Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
When "blue-chip" DeFi encounters problems, who will foot the bill?
Author: Route 2 FI Source: BlackSwans Translation: Shan Ouba, Golden Finance
Aave has just suffered a severe blow, and this is no longer simply a matter of “a certain protocol being hacked.”
An cross-chain rsETH attack incident has left a nine-figure bad debt hole in what should be the safest currency market in DeFi.
Now, the entire industry must face a brutal question: when blue-chip DeFi collapses, who ultimately foots the bill?
When “blue-chip” DeFi encounters problems, who pays?
Last weekend, the DeFi protocol Aave, regarded as a “blue-chip,” woke up to find a large hole on its balance sheet.
The attacker exploited a vulnerability in KelpDAO’s rsETH cross-chain bridge — via its LayerZero multi-chain application — creating a large amount of uncollateralized rsETH out of thin air, and used it as collateral to deposit into Aave. Then, the attacker borrowed real WETH to cash out and escape. The final result: Aave’s core WETH liquidity pool was saddled with a massive bad debt.
From a code logic perspective, the contract was “operating normally.” But reality has taught DeFi a lesson: the protocol’s solvency depends on cross-chain bridge design, governance incentives, and risk management, and depositors may ultimately become the ones to cover the losses.
Event overview: what exactly happened?
Kelp’s rsETH based on LayerZero was compromised at the message transmission layer
The attacker lured the cross-chain bridge into minting and releasing rsETH without real collateral
This uncollateralized rsETH was deposited into Aave V3 as collateral
The attacker used it as collateral to borrow a huge amount of WETH and other assets before disappearing
After the vulnerability was exposed, rsETH collateral became completely junk assets, and the liquidation mechanism failed to restore solvency
Ultimately, Aave found itself in this situation:
Liabilities to users for WETH deposits
The difference between the collateral (rsETH, which the market no longer recognizes) and the liabilities is the bad debt.
Why is this a huge blow to DeFi?
This is far from just a “protocol cross-chain bridge misconfiguration.”
1. “Trust code, not people” has failed
The code executed instructions strictly, but the problem lies in multi-system integration: a cross-chain liquid staking token (LST) combined with aggressive collateral parameters, connected to a market where risk control teams and core contributors have long since left.
2. DeFi is infrastructure, not ordinary applications
Aave is not an unknown minor pool but a core venue where institutional treasuries, funds, whales, and ordinary users deposit ETH to earn yields. When such a platform suddenly faces massive bad debt, the notion of DeFi as a safe, stable financial infrastructure is shattered.
After the vulnerability was exposed, ordinary users who deposited ETH and stablecoins into Aave rushed to withdraw, causing the utilization rate of the WETH pool to soar to 100%. A utilization rate of 100% means no remaining liquidity in the pool — even if the on-chain balance shows deposits are still there, withdrawals are impossible, only waiting for borrowers to repay or new funds to flow in. Additionally, Aave froze rsETH and related markets to protect itself, further exacerbating the panic over trapped funds.
The bad debt generated from rsETH loans cannot be properly liquidated, leading to a shortfall in Aave’s WETH pool, with no automatic liquidity replenishment mechanism. Until governance and backstop plans address the bad debt, the withdrawal limits of some funds pools depend entirely on the net difference between new inflows and fleeing funds.
More dangerously, a chain reaction ensues: users find deposits cannot be withdrawn but still have borrowing capacity. To avoid becoming the last to bear the risk, they maximize borrowing, lending out stablecoins and ETH as much as possible. The logic is simple: since they cannot withdraw deposits, they extract value through borrowing. Depositors turn from net lenders into net borrowers overnight.
This run-like borrowing drains the already heavily loaded liquidity pools, depleting the marginal liquidity and sharply increasing systemic risk. High leverage combined with bad debt makes subsequent risk clearing and capital restructuring more costly.
Core liquidity pools (WETH, USDC, USDT) utilization rates approach 100%, with billions of dollars worth of assets unwithdrawable, and the small amount of new inflow instantly drained.
Confidence crisis spreads rapidly:
Whales and institutions withdraw $5–8 billion from Aave
AAVE token price plunges sharply
Total DeFi TVL (Total Value Locked) declines, with funds fleeing similar lending and cross-chain protocols (Morpho, Sky, Fluid, Kamino, etc.)
Other protocols integrating rsETH or using LayerZero suspend cross-chain transfers, freeze markets, or tighten parameters, further tightening liquidity and nearly halting cross-protocol capital flows.
If institutions and users start viewing “blue-chip DeFi money markets” as inherently high-risk products, the entire DeFi funding costs will rise: deposits decrease, interest rates climb, collateral requirements tighten, and all products relying on cross-chain assets and multi-layer LST collateral will continue to be discounted.
3. “Code is law” fails against “Governance is a game”
The attack happened quickly, but the fatal vulnerabilities had already been embedded in governance decisions over several months:
Continually increasing rsETH’s loan-to-value ratio (LTV)
Compressing safety buffers
Blindly pursuing scale expansion
Loss of risk control and core governance personnel
Where is the hole in Aave’s bad debt?
Simply put:
Some users deposit WETH to earn yields
Attackers use the vulnerability-minted rsETH as collateral to borrow WETH
After the attack, rsETH cannot be liquidated at the original price, creating a shortfall of WETH owed to depositors
This shortfall is the bad debt. Essentially:
WETH pool collateral is insufficient
Total depositor claims > remaining system assets
In past DeFi protocols, similar situations were usually resolved through three solutions:
Using the treasury / token dilution (protocol absorbs the loss)
Depositor write-down (users bear the loss)
A combination of both, with a “recovery token” narrative
But Aave has modified its backstop mechanisms over the past few years, making the situation more complicated.
Who should pay the bill?
The core controversy is simple: who is responsible for backing Aave’s solvency now?
Classic Aave model
AAVE stakers provide security via the safety module
When a shortfall occurs, some stakers’ AAVE are slashed and sold to recapitalize
In return, stakers earn yields and governance rights
This is the default contract: depositors provide liquidity for yields; token stakers bear tail risks and are compensated accordingly.
The reality has completely changed
As Aave transitions to new architecture and products:
The original safety module’s slashing mechanism has become largely ineffective
Risk backstops are now directly tied to specific assets and markets through new “umbrella” structures (like aWETH)
In some new structures, risk capital is no longer the staked AAVE but the depositors’ own assets
Therefore, the actual loss-bearing order in the affected WETH market is closer to:
Corresponding depositors in the pool: bearing losses through liquidity freezes, asset write-downs, or forced restructuring
Protocol-level backstop: governance decides whether to use the treasury or design restructuring plans
AAVE holders: only affected when the new mechanisms actually implement slashing or dilution, far less direct than before
This is a completely different implicit contract. If you deposited ETH into Aave thinking “AAVE stakers will cover losses,” you might now find yourself as the one footing the bill. This cognitive gap deals a heavy blow to DeFi’s credibility — the risk models promoted are now disconnected from the actual governance evolution.
Why does this incident fundamentally change DeFi risk perception?
Some might think: “Just a $300 million attack, it will pass quickly.” But the impact is profound, as professional capital will reprice DeFi risks across multiple dimensions.
Blue-chip does not mean low risk in size, experience, or brand; it may instead lead governance to continually cut safety buffers in pursuit of yield and market share, blindly trusting the “brand halo.”
Cross-chain bridges and LSTs carry systemic risks: a single breach at the application layer can trigger a currency market solvency crisis. Any protocol that treats multi-layer cross-chain assets as high-quality collateral will be scrutinized.
Explicit pricing of deposit risk: if depositors bear losses before token holders, then the “safety pool” yield is mispriced. Funds that once considered Aave deposits as on-chain savings accounts must fundamentally revise their logic. In traditional finance, this is akin to discovering that “insured bank deposits” have a lower priority than the bank’s own structured notes.
Impact within 24 hours of attack
Total DeFi TVL plummeted by over $10 billion in 24 hours
Aave’s TVL evaporated by $6.6 billion, setting a record for the largest single-day withdrawal in DeFi history
AAVE token dropped from $118 to $90
Aave’s bad debt reached approximately $196 million (later updated to $236 million)
WETH utilization in Aave hit 100%
What happens next?
Governance must answer three key questions, as their answers will directly determine the extent of DeFi’s damage this time:
Full compensation: using the treasury or token dilution, preserving user trust but harming AAVE holders and the long-term economic model
Partial write-down: causing long-term damage to Aave’s brand but aligning with the “depositors default on protocol risk” logic
If hundreds of millions in bad debt cannot trigger substantive slashing, AAVE’s role as risk capital is effectively nullified
If backstops are actually activated, Aave can maintain a credible system, proving token holders are the actual risk bearers
Superficial conclusion: don’t rely on LayerZero, cross-chain bridges, or LSTs
Deeper lesson: if the collateral layer depends on cross-chain messaging and aggressive LTV, systemic risks must be borne and properly priced
Whichever path Aave chooses, it will set a precedent. Other currency markets and LST protocols are watching closely — this is the first major modern cross-chain repayment crisis in the entire chain era.
Summary
The rsETH–Aave incident is significant because it exposes the gap between DeFi’s promotional narrative and reality:
DeFi claims to be transparent and rule-based. But in reality, the core question remains: who bears the losses? Ultimately, it depends on game theory, incentives, and governance votes.
Bad debt is now on the table, and someone must pay. The only question is: will it be those told to back the system (AAVE holders), or those who only wanted to deposit ETH to earn yields (depositors)?