Aave, the leading decentralized lending protocol, has witnessed a significant exodus of deposits, totaling approximately $15 billion, in the wake of the Kelp DAO exploit. Total value supplied to Aave has dropped from $45.8 billion to $30.8 billion.
This outflow followed an attack that drained roughly $293 million in restaked Ether (rsETH) from Kelp DAO’s bridge. The exploiter then utilized some of these stolen funds to borrow assets on Aave.
Aave's incident report indicates that 89,567 rsETH were deposited, potentially leading to a shortfall between $123 million and $230 million, depending on loss allocation. These withdrawals signal concerns about contagion from Aave’s bad debt and a broader capital flight from decentralized finance (DeFi).
The bad debt incurred by the Kelp exploiter caused Aave’s v3 Wrapped Ether (WETH) market to reach 100% utilization, temporarily halting liquidity for immediate withdrawals.
SparkLend’s total value locked (TVL) has increased by $1.3 billion since the exploit, suggesting it is absorbing funds withdrawn from Aave.
This event underscores the double-edged nature of DeFi's interconnectedness, as the Kelp DAO exploit rippled through lending markets, creating a "broader liquidity crunch." The incident highlights systemic vulnerabilities across restaking, bridging, and lending protocols.
Aave has unfrozen WETH reserves on its Ethereum Core V3 market, allowing new WETH deposits, though reserves remain frozen on several layer-2 networks.
Regarding the bad debt, Aave's risk manager proposed two scenarios: distributing losses across all rsETH holders on Ethereum mainnet and layer-2s, resulting in $123 million in bad debt, or shifting the entire shortfall to layer-2 networks, creating $230 million in bad debt. Traders are currently betting on the former scenario via prediction markets.