Aave Defends Resilience After $8.45 Billion Deposit Run
After a $292M KelpDAO exploit triggered an $8.45B bank run on Aave, CEO Stani Kulechov claims the protocol’s resilience. However, a $300M emergency bailout and $123.7M bad debt expose DeFi’s vulnerability to systemic contagion, prompting a V4 redesign.
Quick Take
Aave survived an $8.45B deposit run following a KelpDAO bridge exploit.
A $300M bailout, including Kulechov’s 5K ETH, averted insolvency.
LlamaRisk revealed $123.7M bad debt from worthless collateral trapped in Aave V3.
Aave V4 aims to prevent future contagion with a hub-and-spoke risk model.
Market Impact Analysis
BearishExposure of DeFi vulnerability to bridge exploits and bank runs, along with $123.7M bad debt, may reduce confidence among users and institutions, potentially pressuring AAVE token price and DeFi adoption.
Speculation Analysis
Key Takeaways
- Aave survived an $8.45B deposit run in 48 hours after a $292M KelpDAO bridge exploit triggered panic withdrawals.
- A $300M emergency bailout from the DAO and CEO Stani Kulechov averted insolvency, but $123.7M in bad debt remains.
- The hack stemmed from LayerZero verifier node attacks, exposing DeFi’s vulnerability to third-party bridge risks.
- Aave V4 will introduce a modular hub-and-spoke risk model to autonomously contain future contagion from bridge failures.
What Happened
Aave, the largest DeFi lending protocol, endured an $8.45 billion deposit run in just 48 hours after a $292 million exploit hit KelpDAO’s bridge. The panic withdrawals pushed the protocol to the brink of insolvency. CEO Stani Kulechov later defended Aave’s resilience, but survival required a chaotic $300 million bailout—25,000 ETH from the DAO and 5,000 ETH from his own wallet. Post-crisis, $123.7 million in bad debt from worthless collateral still sits on Aave V3, a lingering scar from the episode.
The Numbers
The $292 million bridge exploit at KelpDAO triggered over $8.45 billion in outflows from Aave. The emergency rescue package totaled $300 million, with the DAO pledging 25,000 ETH and Kulechov personally contributing 5,000 ETH. Risk firm LlamaRisk calculated $123.7 million in bad debt still trapped in Aave V3. The run evaporated billions in liquidity, revealing how a single bridge failure can cascade into systemic DeFi stress.
Why It Happened
Attackers used RPC spoofing and DDoS tactics against LayerZero’s verifier nodes to compromise KelpDAO’s bridge. They minted worthless collateral, deposited it into Aave, and borrowed authentic wETH. When the exploit was detected, fear of insolvency sparked a classic bank run. The incident underscores how DeFi’s intertwined dependencies—even with flawless smart contracts—create rapid contagion channels, turning third-party infrastructure flaws into protocol-wide liquidity crises.
Broader Impact
The crisis strengthens the argument for modular risk architecture in DeFi. The Bank Policy Institute noted absent insurance left users exposed, while Aave’s V4 redesign signals a shift toward autonomous risk premiums and collateral freezes. This could reshape cross-chain lending standards and force stricter due diligence on bridge security. The event may also accelerate regulatory focus on economic vulnerabilities in DeFi infrastructure.
What to Watch Next
- Aave V4’s testnet rollout and the deployment timeline for its hub-and-spoke risk engine.
- Whether the Aave DAO aims to recover the $123.7M bad debt, or if it will be socialized.
- Potential regulatory responses targeting bridge protocols after this high-profile failure.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
