Rising blockchain exploits have strained the DeFi sector, with losses exceeding $620 million in April, as AMBCrypto reported.
DeFi lending giant Aave took a direct hit from the KelpDAO exploit.
Attackers minted 116.5K unbacked rsETH and used it as collateral to borrow high-quality assets, leaving the protocol exposed.
As a result, Aave was left with over $200 million in bad debt, triggering a sharp wave of capital outflows.
Why did Aave liquidity collapse so fast?
The exploit quickly tightened liquidity across Aave’s markets.
Within hours, users began withdrawing funds, pushing utilization rates to extreme levels. WETH reserves hit 100% utilization, leaving no immediately available liquidity in the pool.
That shift set off broader outflows across the protocol.
Aave saw roughly $16.4 billion exit the platform, with deposits dropping from $45.6 billion to $29.2 billion.
The increased outflows pushed the platform’s Total Value Locked [TVL] to $15 billion, levels last seen in November 2024.
Coupled with that, stablecoin usage on AAVE has declined 54.2% from $15.95 billion to $7.31 billion. At the same time, the amount of stablecoins borrowed decreased by 37.9% from $10.6 billion to $6.63 billion.
Interestingly, while AAVE experienced increased outflows, investors and market participants sought refuge in Sparklend.
Sparklend’s TVL climbed from $1.9 billion to $3.5 billion, marking over a $1.3 billion gain. Thus, amid this crisis, Sparklend has absorbed significant funds, leaving Aave [AAVE], especially from large entities.
What actually broke inside Aave?
The exploit exposed how Aave’s liquidity was heavily tied to looping strategies. These strategies relied on depositing ETH-based assets like rsETH and borrowing Ethereum [ETH] to amplify yield.
Data from the Blockworks thread showed that 98.5% of collateral backing WETH borrows came from ETH LSTs.
Even so, this created a concentrated risk structure rather than a diversified lending book. When the exploit hit, this structure unraveled quickly.
Depositors who had no direct exposure to rsETH still faced losses because their funds backed those positions. That shift exposed a key imbalance.
Aave treated all lenders equally, even when risk levels differed. Depositors took on higher risk without additional compensation.
Can Aave’s safety net absorb the damage?
With liquidity drying up, Aave’s Umbrella module faced its first real stress test. Umbrella was designed to absorb bad debt using staked junior capital.
However, coverage appeared limited relative to the scale of potential losses.
In one modeled scenario, the backstop could cover only part of the shortfall, leaving the remaining losses to depositors or the DAO.
At the same time, rising utilization and liquidity shortages weakened liquidation mechanisms, slowing recovery. This left markets in a holding pattern, with participants waiting for clarity before re-entering.
Final Summary
- Aave absorbed over $200M in bad debt after attackers minted 116.5K unbacked rsETH and drained liquidity through leveraged borrowing.
- Capital rotated to safer protocols like Sparklend, which gained over $1.3B as investors prioritized liquidity and risk controls.