Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Aave experiences a $300 million increase in borrowing, indicating liquidity issues following an exploit.
The repercussions of Saturday’s KelpDAO hack are rippling through stablecoin markets in ways that were not instantly apparent.
Trapped USDT deposits on Aave initiate significant borrowing. (Boitumelo/Unsplash)
Key points:
- A significant breach of KelpDAO’s rsETH token resulted in an attacker extracting approximately $292 million in value, mainly by depositing unsupported tokens into Aave and securing real assets against them.
- Within 24 hours following the hack, large investors rapidly withdrew over $6 billion from Aave, driving major pools like ETH, USDT, and USDC to 100% utilization and effectively immobilizing remaining depositors’ funds.
- Stranded users subsequently borrowed around $300 million against their own locked stablecoin deposits at substantial losses, highlighting how a single DeFi breach can paralyze liquidity across various markets, even when the fundamental protocol code remains unaltered.
The repercussions of Saturday’s KelpDAO hack are rippling through stablecoin markets in ways that were not instantly apparent.
In the first 24 hours following the attack, users on Aave borrowed about $300 million against their tether deposits of stablecoin tether on the platform, according to data from Chaos Labs.
The borrowing surge is not indicative of demand; it is evidence that users are unable to withdraw. With stablecoin pools at maximum capacity, depositors are taking loans against their own funds at a loss merely to access liquidity.
Consider this analogy: Imagine a bank denying customers’ requests to withdraw fiat deposits. In a state of urgency, customers resort to taking loans on these deposits. This generation of credit is not sustainable, but rather a desperate measure for liquidity.
"We are witnessing some adverse secondary effects of illiquidity in Aave stablecoin markets," stated monetsupply.eth, the pseudonymous head of strategy at Spark, a competing DeFi lending platform. "Due to the 100% utilization preventing user withdrawals, borrowing with USDT collateral has surged by approximately $300 million in just the past day following the rsETH exploit."
To comprehend how a single exploit on KelpDAO resulted in locking all stablecoin exits on Aave simultaneously, it is essential to grasp how the system is intended to function — and precisely where it failed.
What is Aave and how it is supposed to function
Aave is a decentralized finance (DeFi) protocol that allows users to lend and borrow cryptocurrencies without intermediaries. Think of it as a bank, except it operates entirely on code on a public blockchain, without any human gatekeepers.
Users deposit assets into lending pools and earn interest. Others can borrow from those same pools by providing crypto assets as collateral, which exceeds the loan amount. The system is designed to self-correct automatically through interest rates. When demand for borrowing increases, rates rise, making borrowing more costly and encouraging lenders to deposit more. When demand diminishes, rates fall.
The entire system relies on one fundamental assumption: there is always sufficient liquidity — enough assets in the pool — for lenders to withdraw their deposits whenever they wish, and for borrowers to close their positions when necessary.
When that assumption collapses, everything else follows suit. This is what occurred after the KelpDAO exploit.
rsETH and the KelpDAO exploit
Related Posts
rsETH is a liquid re-staking ether token issued by KelpDAO.
When you stake ether (ETH), you lock it up to support the Ethereum network in exchange for yield, akin to earning interest on a bond. Some protocols issue a liquid staking token (LST) that signifies your staked ETH.
Re-staking extends this concept by reusing those already-staked assets to secure additional systems, effectively compounding yield. In return, you obtain a receipt token that represents your position. rsETH is one such receipt token and it has been extensively utilized as collateral throughout the DeFi ecosystem.
On April 18, an attacker exploited KelpDAO’s bridge infrastructure to release 116,500 rsETH — approximately 18% of the token’s circulating supply, valued at around $292 million. These counterfeit, unsupported tokens were promptly deposited into lending protocols, primarily Aave, to borrow genuine ETH and other assets like wrapped ether (wETH) against them. Counterfeit tokens in, real funds out.
"That [borrowed] WETH is gone. The rsETH remaining in the vaults is worth whatever an unsupported claim is worth — nearing zero on the L2 side, where 20+ chains held bridged rsETH backed by a now-empty mainnet lockbox," said 0xyanshu, a pseudonymous crypto operator known for his work in on-chain finance and risk.
Aave halted rsETH markets on V3 and V4 within hours, with founder Stani Kulechov confirming that the exploit was external and Aave’s contracts remained uncompromised. This suspension stopped further losses. However, it also triggered a chain reaction resulting in the $300 million borrowing spike.
How $300 million in borrowing emerged in a single day
Upon the news of the exploit, whales and large funds withdrew billions of dollars worth of cryptocurrencies from Aave’s liquidity pools within hours. Their swift and substantial withdrawals drained the liquidity pools.
"When the rsETH exploit occurred and AAVE faced bad debt, whales such as Justin Sun, MEXC exchange, and others immediately withdrew billions from AAVE," analyst Duo Nine noted in an explanation. "Initially, the ETH market reached 100% utilization, meaning withdrawals of ETH from AAVE were impossible."
This soon affected USDT and USDC pools, pushing their utilization rates to 100%, as over $6 billion in assets exited the protocol within hours. Each lending pool contains a fixed amount of assets deposited by users. When every dollar of those assets has been borrowed, there is nothing left for withdrawals.
"That is because AAVE lost over $6 billion in liquidity in the past 24 hours," Duo Nine wrote. "As whales withdrew their funds, USDT and USDC also reached 100% utilization. These markets are now similarly stuck with funds locked."
This is when the $300 million secondary borrowing surge commenced.
Trapped USDT and USDC depositors, unable to withdraw their funds easily, sought the only remaining option available to them. They began taking loans from their locked deposits.
"Some users opted to borrow against USDT/USDC and exit via alternative markets at a 10-25% loss," Duo Nine explained. "Essentially, they borrow GHO/DAI/USDe against their locked USDT/C." This was not a trading strategy.
It has been a desperate measure of borrowing against their own funds at a loss, accepting 75 cents on the dollar, merely to extract any liquidity from the system. Aave permits users to borrow up to 75% of the total loan-to-value (LTV) of their deposited collateral, depending on the asset and its risk parameters.
"With a 75% maximum LTV, users with immobilized USDT deposits can withdraw up to three-quarters of the value of their Aave position. However, this ultimately diminishes liquidity in other markets, with USDC and USDe markets also reaching 100% utilization," monetsupply.eth, the pseudonymous head of strategy at Spark, a competing DeFi lending platform, noted.
For any observers of DeFi from the outside, the takeaway is clear: "Decentralized" does not imply "without risk."
