•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Total value locked (TVL) on decentralized lending protocol Aave fell by nearly $8 billion over the weekend after hackers behind the $293 million Kelp DAO exploit borrowed funds on Aave. The incident left roughly $195 million in bad debt on the protocol and triggered withdrawals, according to data cited from DeFiLlama.
DeFiLlama data shows Aave’s TVL declined from about $26.4 billion to $18.6 billion by Sunday, causing it to lose its position as the largest DeFi protocol.
On Aave v3, lending pools for USDt (USDT) and USDC (USDC) reached 100% utilization, meaning more than $5.1 billion worth of stablecoins could not be withdrawn until new liquidity arrives or existing borrows are repaid.
At the time of writing, $2,540 was available to be withdrawn from the $2.87 billion USDT pool on Aave v3.
The incident began on Saturday when hackers stole 116,500 rsETH tokens worth about $293 million from Kelp DAO’s LayerZero-powered bridge and used them as collateral on Aave v3 to borrow wrapped Ether (wETH).
Crypto analytics firm Lookonchain said the activity created about $195 million in bad debt on Aave, contributing to the Aave token falling nearly 20%—from $112 on Saturday at 6:00 pm UTC to $89.5 about 25 hours later.
Lookonchain also reported that some of the largest withdrawals from Aave came from the MEXC crypto exchange and Abraxas Capital, at $431 million and $392 million, respectively.
Several crypto networks and protocols tied to rsETH or the LayerZero bridge paused use of the bridge until the issue is resolved, including Curve Finance, Ethena, and BitGo’s Wrapped Bitcoin (WBTC).
Aave froze several rsETH and wETH markets. Shortly after the Kelp DAO exploit, Aave said it froze rsETH markets on both Aave v3 and v4 to prevent suspicious borrowing. It later stated that rsETH on Ethereum mainnet remains fully backed by underlying assets.
Aave also said wETH reserves remain frozen on Ethereum, Arbitrum, Base, Mantle, and Linea.
The incident is described as the first significant stress test of Aave’s Umbrella security model, introduced in June 2025 to provide automated protection against protocol bad debt while enabling users to earn rewards.
Earlier this month, the Bank of Canada found that Aave avoided bad debt in its v3 market by using overcollateralization, automated liquidations, and other strategies that shifted risk to borrowers.
In comments to Cointelegraph, Aave defended its liquidation-based approach, describing it as a core safety mechanism that protects lenders while limiting downside for borrowers.
The report also notes that Aave parted ways with its longest-standing DeFi risk service provider, Chaos Labs, on April 6, after disagreements over the direction of Aave v4 and budget constraints.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
