Whole worth locked on decentralized lending protocol Aave dropped by practically $8 billion over the weekend after hackers behind the $293 million Kelp DAO exploit borrowed funds on Aave, leaving roughly $195 million in “dangerous debt” on the protocol and triggering withdrawals.
Knowledge from DeFiLlama exhibits that Aave’s TVL fell from about $26.4 billion to $18.6 billion by Sunday, shedding the highest spot as the biggest DeFi protocol.
Aave v3’s lending swimming pools for USDt (USDT) and USDC (USDC) at the moment are at 100% utilization, that means that greater than $5.1 billion value of stablecoins can’t be withdrawn till new liquidity arrives or borrows are repaid.
Aave’s TVL fall exhibits how quickly danger from a single safety incident can unfold all through the broader, interconnected DeFi lending market, doubtlessly resulting in a extreme liquidity disaster.
The incident started on Saturday when hackers stole 116,500 Kelp DAO Restaked ETH (rsETH) tokens value about $293 million from Kelp DAO’s LayerZero-powered bridge and used them as collateral on Aave v3 to borrow wrapped Ether (wETH).
Crypto analytics platform Lookonchain stated the transfer created about $195 million in “dangerous debt” on Aave, which contributed to the Aave (AAVE) token tanking practically 20% from $112 on Saturday at 6:00 pm UTC to $89.5 about 25 hours later.
Lookonchain famous that a number of the largest crypto whales to withdraw funds from Aave had been the MEXC crypto change and Abraxas Capital at $431 million and $392 million, respectively.
A number of crypto networks and protocols tied to rsETH or the LayerZero bridge have paused use of the bridge till the issue is resolved, together with DeFi platform Curve Finance, stablecoin issuer Ethena and BitGo’s Wrapped Bitcoin (WBTC).
Aave has frozen a number of rsETH, wETH markets
Shortly after the Kelp DAO exploit, Aave stated it froze the rsETH markets on each Aave v3 and v4 to forestall any suspicious borrowing and later acknowledged that rsETH on Ethereum mainnet stays absolutely backed by underlying property.
WETH reserves additionally stay frozen on Ethereum, Arbitrum, Base, Mantle and Linea, Aave stated.
This incident marks the primary vital stress take a look at of Aave’s “Umbrella” safety mannequin, which was launched in June 2025 to offer automated safety towards protocol dangerous debt whereas enabling customers to earn rewards.
Associated: Aave DAO backs V4 mainnet plan in near-unanimous vote
Earlier this month, the Financial institution of Canada discovered that Aave averted dangerous debt in its v3 market through the use of overcollateralization, automated liquidations and different methods that shifted danger to debtors.
In feedback to Cointelegraph, Aave defended its liquidation-based mannequin, framing it as a core security mechanism that protects lenders whereas limiting draw back for debtors.
It comes as Aave parted methods with its longest-standing DeFi danger service supplier, Chaos Labs, on April 6, following disagreements over the route of Aave v4 and finances constraints.
Journal: Are DeFi devs responsible for the criminality of others on their platforms?