News linked to both this project and an event.
According to on-chain analytics platform Lookonchain (@lookonchain), an OTC whale previously purchased 163,405 ETH (approximately $440 million) and 4,000 cbBTC (approximately $296 million). Due to the KelpDAO rsETH cross-chain bridge vulnerability, this whale was unable to withdraw ETH normally from Aave and was forced to discount-swap 7,438 aEthWETH (approximately $16.83 million) for 1,930 stETH and 5,272 ETH, incurring a loss of approximately 237 ETH (about $540,000). The whale has since withdrawn 98,032 wstETH (approximately $272 million) and 3,000 cbBTC (approximately $221.6 million) from Aave, leaving 10,000 ETH (approximately $22.8 million) still deposited in Aave.
According to a post by 0xngmi, founder of DefiLlama, following the hack of KelpDAO, Aave is facing severe pressure in handling bad debt. Currently, there are three potential solutions: First, socializing the loss across all users—this would result in an 18.5% impairment for users, generating approximately $216 million in bad debt. Aave’s Umbrella Insurance could cover $55 million, and the treasury could contribute an additional $85 million, leaving a shortfall of roughly $76 million. Second, executing a “rug pull” on rsETH holders on L2 chains—this would generate approximately $341 million in bad debt, with Arbitrum, Mantle, and Base markets suffering the heaviest losses. Third, returning assets to holders based on a pre-attack snapshot—but this approach is extremely operationally challenging, and even after Umbrella Insurance coverage, an estimated $91 million in losses would remain. Additionally, some suggest confiscating the hacker’s collateral to offset part of the bad debt. Meanwhile, Aave’s OG Security Module still holds approximately $300 million worth of AAVE tokens; applying a 20% reduction would provide an additional ~$60 million in loss coverage.
Odaily News: A LayerZero cross-chain bridge related to Kelp DAO was hacked on Saturday, resulting in 116,500 rsETH worth $291 million flowing to a new wallet. The hacker used the illicitly obtained rsETH as collateral to borrow on Aave, causing the utilization rate of Aave's core lending pool to reach 100% and triggering a liquidity crunch. According to monitoring by 0xngmi, as of early Sunday, the net withdrawal amount from Aave had reached $6.2 billion. Kelp DAO has suspended the rsETH contracts on the Ethereum mainnet and several L2 networks. Affected by this, the price of the Aave token fell 16% to $90.13, and the price of Ethereum dropped 2% to $2,300. Currently, Justin Sun has posted on platform X attempting to negotiate with the hacker.
Michael Egorov, founder of Curve Finance, stated in a post that he hopes Aave will address the relevant issues. He noted that non-isolated lending offers strong scalability but carries higher risk—the key lies in risk management, an area where Aave has historically performed well. He added that markets could adopt a fully isolated model—like Curve Finance’s—or a hybrid model; although the latter is highly complex, it remains feasible. However, the market has yet to grasp its advantages. Egorov also remarked that Aave v4’s hub-and-spoke model may represent a step toward semi-isolation and greater safety.
Odaily News: Sonic Labs co-founder and Flying Tulip founder Andre Cronje posted on platform X, stating that his team is continuing to investigate the L0/rsETH incident. Preliminary reports indicate that approximately $200 million worth of rsETH was stolen, possibly due to a private key leak or configuration error. The related assets were subsequently deposited into Aave as collateral to borrow ETH (due to insufficient rsETH liquidity).Andre Cronje pointed out that the affected positions are technically still overcollateralized. However, if bad debt occurs, Aave's token mechanism and Safety Module will serve as the first line of defense to absorb the risk. Nevertheless, Aave has no mechanism to subsidize user losses, as doing so could trigger a bank run. Currently, Aave holds approximately $7 billion in ETH with an outstanding borrowing amount of around $100 million, so the overall impact of this incident is limited. Furthermore, prioritizing user liquidity, Flying Tulip has withdrawn all its ETH from Aave to its fund management wrapper contract. This action was taken because Aave's available liquidity had fallen below its set minimum threshold.
According to on-chain analytics platform Lookonchain (@lookonchain), impacted by the KelpDAO incident, the attacker deposited rsETH into Aave and borrowed ETH, resulting in a bad debt on Aave. As a result, several whales have begun urgently withdrawing ETH from Aave. Currently, ETH utilization on Aave has risen to 100%.
According to on-chain analyst Yujin (@EmberCN), after the hacker borrowed a large amount of ETH from Aave by pledging illegally minted rsETH, multiple whale addresses sold AAVE on-chain, causing AAVE’s price to drop 15% that day. Among them, the Polymarket user “smaugvision” sold 20,015 AAVE at an average price of $102.9, worth approximately $2.06 million; address 0xFC5 sold 20,000 AAVE at an average price of $102.8, worth approximately $2.05 million; and address 0xA2E sold 19,665 AAVE at an average price of $99.2, worth approximately $1.95 million.
Regarding the KelpDAO hack, Aave tweeted that the rsETH markets on Aave V3 and Aave V4 have been frozen. Aave stated that its contracts were not exploited and that this incident is related to the exploit of Kelp DAO’s rsETH cross-chain bridge. The freeze will prevent new rsETH deposits and rsETH-backed lending. Aave is currently reviewing lending activity involving rsETH on the platform following the exploit and has indicated that, should the protocol accumulate bad debt as a result, it will explore options to cover the deficit. Earlier reports indicated that Kelp DAO’s cross-chain bridge was hacked, resulting in the theft of approximately $292 million worth of rsETH, exposing Aave V3 to bad debt risk.
According to CoinDesk, Kelp DAO’s LayerZero-based cross-chain bridge was attacked, with the attacker withdrawing 116,500 rsETH—worth approximately $292 million at current prices, or roughly 18% of its circulating supply. This incident has become the largest DeFi attack of 2026 to date. In response, Aave, SparkLend, and Fluid have frozen rsETH-related markets, and Lido Finance has suspended new deposits into its earnETH product. Kelp DAO stated it is jointly investigating the incident with LayerZero, auditing firms, and external security experts.
Odaily News Aave posted on the X platform stating that it has taken note of the attack on the CowSwap frontend, but this incident has not affected the security of the Aave interface or the underlying protocol. As a precautionary measure, the CowSwap team has temporarily disabled the swap endpoints for integrators. Within the Aave interface, transactions have been switched to the ParaSwap routing where available to ensure continuity of user transactions.