Total value locked on the decentralized lending platform Aave fell by nearly $8 billion over the weekend after attackers linked to the $293 million Kelp DAO exploit borrowed heavily from the protocol. The move left around $195 million in bad debt and sparked a wave of withdrawals.
According to DeFiLlama data, Aave’s TVL dropped from roughly $26.4 billion to $18.6 billion by Sunday, costing it its position as the largest DeFi protocol.
Meanwhile, Aave v3’s lending pools for Tether (USDT) and USD Coin (USDC) have hit 100% utilization, meaning over $5.1 billion in stablecoins is currently locked and unavailable for withdrawal until fresh liquidity is added or outstanding loans are repaid.
Aave’s sharp drop in total value locked highlights how quickly a single security breach can ripple through the interconnected DeFi lending ecosystem, raising the risk of a broader liquidity crunch.
The incident started on Saturday when attackers stole 116,500 rsETH tokens — worth around $293 million — from Kelp DAO’s LayerZero-based bridge. They then used the stolen assets as collateral on Aave v3 to borrow wrapped Ether (wETH).
Blockchain analytics firm Lookonchain estimated the exploit resulted in roughly $195 million in bad debt on Aave. The fallout also hit the AAVE token, which fell nearly 20% — dropping from $112 on Saturday evening (UTC) to about $89.5 roughly 25 hours later.
Lookonchain added that some of the largest withdrawals from Aave came from major players, including MEXC and Abraxas Capital, which pulled approximately $431 million and $392 million, respectively.
Several crypto networks and protocols linked to rsETH or the LayerZero bridge have temporarily halted use of the bridge until the issue is resolved. These include Curve Finance, Ethena and BitGo’s Wrapped Bitcoin (WBTC).
Following the exploit involving Kelp DAO, Aave moved quickly to freeze rsETH markets across both its v3 and v4 deployments to prevent further suspicious borrowing. The protocol later clarified that rsETH on Ethereum mainnet remains fully backed by its underlying assets.
Aave also confirmed that wETH reserves are currently frozen across multiple networks, including Ethereum, Arbitrum, Base, Mantle and Linea.
The incident represents the first major stress test for Aave’s “Umbrella” security framework, introduced in June 2025 to automatically mitigate bad debt risk while offering incentives to users.
Earlier this month, the Bank of Canada noted that Aave’s v3 market avoided bad debt through mechanisms such as overcollateralization, automated liquidations and other borrower-risk-shifting strategies.
The developments come shortly after Aave ended its partnership with longtime DeFi risk service provider Chaos Labs on April 6, citing disagreements over the direction of Aave v4 and budget considerations.
