrote: “The core protocol continued to operate and emergency tools were available to our risk teams.” He characterized the episode as a test of the protocol’s design and controls.
Independent analysts reviewing on-chain data cautioned that surviving a single large withdrawal event does not eliminate other risk vectors. They pointed to remaining concentrations of exposure across DeFi and to the speed at which large positions can affect market stability if closed at once.
The episode highlighted how an external asset problem can affect a lending protocol when that asset is widely used as collateral. Bridges, lending pools and other DeFi components move funds between venues, and stress in one component can transmit to others.
Aave launched in 2017 as ETHLend and later became a large liquidity-pool lending protocol. The protocol’s response to the April exploit will remain under review by users, developers and risk teams as they assess the effects of the outflows and the adequacy of existing safeguards.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
