Key Takeaways:
- The KelpDAO exploit on April 18, 2026, uncovered Aave to an estimated $124M-$230M in unhealthy debt inside 72 hours.
- Aave’s whole worth locked fell 33%, shedding billions, with USDT and USDC borrow charges hitting 14%.
- USDe provide shed $800 million in three days, signaling continued DeFi liquidity stress throughout main protocols.
KelpDAO rsETH Hack Triggers Multi-Billion-Greenback Liquidity Drain on Aave
In line with Cryptoquant’s evaluation of the state of affairs, the attacker used the drained uncollateralized rsETH to alternate for WETH and stablecoins on Aave, exploiting a essential vulnerability in KelpDAO’s infrastructure. The assault rapidly rippled throughout the broader DeFi ecosystem.
Cryptoquant researchers discovered that Aave’s aETHrsETH contract holds roughly 83% of all rsETH circulating provide, making it the only most uncovered protocol to the hack. The agency estimates Aave now carries between $124 million and $230 million in potential unhealthy debt tied to depegged rsETH collateral.
Aave’s whole worth locked (TVL) dropped massively within the 72 hours following the exploit, a 33% drop that Cryptoquant described as one of many sharpest protocol-level liquidity contractions in latest DeFi historical past.
Borrowing charges throughout Aave’s three largest markets mirrored the strain instantly. Cryptoquant knowledge exhibits USDT and USDC borrow charges on Aave V3 jumped from 3.4% to 14% as customers rushed to borrow stablecoins and exit the protocol. Earlier than the hack, these charges had held regular at 3.4%, in step with regular DeFi lending situations.
ETH borrowing charges on Aave V3 climbed to eight%, the best studying Cryptoquant has recorded since no less than January 2024. Charges later stabilized close to 5%, nonetheless greater than double the pre-hack stage of two%.
The simultaneous charge spike throughout ETH, USDC, and USDT alerts system-wide stress quite than remoted market motion, in accordance with the Cryptoquant report. ETH, USDC, and USDT are Aave’s three largest markets by whole worth locked.
Cryptoquant researchers described the dynamics as a traditional DeFi liquidity crunch: depositors withdrawing whereas debtors enhance demand on the identical time, leaving obtainable liquidity to fall quickly and rates of interest to reset increased. As of the report date, charges stay elevated above pre-hack ranges.
The yield-bearing stablecoin, USDe, the fourth-largest asset on Aave with $412 million in protocol deposits, additionally noticed important strain. Cryptoquant tracked a internet collapse in USDe minting exercise within the days following the hack, pushed by each contagion from the Aave disaster and persistently detrimental ETH and BTC perpetual futures funding charges.
USDe’s whole provide fell from $5.8 billion to $5 billion in three days, a decline of $800 million or 14%. Cryptoquant referred to as it one of many largest short-term redemption occasions in USDe’s historical past.
As one of many largest stablecoins globally behind solely USDT, USDC, USDS, and DAI, USDe’s contraction factors to a significant withdrawal of liquidity from the broader DeFi ecosystem, the agency famous.
Adverse perpetual funding charges compressed USDe’s delta-neutral yield throughout this era, accelerating redemption incentives for holders. Cryptoquant defined that the mix of hack-driven risk-off habits and structural funding charge strain marks a big deterioration in DeFi market situations.
The most recent Cryptoquant report highlights the systemic danger of concentrated collateral publicity in DeFi lending protocols, noting that Aave‘s outsized rsETH place amplified contagion far past the preliminary exploit.
