A $292 million exploit tied to restaking protocol Kelp DAO has sent shockwaves through DeFi — and Aave has emerged as one of the hardest-hit casualties. What happened - Over the weekend an attacker drained roughly 116,500 rsETH (about $292 million) from Kelp DAO’s LayerZero bridge. - The attacker then supplied the stolen rsETH as collateral on Aave V3 and borrowed roughly $236 million in WETH. - Because the rsETH subsequently became effectively unbacked, those collateral positions are not liquidatable. The result: Aave is now saddled with roughly $280 million in bad debt it cannot directly recover. Immediate effects on Aave and users - Panic was fast. Aave’s ETH pool hit ~100% utilization, leaving the protocol with almost no ETH available for withdrawals and creating practical liquidity limits for users wanting to exit. - Crypto portfolio manager Pratik Kala summed up the reaction: it wasn’t that Aave caused the losses, but that it was carrying a gap it did not originate — triggering “withdraw first, ask questions later” behavior akin to a bank run. - Since the incident was disclosed on Saturday, Aave has recorded about $9 billion in net outflows and its TVL has plunged by more than a third to roughly $17.5 billion. Broader DeFi fallout - DeFi as a whole felt the pain: DeFiLlama data show around $13 billion left lending protocols within 48 hours of the hack. - Market sentiment followed. AAVE’s price slumped about 26% from a one-month high of $118 to roughly $88, and remains roughly 86% below its all-time high near $661 (CoinGecko). Protocol response - To limit contagion, Aave froze rsETH markets on the platform. On Sunday the team said its analysis indicates rsETH trading on Ethereum remains fully backed, but it maintained restrictions as a precaution. Why this matters - The incident highlights the systemic risks introduced when liquid staking derivatives and cross-chain bridges are used as collateral across lending markets. Unbacked staking assets can propagate a single exploit into large-scale insolvency and liquidity stress across unrelated platforms. - Watch for further governance and technical responses from Aave, Kelp DAO, and LayerZero, and for any recovery or socialized-loss proposals that could affect lenders and depositors. Takeaway The Kelp DAO exploit shows how quickly restaking and bridge vulnerabilities can cascade through DeFi. Even blue-chip protocols like Aave can face deep liquidity and solvency challenges when borrowed funds are backed by suddenly worthless tokens — and the market reaction can be swift and severe. Read more AI-generated news on: undefined/news