Key Highlights
- AAVE dropped by over 20% due to the impact of the $292M KelpDAO hack.
- The attackers took advantage of the vulnerability in the LayerZero bridge to drain 116,500 rsETH from KelpDAO’s bridge, then deposited the stolen tokens on Aave V3, borrowing $196M in WETH.
- Aave restricted trading of rsETH and its borrowings to minimize the damage.
AAVE, the native governance and utility token of the Aave protocol, has witnessed a sharp decline, directly associated with the $292 million KelpDAO exploit. The exploit has left contagion effects on Aave’s lending markets.
In one of the biggest attacks in the DeFi sector, Aave’s native token took a deep plunge as, on April 19, the token was trading at $112 and dropped to $89.08, posting a 22% loss in a single day.
The decline shows a steep drop from recent highs around $118, reported just before the hack, and comes directly from a $292 million bridge exploit at KelpDAO that left its impact on Aave’s lending markets, igniting massive withdrawals and a liquidity crunch.
At the time of writing, AAVE continues to drop as it has lost over 3.14% in the past 24 hours and has also lost its previous gains, as it is 4.88% down on the weekly charts, trading at $90.12, as reported by CoinMarketCap.
Exploit details
The hack initiated on April 18, when attackers exploited a vulnerability in KelpDAO’s LayerZero-backed cross-chain bridge. The attackers tricked LayerZero’s cross-chain messaging layer into trusting that a valid instruction had come from another network, which resulted in draining around 116,500 rsETH.
It was a liquid restaking token, estimated at around $292 million, with about 18% of its circulating supply having no corresponding backing on the other side. The attackers then deposited the tokens as collateral on Aave V3, borrowing more than $196 million in WETH and leaving the protocol stuck with bad debt.
Within hours of the attack, Stani Kulechov, the founder of Aave, announced that rsETH markets on both Aave V3 and V4 had been frozen. “Aave’s contracts have not been exploited, and this is an exploit related to rsETH,” the official account mentioned. Kulechov also confirmed that the asset now holds zero borrowing power, with no further exposure.
The protocol is now reviewing post-exploit borrows and exploring ways to offset any deficit via its safety module.
The TVL slip
Aave’s total value locked (TVL) slipped from around $26.4 billion on April 18 to $17.3 billion today, as per the DefiLlama data. The wider DeFi ecosystem lost over $13.82 billion in TVL in the past 48 hours.
The CoinMarketCap data reveals AAVE’s market capitalization to be $1.38 billion, with 24-hour volume at $600 million, posting a 37.75% loss. The circulating supply sits at 15.9 million out of a total of 16 million.
Regardless of the red candles, community sentiment on the platform remains resilient, having 82% of voters calling the outlook bullish versus 18% bearish.
Snowball effect
Although Aave was not compromised directly by a hack, the episode clearly illustrated just how quickly the negative spillover effects of a default in another system could snowball into the other lending protocols. The team is already underway to find ways to manage the losses without overly diluting the staking token holders.
However, if the safety module and treasury functions effectively mitigate the blowback, the architecture of Aave might still enable a comeback. In any case, the $292 million DeFi disaster acts as a warning that bridge breaches are not to be underestimated.
Also Read: Bitmine Scoops 101K ETH – Biggest Buy Since 2025 Signals Shift
