On April 23, an attacker exploited Kelp DAO's LayerZero bridge, draining 116,500

$RSETH

tokens worth roughly $292 million by forging cross-chain messages to release unbacked tokens. Those stolen tokens were then deposited as collateral on Aave to borrow real assets, leaving the protocol with estimated bad debt between $123 million and $230 million depending on how Kelp allocates the shortfall.

Aave lost $8.45 billion in deposits over 48 hours, $AAVE dropped nearly 20%, and stablecoin pools hit 100% utilization trapping billions in user funds.

The core protocol code was never touched, but the damage came through the collateral it trusted.

Will

$AAVE bleed further?

Likely not at the same pace. Aave's treasury currently holds $181 million and generated $145 million in revenue during 2025, giving it real capacity to absorb the worst scenario. The structural risk is not insolvency, it is confidence. If Kelp socializes losses fairly and Aave's Umbrella safety module activates cleanly, the floor holds. If not, another wave of whale exits could extend the pain beyond what the hack itself caused.