Why Tron’s Justin Sun Withdrew Over $4 Billion From Aave

Why Tron’s Justin Sun Withdrew Over $4 Billion From Aave

Key takeaways

  • DeFi protocol Aave (AAVE) saw an 18% drop in TVL on Friday.
  • Investigations revealed that the drop was linked to the withdrawal of $4.2 billion worth of tokens by Tron’s Justin Sun.
  • Sun’s move was likely due to concerns arising from the recent Cream Finance hack according to Colin Wu.

On Friday, Ethereum based lending and borrowing DeFi protocol Aave (AAVE) saw the total value locked (TVL) on the platform drop about 18%. On investigation, it was discovered that the withdrawals were made by wallets connected to the founder of TRON and CEO of BitTorrent, Justin Sun who withdrew around $4.2 billion worth of ETH, WBTC, and Stablecoins from Aave’s lending pools.

While the CEO has not commented on the withdrawal leaving the community to speculate on his decision, cryptocurrency journalist Colin Wu has proffered an explanation that seems to have some precision to it.

The industry insider said Sun’s move may have been prompted by concerns over the security of the DeFi protocol especially following the recent exploit that saw another DeFi protocol, Cream Finance (CREAM) lose $130 million to hackers.

The Aave governance proposal in question was put forward by on-chain protocol management firm Gauntlet “to disable borrowing of $xSUSHI, $DPI, and the LP tokens on the AMM market to mitigate the potential of any future risks” in order to address the community concerns that Aave has a vulnerability that is similar to the one exploited by the Cream Finance hacker(s). This is why Wu feels that Sun may want to take cautionary measures pending when the proposal is implemented on the Aave protocol on November 1.


In the meantime, the withdrawal has made Aave drop to fifth place in the DeFi platforms ranking by TVL, surpassed by Curve finance and MakerDAO according to data from DeFi Llama.

Notably, Cream Finance’s $130 million exploit marks the 3rd time the protocol has been hacked this year. This time, an attacker used the platform’s flash loan feature to borrow 524,102.159 ETH from Aave and then proceeded to drain several DeFi tokens from Cream Finance.

The protocol developers have stated that they are investigating the exploit. The transaction history of the hacker on Etherscan shows that the malicious party moved around $92 million and $23 million consisting mainly of Cream LP tokens, XSUSHI, WNXM, YFI, and several other ERC-20 tokens to two separate Ethereum wallets. The attacker, as is common in such cases, also left a message in the transaction that read:

“gÃTµ Baave lucky, iron bank lucky, cream not. ydev: incest bad, dont do”

According to analysts, the message likely refers to Cream Finance’s Iron bank feature which has been confirmed to still be solid.