A Kelp bridge hack spreads and affects Aave, as TVL plunges and bad debt surges to 196 million

Kelp’s cross-chain bridge for the liquidity re-staking protocol was attacked on Saturday. The attacker stole 116,500 rsETH (about $292 million) and deposited the stolen tokens into Aave V3 as collateral to borrow large amounts of wrapped Ether (WETH). Although the Aave protocol smart contracts were not affected, the attack created roughly $196 million in bad debt on the ledger, and the platform’s TVL plunged to about $20 billion.

Attack Path: How a Kelp Bridging Flaw Indirectly Triggered Aave Bad Debt

The entry point of the attack wasn’t Aave itself, but Kelp’s cross-chain bridge. On Saturday, the attacker tricked Kelp’s bridge relayer into releasing 116,500 rsETH to an address under the attacker’s control. rsETH is Kelp’s liquidity re-staking receipt token, representing staking-ether yield routed through EigenLayer.

The attacker then deposited the stolen rsETH into Aave V3 as collateral and borrowed WETH. Because the underlying collateral had disappeared on the bridge layer that Aave couldn’t reach, these borrowing positions effectively became irrecoverable bad debt. On-chain data shows Aave bad debt of about $196 million, with total open positions of about $236 million across Aave, Compound, and Euler.

Why the Bad Debt Is Concentrated: The rsETH/WETH Trading Pair Dominates Aave’s Ledger

Aave’s lending ledger spans 22 chains, but the Ethereum mainnet holds $14.24 billion of the $17.82 billion in outstanding loans, and WETH accounts for 39.49% of all Aave loans. This attack precisely targeted the rsETH/WETH collateralized lending pair with the largest position size in Aave’s ledger, explaining why the bad debt is highly concentrated and not diversified across the entire platform.

Aave founder Stani Kulechov confirmed that it was an external attack and that the protocol contracts remained intact. However, since Aave accepted rsETH as collateral and the security of its underlying assets depends on the cross-chain bridge outside Aave’s control scope, depositors ultimately bear the risk of loss.

Uncertainty in the Umbrella Reserve Mechanism: Potential Risk for stkAAVE Holders

Initially, Aave said the Umbrella reserve fund would cover any shortfall, but by Saturday afternoon, the official wording had softened to “exploring ways to cover the deficit,” indicating the reserve amount might be insufficient to fully cover the $196 million bad debt gap.

If the Umbrella reserve fund can’t fully cover the losses, according to Aave’s designed mechanism, stkAAVE holders (users of staked AAVE tokens) may need to bear part of the losses—this is one of the deeper reasons why the AAVE token took a 16% hit in this event.

Broader Lesson: A Systemic Blind Spot in LRT Collateral Risk

The core lesson from this event goes beyond Kelp and Aave themselves. Liquidity re-staking tokens (LRTs) have been added to the collateral whitelist by all major DeFi lending protocols, because they have yield characteristics and represent an increasing share of locked value on Ethereum. However, existing risk models for pricing LRTs assume it will maintain its pegged value under normal market conditions, without accounting for extreme scenarios such as underlying bridges being attacked and collateral instantly going to zero.

Altcoin Sherpa, a trader, pointed out on X: “AAVE is the pillar of DeFi, holding billions of dollars in funds. When AAVE faces contagion risk, it indicates the system’s vulnerability as a whole.”

FAQ

Were Aave’s protocol contracts compromised in this attack?

No. Aave founder Stani Kulechov clearly stated that this was an external attack and that Aave’s smart contracts were unharmed. The bad debt resulted from Aave accepting rsETH as collateral, and after the underlying assets disappeared following an attack on the Kelp cross-chain bridge that Aave couldn’t access, the related lending positions became irrecoverable bad debt.

How does Aave’s Umbrella reserve mechanism work, and why do stkAAVE holders face risk?

Umbrella is Aave’s security module, designed to handle protocol bad debt shortfalls. If the reserve fund can’t fully cover the losses, stkAAVE holders (i.e., users holding staked AAVE tokens) as the last line of defense may have their staked tokens reduced (Slashing) to cover the deficit. Whether Umbrella reserves can cover the $196 million bad debt in this case remains uncertain—this is the core reason why the AAVE token faced such significant pressure this time.

What systemic impact did this event have on the DeFi lending market?

This event revealed a systemic blind spot in LRT-type collateral: lending protocols widely accept LRTs as collateral, but in practice they introduce bridge security risks into the loan ledger. Any security failure of a bridge agreement could lead to unexpected bad debt in lending protocols that accept the related LRTs. This requires each DeFi protocol to reassess the LRT collateral risk model, collateral factors, and position limit settings.