June 25, 2026
June 25, 2026

Aave Freezes rsETH Markets After $293 Million KelpDAO Exploit, Warns of Possible Bad Debt

Aave has issued its first official statement following the $293 million KelpDAO exploit, saying it has frozen rsETH markets across Aave v3 and v4 while it assesses the fallout from the attack. The decentralized lending protocol said the move was taken to limit risk after the incident affected the rsETH bridge, though Aave stressed that its own smart contracts were not directly compromised. 

 

The hack began when attackers exploited a vulnerability in KelpDAO’s rsETH bridge, allowing them to mint or move rsETH in a way that made the token usable as collateral on lending platforms. Reports say the stolen rsETH was then deposited on Aave, where it was used to borrow other assets, intensifying concern about potential losses on the protocol.

 

In its statement, Aave said it has temporarily suspended new deposits and borrowing activity involving rsETH collateral while it reviews the transactions that occurred after the exploit. The protocol also said it is examining whether any “bad debt” will result and, if so, what options may be available to address it. 

 

The shock to Aave was immediate. Market data reported by several outlets showed the protocol’s total value locked falling by roughly $8 billion over the weekend, as users rushed to withdraw funds amid fears that the incident could leave the platform with substantial losses. Some reports estimated that the exploit left about $195 million in bad debt on Aave, although the exact figure remains subject to ongoing analysis. 

 

LayerZero, whose infrastructure was used in the KelpDAO bridge, said the failure stemmed from KelpDAO’s security design and noted that it had previously warned about the risks of relying on a single verification point. KelpDAO itself responded quickly by blacklisting the attacker’s address, stopping a second attempted transfer that would have drained even more funds. 

 

The breach has also prompted broader debate inside DeFi about how protocols should handle losses tied to cross-chain bridges and liquid restaking tokens. Analysts have floated several possible paths forward, including covering the shortfall with treasury assets, spreading the loss across affected users, or using protocol reserves and loans to backstop the gap. 

 

Aave’s official response suggests the protocol is trying to contain the damage before it spreads further. By freezing rsETH markets and reviewing the post-attack borrowing activity, the platform is signaling that it may take a more cautious approach as it determines whether and how much debt the exploit ultimately leaves behind.



 

 

Disclaimers: All contents in this article are for informational purposes only and does not constitute any form of advice.Third-party websites and their content are provided for informational purposes and user convenience only. Rola News does not control, endorse, or assume responsibility for any Third-party websites, including their content, accuracy, privacy practices, or any subsequent changes or updates made to them. This article is AI-assisted and has been reviewed by our editorial team.