Aave Says Operations Back to Normal as $300M Backstop Replaces Drained Assets

Decentralized finance protocol Aave recently revealed that it has fully restored liquidity to its lending pools following a $300 million cross-chain exploit.

The Anatomy of the Exploit

Decentralized finance ( DeFi) pioneer Aave has successfully restored full liquidity to its lending pools, capping off an aggressive multi-week stabilization effort following a $300 million cross-chain exploit that threatened the protocol’s cash reserves, developers announced June 1.

Aave said in its post‑mortem that by mobilizing a $300 million industrywide rescue fund and securing an emergency federal court order, it was able to replace the drained assets, shield depositors from losses, and restore normal borrow‑and‑lend operations across the protocol.

The release of the post-mortem came more than a month after an attacker exploited a third-party bridge operated by Kelp and Layerzero. By fabricating cross-chain messages, the hacker minted 116,500 counterfeit rsETH tokens and deposited them into Aave’s V3 platform as collateral.

The attacker immediately used the fake rsETH as collateral to siphon out highly liquid assets, borrowing 82,650 wrapped ethereum (WETH) and 821 wrapped staked ethereum (wstETH). The sudden mass withdrawal structurally weakened Aave’s core liquidity pools, forcing risk managers to freeze affected markets to prevent a cascading run on the platform’s capital.

To plug the hole, Aave Labs helped mobilize an emergency coalition of major industry players, including Lido, Ether.fi, Ethena and Compound. Together, the group structured a $300 million recovery fund. This capital injection effectively backstopped the compromised rsETH assets, guaranteeing that every dollar of user deposits remained fully collateralized by authentic reserves.

Unfreezing the capital

However, the path to restoring liquidity faced a legal hurdle on May 1, when judgment creditors in an unrelated federal case intercepted the recovery process. The creditors obtained a restraining notice that froze roughly $71 million in ethereum that had been clawed back from the attacker and was slated to refill Aave’s pools.

Aave responded by filing an emergency motion in U.S. federal court on May 4, and four days later, a judge granted a crucial modification to the freeze, permitting the immediate transfer of the $71 million back into Aave’s direct custody. This legal breakthrough allowed developers to instantly route the funds back into the protocol’s active lending pools, restoring the liquidity depth required for safe market operations.

With capital reserves fully replenished and pre-exploit market parameters restored, Aave is overhauling its risk architecture to insulate its liquidity from future third-party systemic failures.

To prevent future attackers from converting exploited tokens into liquid protocol assets, Aave developers executed 295 individual parameter updates, heavily slashing borrowing and supply caps across 168 separate asset pools.

Additionally, the protocol is implementing an automated LTV0 (loan-to-value zero) circuit breaker. Going forward, if any asset’s underlying cross-chain infrastructure experiences a security breach, the system will instantly strip that asset of its collateral value. This ensures that compromised tokens can no longer be used to borrow or drain authentic liquidity from Aave’s markets.