Aave lost more than $6 billion in deposits after the Kelp hack, and this is what the crypto market is punishing today. The protocol was not hacked directly. But he finds himself with a risk that he did not create, which is enough to trigger a brutal capital flight and a fall in the AAVE token. According to CoinDesk and DefiLlama, Aave's total value locked fell from around 26.4 billion to less than 20 billion, while the token fell around 16%.
In brief
- Aave falls without having been directly hacked.
- The Kelp hack revealed a structural flaw in DeFi.
- The market is now waiting to see who will really absorb the losses.
An external hack that ends up in Aave accounts
The starting point is at Kelp. The attack targeted the rsETH bridge, not Aave smart contracts. Around 116,500 rsETH, or nearly $292 million, was drained, then used as collateral on Aave V3 to borrow wrapped ether. This is where the problem shifted.
Clearly, Aave was not “hacked”, but it accepted as collateral an asset whose supporting value had disappeared elsewhere. This is an important technical nuance. For the market, it changes almost nothing. When the collateral becomes doubtful, depositors look for an exit. And in crypto, this exit is often immediate.
The potential hole linked to Aave is estimated at around $177 to $200 million according to the first evaluations relayed this weekend. This is not an accounting detail. It's a loss that cuts to the heart of DeFi's largest lending protocol, a player that many still considered a relatively robust piece of crypto infrastructure.
The real problem is not Kelp, but the risk model
This affair goes beyond a simple news item. It shows that crypto risk never stops at the protocol you use. Aave has integrated liquid restaking tokens because they provide yield and occupy a growing place in the Ethereum ecosystem. On paper, it seemed consistent. In practice, this added a dependency on an external link.
The problem is that risk models often work well in a normal scenario. They experience price variations, liquidations, sometimes even volatility shocks. On the other hand, they handle much less well a situation where the guarantee suddenly loses its credibility because of a compromised bridge on another layer of the system. This is exactly what this case highlights.
Aave remains massively focused on Ethereum. DefiLlama shows that Ethereum represents the largest share of its TVL, and CoinDesk also points out that WETH weighs very heavily in its borrowing book. In other words, the attack did not hit a marginal pocket. It affected one of the most sensitive market couples in the protocol.
The question is no longer just what happened. The real question is who will pay. Aave initially hinted that his safety reserve, Umbrella, could absorb the shock. Then the speech was made more cautious. This change in tone was enough to create doubt. And in decentralized finance, doubt quickly becomes very expensive.
Maximize your Tremplin.io experience with our 'Read to Earn' program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
