A $293 million exploit targeting Kelp DAO’s LayerZero-powered bridge has triggered one of the most severe liquidity shocks the DeFi lending market has seen in recent memory. The supporting evidence appears in the cited X post.
Hackers drained 116,500 rsETH tokens from the bridge on Saturday, used them as collateral on Aave v3 to borrow wrapped Ether, and left roughly $195 million in bad debt embedded in the protocol.
The fallout was immediate. CoinGecko price data shows the AAVE token fell nearly 20%, sliding from $112 at 6:00 pm UTC on Saturday to $89.5 approximately 25 hours later, as users rushed to pull funds from the platform.
TVL Collapses, Stablecoin Pools Hit Full Utilization
Data from DeFiLlama shows Aave’s total value locked collapsed from roughly $26.4 billion to $18.6 billion by Sunday, stripping the protocol of its position as the largest DeFi platform by TVL.
The sudden outflow pushed Aave v3’s USDT and USDC lending pools to 100% utilization, effectively locking more than $5.1 billion in stablecoins until new liquidity enters or existing borrows are repaid.
Crypto analytics platform Lookonchain identified the bad debt figure at $195 million and named some of the largest withdrawers. The MEXC crypto exchange pulled $431 million from Aave, while Abraxas Capital followed with $392 million in withdrawals, according to Lookonchain’s on-chain tracking.
The incident exposed how quickly risk from a single compromised bridge can cascade through interconnected DeFi protocols. Several networks and platforms with rsETH exposure moved fast to contain further damage. Curve Finance, Ethena, and BitGo’s Wrapped Bitcoin all announced pauses on their use of the LayerZero bridge, with Curve confirming the suspension on X shortly after the exploit surfaced.
Aave Freezes Markets and Defends Protocol Safety
Aave moved quickly to limit further exposure. The protocol froze rsETH markets across both Aave v3 and v4 to halt any additional suspicious borrowing activity. In a post on X, Aave stated that rsETH on Ethereum mainnet remains fully backed by underlying assets and confirmed that WETH reserves are frozen across Ethereum, Arbitrum, Base, Mantle, and Linea.
The crisis represents the first meaningful stress test of Aave’s “Umbrella” security model, introduced in June 2025 to automate bad debt protection while allowing users to earn protocol rewards. The model had not faced a bad debt event of this scale before the Kelp DAO exploit surfaced.
The timing adds further complexity for the protocol. Aave parted ways with its longest-standing DeFi risk service provider, Chaos Labs, on April 6 following disagreements over the direction of Aave v4 and budget constraints.
Earlier this month, the Bank of Canada published findings suggesting Aave had historically avoided bad debt in its v3 market through overcollateralization and automated liquidations, a model the protocol has defended publicly as core to lender protection.
The scale of the liquidity drain and the locked stablecoin pools signal that recovery will depend heavily on new capital inflows or accelerated loan repayments, neither of which can be guaranteed in an environment of elevated protocol risk.
Not Financial Advice: This article is for informational purposes only. Crypto investments are highly volatile. Always do your own research.
