Aave Sees Significant Drop in Locked Value
Aave has recently experienced a dramatic decline, watching $6.6 billion leave the platform—not due to a hack, thankfully.
The total value of assets locked into the protocol decreased from $26.4 billion on April 18 to around $20 billion as of Sunday morning in the United States, according to DefiLlama. Meanwhile, AAVE tokens plummeted by 16% to $92, while daily fees surged to $1.99 million as liquidations continued over the weekend.
It seems that depositors are fleeing, exposing some vulnerabilities in Aave. This shift became apparent when 116,500 rsETH were extracted from Kelp’s bridge on Saturday. The attackers then funneled the stolen tokens into Aave V3 and took out a loan against the wrapped ether.
According to blockchain trackers, Aave’s specific borrowings stand at around $196 million, with a combined total of approximately $236 million across Aave, Compound, and Euler.
Aave is the largest lending protocol in the DeFi space, allowing users to deposit cryptocurrencies for yield while others borrow against those deposits. Kelp functions as a liquid restaking protocol, utilizing already staked Ether on Ethereum, routing it through a revenue-generating system known as EigenLayer, and then issuing rsETH in exchange.
This rsETH is significant, as it’s what some users used as collateral for loans on Aave.
On Saturday, the attackers manipulated Kelp’s cross-chain bridge to release those 116,500 rsETH—valued at about $292 million—into an address they controlled. Following this, they used the stolen rsETH as collateral within Aave V3 to borrow wrapped ether.
Bridges, in this context, are blockchain tools that facilitate token transfers between networks that don’t support them natively.
Initially, Erb claimed that Umbrella’s reserves would cover the losses. However, by Saturday afternoon, the wording shifted to exploring how to address the deficit.
The concentrated damage stems from Aave’s loan portfolio, which spans 22 chains, yet $14.24 billion out of the $17.82 billion in outstanding loans is tied to Ethereum. Wrapped Ether (WETH) constitutes 39.49% of all loans on the platform, meaning this attack impacted the predominant collateral type supporting Aave’s finances.
Aave founder Stani Kulechov mentioned that the incident originated externally, asserting the protocol’s contract wasn’t breached. Yet, Aave had accepted liquid restake tokens as collateral, and the backing behind that token vanished due to an external bridge, leaving depositors at a loss.
Liquid restaking tokens have gained acceptance across major lending protocols since they offer yields and increasingly represent a significant portion of Ethereum’s locked value. The risk model had been set under the assumption that the peg would hold under typical conditions. However, on Saturday, no protocols had anticipated a scenario where collateral could be reduced to zero because of external bridge misuse not linked to Aave.
As one trader observed on X, “AAVE is the backbone of DeFi; billions are invested, and nearly every new DeFi framework on another chain is a derivative of it. If AAVE faces contagion risk, it’s a sign of a systemic vulnerability.”
The current challenge is whether Umbrella can address the losses and how the holders of stkAAVE, who support its reserves, are responding to prevent further declines.
