The KelpDAO hack has triggered significant aftershocks in stablecoin markets, leading to approximately $300 million in borrowing against Tether (USDT) deposits on the Aave platform within 24 hours. This surge in borrowing is not an indicator of demand but rather a symptom of users being unable to withdraw their funds due to maxed-out stablecoin pools.
Aave, a decentralized finance (DeFi) protocol, allows users to lend and borrow cryptocurrencies. It operates on the assumption of constant liquidity for withdrawals and position unwinding. The KelpDAO exploit broke this critical assumption.
The exploit involved an attacker manipulating KelpDAO's bridge infrastructure to release $292 million worth of fake, unbacked rsETH tokens. These were deposited into protocols like Aave to borrow real assets. Aave froze rsETH markets, preventing further exploitation but causing a chain reaction.
Following the exploit, large withdrawals by institutional players drained Aave's liquidity pools. This liquidity crunch spread to USDT and USDC pools, reaching 100% utilization. Trapped depositors then resorted to borrowing against their own locked funds at a loss to extract any available liquidity, highlighting the inherent risks in decentralized finance.