Kelp DAO Vulnerability Impact on Aave: The 230 Million USD Bad Debt and the 9 Billion USD TVL Disappearance Overview

On April 18, 2026, at 17:35 UTC, Kelp DAO’s rsETH cross-chain bridge was attacked. The attacker minted approximately 116,500 rsETH out of thin air within 46 minutes, valued at about $293 million at the market price at that time, accounting for roughly 18% of the total circulating supply of that token. The direct technical root cause of the incident was not a flaw in the smart contract code but an overlooked deployment parameter: Kelp DAO used a 1/1 DVN (Decentralized Validator Network) configuration—meaning only a single validator node needed to confirm to approve cross-chain messages. The attacker compromised the RPC infrastructure relied upon by that single validator node, forged a cross-chain message claiming “rsETH assets on the source chain have been locked,” and the Kelp bridging contract, lacking strict validation of the “source chain,” directly executed the release.

LayerZero’s official documentation recommends a 2/2 DVN configuration, employing multiple validator nodes for redundancy. However, Kelp DAO set the validation threshold at the most extreme “1 of 1.” This configuration created a “single point of failure” vulnerability, while traditional security auditing tools—such as Slither, Mythril, etc.—mainly focus on detecting vulnerabilities in smart contract code and are nearly powerless against risks at the configuration parameter level. This reveals a structural issue: the security of DeFi protocols depends not only on code quality but also on the prudence of deployment configurations.

How Forged Collateral Invades the Aave Lending System

After obtaining this batch of rsETH without real backing, the attacker did not choose to sell it directly on the secondary market—since rsETH liquidity is limited, large sales would cause severe slippage—but instead used these “air assets” as collateral, depositing them into mainstream lending protocols like Aave V3, and borrowed about $236 million in real WETH and ETH. This was the critical turning point: the attacker did not attempt to breach Aave’s core contracts but leveraged composability among DeFi protocols, using Kelp DAO’s vulnerability as a springboard to borrow real on-chain assets within the Aave system, leaving behind a pile of “air collateral” worth zero.

As a liquidity re-staking token, rsETH’s underlying assets should come from genuine reserves in the cross-chain bridge. Once the reserves in the bridge are emptied, the value peg of rsETH collapses instantly. However, Aave’s price oracle still calculates the value of these collateral assets based on pre-attack prices, making the borrowed positions effectively impossible to liquidate. The Aave team responded swiftly, urgently freezing rsETH markets on Ethereum mainnet and Layer 2s such as Arbitrum, Optimism, Base, Mantle, and Linea, and setting the rsETH Loan-to-Value ratio to zero, technically blocking new borrowing paths.

Why Did the Pool Utilization Rate Surge to 100%?

Following the attack, a large-scale run on funds occurred on the Aave platform. Panic withdrawals rapidly pushed the utilization rate of the WETH liquidity pool to 100%—meaning all available liquidity had been borrowed out, and depositors could no longer withdraw. Meanwhile, the annualized borrowing rate for USDT soared to 14.99%, and deposit APY also spiked to 13.39%, with extreme volatility in rates reflecting a sudden imbalance in liquidity supply and demand.

This phenomenon is essentially a combination of a credit crisis and a liquidity crisis. The rate mechanism can handle normal liquidity fluctuations but cannot address the credit risk associated with the “authenticity” of collateral. When depositors realize that rsETH collateral may be unrecoverable, the rational strategy is to withdraw their funds immediately. But if everyone adopts this strategy, the liquidity in the pool will be drained in a very short time. This is the mechanism by which the impact of the Kelp vulnerability is amplified multiple times—Aave’s core contracts were not directly attacked, but the breakdown of upstream collateral trust propagates directly to downstream liquidity.

The Logic Behind the $9 Billion TVL Evaporation and Capital Withdrawal

On the data side, Aave’s total value locked (TVL) was about $26.4 billion before the incident, which plummeted to approximately $18 billion within 48 hours after the attack, evaporating around $8.4 billion, a decline of over 31%. During the same period, the total DeFi TVL across all chains dropped from about $99.49 billion to roughly $86.29 billion, a reduction of approximately $13.2 billion. If we further include the withdrawal of liquidity re-staking and yield strategies in related markets, the total locked value evaporated close to $9 billion across the entire DeFi ecosystem.

Whale-level capital withdrawals were the main driver of the TVL plunge. On-chain monitoring shows that Abraxas Capital withdrew $392 million, MEXC withdrew $431 million, and a single whale withdrew over $400 million in one go. These large-scale withdrawals follow a clear risk-avoidance logic: before the certainty of rsETH’s backing is clarified, holding exposure to rsETH-related risks is irrational. The scale and speed of these withdrawals set new records in DeFi history, reflecting an aggressive re-pricing of cross-chain asset credit risk.

The Dispute Over $124 Million vs. $230 Million Bad Debt — Two Disposal Scenarios

The exact size of the bad debt depends on the final decision of Aave governance regarding the disposal plan. Aave’s official report, citing risk service provider LlamaRisk, presents two scenarios:

Scenario 1 (Systemic Loss Across All Chains):
Losses are shared proportionally among all rsETH holders. LlamaRisk estimates that rsETH will experience about 15% systemic decoupling, with Aave bearing approximately $124 million in bad debt.

Scenario 2 (L2 Isolation):
Losses are limited to rsETH on Layer 2 chains, with the full rsETH on Ethereum mainnet preserved. However, this scenario results in a higher bad debt figure—applying a 73.54% discount to cross-chain collateral, Aave’s estimated bad debt surges to about $230.1 million, with Mantle accounting for 71.45% of the shortfall and Arbitrum 26.67%.

The difference between these two plans is nearly $100 million. This is essentially a “political” question of risk sharing: should the losses be borne collectively by all chain participants or only by the holders on specific chains? The Aave DAO treasury currently holds about $181 million in reserves. Scenario 2 would directly breach this reserve threshold. Additionally, the Umbrella security reserve is valued between $80 million and $100 million, and Aave DAO generated $145 million in revenue in 2025. These resources could theoretically buffer bad debt, but how to cover losses without harming core protocol users remains a cautious governance decision.

From Single-Point Vulnerability to Cross-Chain Propagation — How Liquidation Risks Spread

0xngmi, founder of DeFiLlama, analyzed three potential action paths KelpDAO might take, each with clear flaws:

Path 1 (Socialized Loss):
KelpDAO reduces losses proportionally among all rsETH holders by 18.5%. With approximately 666k rsETH collateralized across the entire network, assuming a high leverage at 95% LTV, this could generate about $216 million in bad debt.

Path 2 (L2 Isolation):
KelpDAO only guarantees the mainnet rsETH, treating L2 rsETH as valueless. Currently, about $359 million worth of rsETH is collateralized on L2s like Arbitrum, Mantle, and Base. If all are assumed at maximum leverage, this could produce roughly $341 million in bad debt, with no coverage from Umbrella, risking collapse of L2 markets.

Path 3 (Snapshot Refund):
Only fully reimbursing rsETH holders before the attack based on a snapshot. But since funds have already moved significantly post-attack, and DeFi protocols are liquidity pools, it’s technically very difficult to distinguish deposits by batch.

These three paths clearly show that the spread of liquidation risk is not linear but exhibits a “risk layering” characteristic—significant differences in risk exposure exist between mainnet and Layer 2s, and among different L2s. This structural differentiation makes the final distribution of bad debt highly uncertain.

Structural Lessons — The Authenticity Boundary of Collateral Access in DeFi

This incident’s most profound impact on the DeFi industry is not the amount of bad debt itself but the exposure it reveals in collateral risk management’s structural blind spots. Aave’s core contracts were not compromised, but the breakdown of upstream collateral trust directly propagated to downstream lending systems. This indicates that the security of DeFi protocols is no longer solely about whether their own code is free of vulnerabilities but also about whether the entire chain of technology and governance behind the collateral they accept is reliable.

Layered systems involving cross-chain bridges, re-staking, and lending protocols mean that failure at any link can be amplified into systemic shocks through collateral chains. When a collateral’s “weight” no longer corresponds to the underlying real assets, the risk model shifts from “volatility risk” to “authenticity risk”—which is often outside the scope of routine stress testing. Aave has urgently set rsETH’s Loan-to-Value to zero and frozen WETH reserves across all affected markets, but these measures only contain further risk expansion; they cannot recover already incurred losses.

In the future, DeFi lending protocols will need to reevaluate standards for cross-chain assets and re-staking tokens as collateral. Single validator configurations, cross-chain message verification security, and mechanisms for verifying collateral authenticity will become core issues in risk control systems.

Summary

Kelp DAO’s 1/1 DVN configuration flaw was the direct trigger of this incident, but a deeper systemic issue is the structural deficiency in collateral authenticity verification within the DeFi ecosystem. Attackers exploited forged cross-chain messages to mint about $293 million worth of rsETH, which they used as collateral to borrow real assets on Aave, resulting in bad debt estimated between $124 million and $230 million. The TVL evaporated approximately $8.4 billion within 48 hours, with over $13 billion fleeing across the entire chain, pool utilization hitting 100%, and rate mechanisms triggering extreme volatility. Aave governance faces a dilemma in loss distribution—shared across all chains or isolated to specific layers—each with significant costs and controversies. This event marks a paradigm shift in DeFi risk management: protocol security is increasingly dependent on the reliability of the entire chain of technology and governance behind accepted collateral, not just on code quality. Cross-chain bridge configurations, validator redundancy, and collateral authenticity verification will be key focus areas for the next phase of DeFi risk control development.

FAQ

Q: Was Aave’s smart contract itself compromised?
A: No. The core vulnerability was in Kelp DAO’s cross-chain bridge configuration layer; Aave’s core contracts were not attacked, representing an “upstream contamination” risk transmission.

Q: Who will ultimately bear Aave’s bad debt?
A: It depends on the final governance decision. Currently, there are two main options: shared burden among all rsETH holders across chains (about $124 million bad debt) or isolated handling on Layer 2 (about $230 million bad debt).

Q: How is the current price of the AAVE token performing?
A: As of April 22, 2026, AAVE’s real-time price on Gate is approximately $91.16. Before the incident, it was around $115, down over 20%.

Q: What is a DVN configuration? Why is a 1/1 setup risky?
A: DVN (Decentralized Validator Network) is the message verification mechanism in LayerZero’s cross-chain protocol. A 1/1 configuration requires only a single validator node to confirm messages; if that node is compromised, attackers can forge arbitrary messages.

Q: Is the underlying asset of rsETH currently safe?
A: Kelp has not yet published final reconciliation results of reserves and outstanding supply. The backing certainty of rsETH across all chains is uncertain, which is the core reason Aave cannot initiate liquidation.

Q: What are the long-term impacts of this event on DeFi?
A: It exposes systemic blind spots in collateral authenticity verification. Future lending protocols will tighten standards for cross-chain tokens and re-staking tokens, and single validator setups are expected to be phased out.