Key Takeaways
- KelpDAO’s bridge suffered a $292–$293 million security breach that erased $13.21 billion from decentralized finance total value locked (TVL) within two days
- Attackers extracted 116,500 rsETH tokens and deployed them as illegitimate collateral on Aave to secure loans, generating approximately $195 million in uncollateralized debt
- Aave experienced a TVL collapse from $26.4 billion down to $18.6 billion, surrendering its position as DeFi’s dominant protocol
- Complete utilization of Aave’s USDT and USDC reserves means more than $5.1 billion in stablecoins remain inaccessible for withdrawal
- Major DeFi governance tokens including AAVE, UNI, and LINK experienced relatively contained price declines given the scale of capital flight
A weekend security breach at KelpDAO’s cross-chain bridge resulted in the extraction of $293 million in digital assets, catalyzing one of decentralized finance’s most severe capital withdrawal events and eliminating $13.21 billion in total value locked from the ecosystem within a 48-hour period.
The security incident commenced Saturday when malicious actors successfully compromised KelpDAO’s LayerZero-integrated bridge infrastructure, extracting 116,500 rsETH tokens valued at approximately $293 million. Subsequently, these compromised tokens were deposited into Aave, a prominent DeFi lending marketplace, where they served as collateral for borrowing wrapped Ether.
Since the extracted rsETH lacked genuine asset backing, these borrowing transactions created approximately $195 million in unsecured liabilities for Aave. The mechanism resembles depositing fraudulent currency at a financial institution and securing a legitimate loan against those worthless deposits.
Aave’s total value locked plummeted from approximately $26.4 billion to $18.6 billion by Sunday evening, data from DeFiLlama shows. This dramatic reduction displaced Aave from its ranking as the blockchain ecosystem’s largest protocol by deposited assets.
Throughout the broader DeFi landscape, total value locked contracted from $99.5 billion to $86.3 billion during this identical timeframe. Significant percentage declines materialized across numerous platforms including Euler, Sentora, and Aave, with concentrated damage observed in lending markets and liquid staking derivatives.
The AAVE governance token declined nearly 20%, falling from $112 Saturday to approximately $89.50 within 24 hours. This price movement resulted partly from substantial withdrawals executed by institutional participants. Blockchain intelligence provider Lookonchain documented MEXC exchange and Abraxas Capital among the largest capital removals, extracting $431 million and $392 million respectively.
Billions in Stablecoins Trapped as Liquidity Vanishes
Aave’s USDT and USDC liquidity pools on version 3 have reached complete utilization capacity. This condition means over $5.1 billion in stablecoin deposits currently remain locked without withdrawal access until fresh liquidity arrives or outstanding loans undergo repayment. Currently, merely $2,540 remained available for withdrawal from the $2.87 billion USDT reserve.
Following the security breach, Aave implemented emergency freezes on rsETH markets across both v3 and v4 platform versions. Additionally, WETH reserves were frozen across Ethereum, Arbitrum, Base, Mantle, and Linea networks. Aave subsequently verified that rsETH on Ethereum’s primary network maintains complete backing through underlying assets.
Numerous additional protocols suspended their LayerZero bridge integrations, including Curve Finance, Ethena, and BitGo’s Wrapped Bitcoin offering.
Initial Investigation Findings
Preliminary technical analysis from Peter Chung, research director at Presto Research, indicates the vulnerability likely originated within the bridge’s verification infrastructure rather than its core smart contract code. He emphasized that this episode demonstrates how interconnected DeFi protocols can amplify systemic risk far beyond the initial breach location.
This event represents the inaugural significant challenge to Aave’s “Umbrella” security framework, deployed in June 2025 to deliver automated safeguards against uncollateralized debt scenarios. The timing follows just two weeks after Aave terminated its relationship with risk management provider Chaos Labs on April 6, stemming from strategic disagreements regarding Aave v4’s development trajectory and resource allocation.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
