On April 19, 2026, a $293 million hack of KelpDAO triggered a chain reaction that sent shockwaves through the DeFi ecosystem, with AAVE being hit hard. Around 116,500 rsETH—roughly 18% of the token’s circulating supply was stolen from KelpDAO in an elaborate cyber attack, and now the whole decentralized lending economy is reeling from its aftershocks. The attacks were reportedly carried out by the North Korean Lazarus Group and funded through the notorious mixer Tornado Cash.
The trouble didn’t end with the KelpDAO hack, as a popular influencer commented:
The stolen rsETH was immediately deposited as collateral on Aave’s DeFi markets. Attackers borrowed roughly $236 million in wrapped ETH (WETH) and other assets, leaving Aave with an estimated $177–200 million in unbacked “bad debt”. This, in turn, triggered widespread panic among AAVE users, many of whom rushed to withdraw their funds. However, the sudden frenzy has resulted in delayed/canceled withdrawals and a general state of helplessness among DeFi users.
AAVE’s Total Value Locked (TVL) plummeted by $6.6–8.45 billion within 48 hours, dropping from around $26 billion to roughly $18 billion, according to DeFiLlama data. The token itself corrected sharply by 15–20%, reflecting widespread lack of confidence right now. It remains to be seen whether it can bounce back from this major drop or continue its free fall.
On-chain analytics CryptoQuant tweeted:
A total of 355,000 AAVE (approximately $32 million) was deposited on cryptocurrency exchanges in the immediate aftermath of this episode, CryptoQuant reported. AAVE is in crisis mode right now because heavy outflows to centralized exchanges have signaled deteriorating sentiment and potential capitulation among AAVE holders.
How will this Crisis Further Unfold?
AAVE has an umbrella safety module designed to handle bad debt like the one in this episode. All major organizations involved in this hack, including KelpDAO, AAVE, LayerZero, and third-party auditors, are investigating the incident and will likely try to recover the wrapped ETH in the best way they can. No funds have been recovered so far.
The unfolding episode is a stark reminder that automated cross-chain bridges in DeFi are vulnerable to coordinated hacks like this one. Even battle-tested chains like AAVE can be hoodwinked. Some loopholes need to be closed, or confidence in the security of DeFi platforms will continue to erode. Improved bridge security needs to be taken seriously by developers and leaders of this economy.
