Kelp DAO Exploit Triggers $6.2B Aave Withdrawal Panic
A $291 million exploit on Kelp DAO's rsETH bridge allowed attackers to mint unbacked tokens, using them as collateral on Aave to drain real assets. This triggered a liquidity crunch, spiking utilization rates to 100%, and causing $6.2 billion in net withdrawals, with AAVE plunging 16%.
Quick Take
Attackers drained $291M from Kelp DAO bridge, minted unbacked rsETH.
Used rsETH as collateral on Aave to borrow real assets, creating bad debt.
Aave utilization hit 100%, sparking $6.2B net withdrawals and 16% AAVE drop.
Contagion fears spread across DeFi, raising bank run risks.
Market Impact Analysis
BearishMajor DeFi exploit causing immediate liquidity crisis, mass withdrawals, and token sell-offs, shaking confidence in lending protocols.
Speculation Analysis
Key Takeaways
- Attackers exploited a single-signer Kelp DAO bridge to mint unbacked rsETH, draining $291M from Aave.
- Aave froze rsETH markets after utilization hit 100%, sparking $6.2B in net withdrawals and a 16% AAVE plunge.
- Contagion fears spread as bad debt threatens other DeFi lending protocols and token holders.
What Happened
An exploit on Kelp DAO's rsETH bridge allowed attackers to mint unbacked tokens, which they then used as collateral on Aave to borrow real assets. The breach, detected Saturday, forced Aave to freeze markets tied to rsETH after the core lending pool's utilization rate rocketed to 100%. With no liquidity left, users faced failed withdrawals, panic spread, and over $6.2 billion in net outflows followed. The attack marks one of DeFi's largest exploits this year, immediately shaking confidence in cross-chain bridges and major lending protocols.
The Numbers
The attacker drained 116,500 rsETH—valued at $291 million—from the bridge via a compromised single-signer component. At Aave, the rsETH market's utilization hit 100%, signaling zero available liquidity for Ethereum and wrapped Ethereum depositors. The resulting bank run saw $6.2 billion in net withdrawals within hours. AAVE's governance token plunged 16% to $90.13, while ETH fell a more modest 2% to $2,300. The bad debt created on Aave could cascade into wider losses.
Why It Happened
The root cause was a bridge design that relied on a single-signer setup, which the attacker compromised to authorize unauthorized minting of rsETH. Without multi-sig or decentralized validation, the bridge lacked safeguards against this type of attack. Once the unbacked tokens were minted, the attacker deposited them into Aave as collateral, borrowing legitimate assets and creating massive bad debt that the protocol now must absorb.
Broader Impact
The exploit has sparked contagion fears across DeFi. Other protocols holding rsETH or interacting with Aave's contaminated pools could face similar liquidity crunches. The incident underscores the systemic risks of single-signer bridges and the interconnectedness of DeFi, where a single exploit can trigger a cascade of bank runs. Regulatory attention on bridge security is likely to intensify.
What to Watch Next
- Aave governance's response—whether it will socialize losses via token inflation or seek other remedies—and how it affects AAVE price.
- Other DeFi protocols with rsETH exposure or similar bridge architectures that could become targets.
- Kelp DAO's investigation results and potential compensation plans for affected users.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
