{
    "id": 73478,
    "date": "2026-04-20T09:05:16",
    "date_gmt": "2026-04-20T02:05:16",
    "guid": {
        "rendered": "https:\/\/hbbgroup.net\/kelp-dao-exploit-sparks-aave-liquidity-crunch-6-2-billion-withdrawal-panic\/"
    },
    "modified": "2026-04-20T09:05:16",
    "modified_gmt": "2026-04-20T02:05:16",
    "slug": "kelp-dao-exploit-sparks-aave-liquidity-crunch-6-2-billion-withdrawal-panic",
    "status": "publish",
    "type": "post",
    "link": "https:\/\/hbbgroup.net\/en_us\/kelp-dao-exploit-sparks-aave-liquidity-crunch-6-2-billion-withdrawal-panic\/",
    "title": {
        "rendered": "Kelp DAO Exploit Sparks Aave Liquidity Crunch, $6.2 Billion Withdrawal Panic"
    },
    "content": {
        "rendered": "<div>\n<div>\n<h4 color=\"#333\">In brief<\/h4>\n<ul>\n<li>Aave users struggled to withdraw funds from Aave after attackers borrowed with stolen rsETH on the platform, spiking a core market\u2019s so-called utilization rate.<\/li>\n<li>The funds were plundered from a LayerZero-powered bridge, in what onlookers described as DeFi\u2019s biggest exploit so far this year.<\/li>\n<li>Early Sunday, DefiLlama\u2019s 0xngmi said Aave had faced $6.2 billion in net withdrawals, while Spark\u2019s monetsupply.eth pointed to \u201cnegative secondary effects.\u201d<\/li>\n<\/ul>\n<\/div>\n<p><span>Less than a day after attackers drained $291 million in crypto from infrastructure linked to <\/span><a href=\"https:\/\/decrypt.co\/resources\/defi-decentralized-finance-explained-guide-learn\" target=\"_blank\"><span>decentralized finance<\/span><\/a><span> project Kelp DAO, users on <\/span><a href=\"https:\/\/decrypt.co\/resources\/what-is-aave-inside-the-defi-lending-protocol\" target=\"_blank\"><span>Aave<\/span><\/a><span>, one of DeFi\u2019s most battle-tested protocols, struggled to withdraw funds amid a liquidity crunch.<\/span><\/p>\n<p><span>A bridge that typically allows users to move an asset called rsETH from one network to another was exploited on Saturday, prompting Aave to freeze markets tied to the token, which attackers had used to borrow funds from the platform, the lending protocol <\/span><a href=\"https:\/\/x.com\/aave\/status\/2045593585966252377?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>said<\/span><\/a><span> in an X post.<\/span><\/p>\n<p><span>Meanwhile, Kelp DAO <\/span><a href=\"https:\/\/x.com\/KelpDAO\/status\/2045595819035046148\" target=\"_blank\" rel=\"nofollow external noopener\"><span>said<\/span><\/a><span> in an X post that it had \u201cpaused rsETH contracts\u201d across Ethereum\u2019s mainnet and several <\/span><a href=\"https:\/\/decrypt.co\/resources\/what-are-layer-2-networks-and-sidechains-ethereum-scaling-explained\" target=\"_blank\"><span>layer-2 scaling networks<\/span><\/a><span> as it investigates suspicious activity.<\/span><\/p>\n<div>\n<blockquote>\n<p lang=\"en\" dir=\"ltr\">Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH  contracts across mainnet and several L2s while we investigate.<\/p>\n<p>We are working with <a href=\"https:\/\/twitter.com\/LayerZero_Core?ref_src=twsrc%5Etfw\" data-wpel-link=\"internal\">@LayerZero_Core<\/a>, <a href=\"https:\/\/twitter.com\/unichain?ref_src=twsrc%5Etfw\" data-wpel-link=\"internal\">@unichain<\/a>, our auditors and top security experts on RCA. <\/p>\n<p>We will keep you\u2026<\/p>\n<p>\u2014 Kelp (@KelpDAO) <a href=\"https:\/\/twitter.com\/KelpDAO\/status\/2045595819035046148?ref_src=twsrc%5Etfw\" data-wpel-link=\"internal\">April 18, 2026<\/a><\/p>\n<\/blockquote>\n<\/div>\n<p><span>The attackers\u2019 activity on Aave caused the so-called utilization rate of a core lending pool to spike to 100%, signaling that users who previously deposited <\/span><a href=\"https:\/\/decrypt.co\/resources\/what-is-ethereum-quickly-explained-four-minute-guide\" target=\"_blank\"><span>Ethereum<\/span><\/a><span> and <\/span><a href=\"https:\/\/decrypt.co\/resources\/what-are-wrapped-tokens\" target=\"_blank\"><span>wrapped<\/span><\/a><span> Ethereum have been left with little to no liquidity to withdraw, Aavescan <\/span><a href=\"https:\/\/aavescan.com\/ethereum-v3\/weth\" target=\"_blank\" rel=\"nofollow external noopener\"><span>data<\/span><\/a><span> showed.<\/span><\/p>\n<p><span>An hour before Aave locked down the markets, blockchain security firm PeckShield <\/span><a href=\"https:\/\/x.com\/peckshield\/status\/2045582425007231404?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>flagged<\/span><\/a><span> a transaction showing 116,500 rsETH, worth $291 million at the time, flowing to a fresh wallet.<\/span><\/p>\n<p><span>The attackers didn\u2019t abscond with rsETH that had been maliciously released from the bridge. Rather, they used Aave to borrow regular funds, creating \u201cmassive bad debt,\u201d Francesco Andreoli, head of developer relations at Consensys and MetaMask, <\/span><a href=\"https:\/\/x.com\/francescoswiss\/status\/2045601125534200104?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>said<\/span><\/a><span> in an X post. (Disclaimer: Consensys is <\/span><a href=\"https:\/\/decrypt.co\/financial-disclosures\" target=\"_blank\"><span>one of many investors<\/span><\/a><span> in an editorially independent Decrypt.)<\/span><\/p>\n<p><span>Aave\u2019s governance token plunged to $90.13 on Sunday, a 16% decrease over the past day, according to <\/span><a href=\"https:\/\/www.coingecko.com\/en\/coins\/aave\" target=\"_blank\"><span>CoinGecko<\/span><\/a><span>. Ethereum fell 2% to $2,300 over the same period.<\/span><\/p>\n<p><span>As users struggled to withdraw from Aave, they began borrowing against their deposits in stablecoins, straining the liquidity further as a sign of \u201cnegative secondary effects,\u201d <\/span><a href=\"https:\/\/x.com\/MonetSupply\/status\/2045887113800118436?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>said<\/span><\/a> <span>monetsupply.eth, the pseudonymous head of strategy at DeFi project Spark, in an X post.<\/span><\/p>\n<p><span>The Kelp DAO exploit and ensuing fallout on Aave prompted a massive wave of withdrawals from several DeFi protocols, even those that were unaffected, according to 0xngmi, the pseudonymous co-founder of data provider DefiLlama. On a net basis, users had yanked $6.2 billion from Aave alone by early Sunday, they <\/span><a href=\"https:\/\/x.com\/0xngmi\/status\/2045830559683768711?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>said<\/span><\/a><span> in an X post.<\/span><\/p>\n<div>\n<blockquote>\n<p lang=\"en\" dir=\"ltr\">The Aave situation is bad and getting worse. Multiple other pools are hitting 100% utilization, leaving lenders stuck and the protocol at risk of further bad debt.<\/p>\n<p>Lending rates have increased to 10-15%, a notable increase but still not an appropriate reward for the perceived\u2026<\/p>\n<p>\u2014 Quit (@0xQuit) <a href=\"https:\/\/twitter.com\/0xQuit\/status\/2045922988110008572?ref_src=twsrc%5Etfw\" data-wpel-link=\"internal\">April 19, 2026<\/a><\/p>\n<\/blockquote>\n<\/div>\n<p><span>With contagion appearing to spread, DeFi\u2019s latest exploit provides \u201ca lot of ammo\u201d for critics skeptical of systems that seek to replace traditional financial intermediaries with code, Salman Banei, general counsel at Plume, a network focused on tokenization, <\/span><a href=\"https:\/\/x.com\/banamlas\/status\/2045865704172253587?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>said<\/span><\/a><span> in an X post.<\/span><\/p>\n<p><span>Kelp DAO issues rsETH, a liquid staking token that allows users to earn Ethereum staking and EigenLayer restaking rewards. It acts as a tradeable \u201creceipt\u201d for Kelp DAO depositors. The Kelp DAO bridge was built on top of infrastructure designed by LayerZero, a protocol that allows DeFi applications to send messages and transfer assets across blockchains.<\/span><\/p>\n<p><span>Stacy Muur, a noted blockchain researcher, <\/span><a href=\"https:\/\/x.com\/stacy_muur\/status\/2045809156469281192?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>said<\/span><\/a><span> in an X post that the exploit appeared to rely on a single point of failure. She wrote that a \u201cphantom\u201d message used by attackers essentially tricked Kelp DAO\u2019s bridge into releasing rsETH on Ethereum without removing a corresponding amount of tokens from circulation on Ethereum layer-2 Unichain.<\/span><\/p>\n<p><span>Nonetheless, some onlookers were eager to find a path forward, including crypto entrepreneur and Tron founder Justin Sun. He attempted to negotiate, arguing that the attackers would ultimately struggle to spend the stolen funds.<\/span><\/p>\n<p><span>\u201cHow much [do] you want?\u201d he <\/span><a href=\"https:\/\/x.com\/justinsuntron\/status\/2045781043526148368?s=20\" target=\"_blank\" rel=\"nofollow external noopener\"><span>asked<\/span><\/a><span> them in an X post. \u201cIt\u2019s simply not worth it to sacrifice both Aave and Kelp DAO and let them go down over this hack.\u201d<\/span><\/p>\n<div>\n<h3>Daily Debrief Newsletter<\/h3>\n<p>Start every day with the top news stories right now, plus original features, a podcast, videos and more.<\/p>\n<\/div>\n<\/div>",
        "protected": false
    },
    "excerpt": {
        "rendered": "<p>In brief Aave users struggled to withdraw funds from Aave after attackers borrowed with stolen rsETH on the platform, spiking [&hellip;]<\/p>",
        "protected": false
    },
    "author": 5,
    "featured_media": 73480,
    "comment_status": "open",
    "ping_status": "open",
    "sticky": false,
    "template": "",
    "format": "standard",
    "meta": {
        "_acf_changed": false,
        "footnotes": ""
    },
    "categories": [
        220
    ],
    "tags": [],
    "class_list": [
        "post-73478",
        "post",
        "type-post",
        "status-publish",
        "format-standard",
        "has-post-thumbnail",
        "hentry",
        "category-tien-dien-tu"
    ],
    "acf": [],
    "_links": {
        "self": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/73478",
                "targetHints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        ],
        "collection": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts"
            }
        ],
        "about": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/types\/post"
            }
        ],
        "author": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/users\/5"
            }
        ],
        "replies": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/comments?post=73478"
            }
        ],
        "version-history": [
            {
                "count": 0,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/73478\/revisions"
            }
        ],
        "wp:featuredmedia": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media\/73480"
            }
        ],
        "wp:attachment": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media?parent=73478"
            }
        ],
        "wp:term": [
            {
                "taxonomy": "category",
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/categories?post=73478"
            },
            {
                "taxonomy": "post_tag",
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/tags?post=73478"
            }
        ],
        "curies": [
            {
                "name": "wp",
                "href": "https:\/\/api.w.org\/{rel}",
                "templated": true
            }
        ]
    }
}