Aave, a key player in decentralised finance (DeFi), is grappling with a significant liquidity crisis following a recent exploit related to KelpDAO. In a span of just 3.5 days, the platform saw an alarming US$15.1 billion (AU$21.6 billion) in deposit outflows. This situation exploded after attackers misappropriated 116,500 KelpDAO Restaked ETH tokens via a LayerZero-powered bridge, subsequently using these assets as collateral in Aave v3 to secure wrapped Ether.
In the aftermath of this incident, Aave’s total value locked (TVL) plummeted from approximately US$26.4 billion (AU$37.8 billion) to around US$18.6 billion (AU$26.6 billion), according to data from DeFiLlama. Concurrently, Aavescan reported a drop in deposit figures from US$48.5 billion (AU$69.4 billion) to US$30.7 billion (AU$43.9 billion). This substantial decrease has left Aave with an estimated US$195 million (AU$279 million) in bad debt.
Interestingly, while many funds exited Aave, some capital remained within the DeFi ecosystem. SparkLend reportedly managed to attract about US$1.3 billion (AU$1.9 billion) during this turbulent period, showcasing some resilience in the market.
### Liquidity Challenges
Aave’s lending pools for USDT and USDC reached full capacity, with over US$5.1 billion (AU$7.3 billion) in stablecoin liquidity becoming inaccessible. This situation persisted until either new deposits were made or existing borrowers repaid their loans. In response to the exploit, Aave also decided to freeze the rsETH and WETH markets across versions v3 and v4, while simultaneously locking WETH reserves on Ethereum and various Layer-2 solutions such as Arbitrum, Base, Mantle, and Linea. This precaution aimed to prevent new borrowing against the compromised collateral and mitigate the risk of further contagion.
The entire situation underscores the precariousness of the DeFi landscape, where a single exploit can have far-reaching consequences. As Aave navigates this crisis, it remains to be seen how they will manage their way back to stability and regain the trust of their users.
