TL;DR:
- A KelpDAO exploit triggered a liquidity crisis on Aave, where roughly $300 million in loans were taken out within 24 hours.
- The attacker deposited 116,500 unbacked rsETH into Aave to withdraw real assets, generating bad debt within the protocol.
- Over $6 billion left the protocol within hours, driving USDT and USDC pools to 100% utilization and leaving funds trapped.
On Saturday, April 18, a hacker attacked the bridge infrastructure of KelpDAO and manipulated the system to release 116,500 rsETH, equivalent to around $292 million and approximately 18% of the token’s circulating supply. Those tokens, issued without real backing, were immediately deposited into Aave to borrow genuine assets such as ETH and wETH. Fake tokens in, real money out.
Aave froze the rsETH markets on its V3 and V4 versions within hours. Its founder, Stani Kulechov, confirmed that the protocol’s contracts had not been compromised and that the exploit was external. The freeze halted the direct damage but triggered a chain reaction that no one clearly anticipated.
Whales and Institutions Withdrew Billions From Aave’s Pools
we're now seeing some negative secondary effects of illiquidity in Aave stablecoin markets (in this example, Aave Core USDT on Ethereum)
because users cant withdraw due to 100% utilization, there has been a ~$300 million increase in borrowing with USDT collateral in just the… pic.twitter.com/ReGjGaIqAh
— monetsupply.eth (@MonetSupply) April 19, 2026
As news of the exploit spread, whales and institutional funds began withdrawing billions of dollars from Aave’s liquidity pools. According to analyst Duo Nine, figures such as Justin Sun and exchange MEXC pulled billions from the protocol within hours. The ETH pool was the first to reach 100% utilization, meaning no assets remained available for withdrawals. The wave quickly spread to the USDT and USDC pools, which also hit their cap. In total, over $6 billion left the protocol in less than 24 hours.
Trapped Depositors Fight Back
With funds locked and no direct withdrawal available, trapped depositors turned to the only exit at hand: borrowing against their own deposits. According to data from Chaos Labs, in the first 24 hours following the attack, nearly $300 million in new loans were generated using USDT as collateral.
“Basically you take a loan in GHO, DAI or USDe against your locked USDT or USDC,” Duo Nine explained. Aave allows borrowing up to 75% of the value of deposited collateral according to each asset’s risk parameters. That means accepting 75 cents on the dollar, at best, just to recover some liquidity.
Monetsupply.eth, head of strategy at the Spark protocol, noted that this dynamic worsened the problem: by draining other markets such as USDC and USDe, the desperate borrowing pushed those pools to their own utilization limits. The crisis spread from market to market, even as Aave’s core code remained intact and functioning as intended.
