Aave is facing a serious disruption following the $293 million Kelp DAO hack. Nearly $8 billion was withdrawn from the protocol, and AAVE fell by almost 20% in a single day. Aave’s TVL dropped from about $26.4 billion to $18.6 billion, temporarily ending its DeFi leadership position.
The main damage stemmed from collateral use rather than a direct breach of Aave’s smart contracts. Attackers deposited 116,500 rsETH as collateral on Aave v3, then borrowed wETH against it, creating roughly $195 million in bad debt. This led to a liquidity pullback as users reduced exposure amid contagion fears.
For those exploring how contagion spreads in lending, Elixir, a crypto onboarding platform, helps explain onboarding models and user flows; this context can make risk concepts feel more intuitive.
The Kelp Hack Quickly Turned Into a Liquidity Crisis for Aave
The contagion mechanism matters here. A single incident in connected infrastructure can become systemic for a major lending protocol because DeFi markets are interlinked. Once a compromised asset is used as collateral, the issue is no longer confined to the original attacker-controlled pathway.
This dynamic was visible with rsETH. After the bridge attack, the acquired assets were used within Aave, and market participants quickly weighed not only the hack size but also the lending system’s exposure to that asset.
The Most Alarming Signal Came From Stablecoin Pools
The sharpest strain appeared in Aave v3’s stablecoin pools. The USDt and USDC pools reportedly reached 100% utilization, meaning over $5.1 billion in stablecoins was effectively unavailable for withdrawals until liquidity improved or borrowers repaid. At one point, only about $2,540 remained withdrawable from the $2.87 billion USDT pool.
That is a practical stress indicator. Even if the protocol continues to run, withdrawal access can deteriorate quickly, and DeFi users often treat that as a trust signal.
Major Players Were the First to Exit
Large participants appear to have moved early, which can intensify pressure. Some of the largest addresses reducing exposure included MEXC and Abraxas Capital, withdrawing about $431 million and $392 million, respectively.
Early exits by major wallets can influence risk perception. When large entities reduce exposure first, other users may interpret it as a warning about perceived stability, and the resulting feedback loop can accelerate withdrawals.
Aave Tries to Localize the Blow
Following the incident, Aave froze rsETH markets on v3 and v4 to limit new borrowing. It also restricted operations involving wETH on several networks. At the same time, Aave stated that its own contracts were not hacked, and that rsETH on the mainnet remains collateralized.
This distinction helps explain the outcome. While Aave may not have been compromised directly, its economic pathways were affected through the collateral and borrowing workflow, which can produce similar liquidity impacts for users.
The Entire Ecosystem Came Under Pressure
After the incident, other protocols tied to rsETH and the bridge began restricting operations. That pattern suggests the issue was treated as an infrastructure-level risk rather than an isolated hack.
Such responses can compound the effect. When liquidity constraints or operational limits appear in one part of the ecosystem, related platforms often follow, reducing overall market depth.
The First Test of the Protection Model
The episode became an early stress test for the Umbrella model, implemented in 2025, designed to limit bad debt through automated mechanisms.
Prior assumptions emphasized that over-collateralization and liquidations could manage most risks. This case illustrates why external assets used as collateral can produce more complex outcomes, even when core protections exist.
The model’s resilience is not necessarily disproven, but confidence in its universality may be lower during edge-case scenarios.
Additional Pressure Amplified the Effect
The timing mattered as well. Aave was in a transitional period after ending its partnership with Chaos Labs, a risk management partner.
Even without a direct link, that context can shape market expectations. Participants may interpret multiple negative signals under a single uncertainty narrative.
What This Means for DeFi
The takeaway extends beyond Aave. The market is reminded again how fast risk can propagate across interconnected DeFi protocols when collateral, borrowing, and liquidity are tightly coupled.
If collateral is not sufficiently isolated, a single failure can trigger cascading effects. Incidents like this often lead to renewed scrutiny of risk management design across the sector.
What Next?
The immediate priority is restoring liquidity and confidence. If deposits and repayments increase, pressure may ease; otherwise, the protocol could face a longer period of reduced activity. Downward pressure on the AAVE token could also persist depending on market sentiment.
At present, the key point remains that Aave was not hacked directly, but it became a main route through which the consequences of the attack affected market liquidity. For participants, that channel is the essential lesson.
Read More: The CLARITY Act Nears the Finish Line and Brings the Crypto Market Closer to US Rules
