KelpDAO Bridge Exploit Drains $13B from DeFi Markets in Two Days

Key Takeaways

KelpDAO’s bridge suffered a $292–$293 million security breach that resulted in a $13.21 billion decline in total value locked across DeFi markets within 48 hours
Attackers extracted 116,500 rsETH tokens and deployed them as illegitimate collateral on Aave to extract funds, generating approximately $195 million in uncollateralized debt
Aave experienced a TVL collapse from $26.4 billion to $18.6 billion, relinquishing its position as DeFi’s largest protocol by deposits
Complete utilization of Aave’s USDT and USDC reserves means approximately $5.1 billion in stablecoins remain frozen and inaccessible to depositors
Major DeFi tokens including AAVE, UNI, and LINK experienced relatively limited price depreciation considering the scale of capital flight

A security breach targeting KelpDAO’s bridge infrastructure over the weekend catalyzed one of the most significant capital flight events in decentralized finance history, erasing $13.21 billion in total value locked from DeFi platforms within a 48-hour period.

Update: Aave's TVL has dropped to $17.947B, down $8.45B over the past 2 days.
The total TVL of all DeFi protocols across all chains has also dropped from $99.497B to $86.286B, a decline of $13.21B.https://t.co/mxLuMwJ8LU https://t.co/p1DRnv5gqj pic.twitter.com/fFyhjhjOLE
— Lookonchain (@lookonchain) April 20, 2026

The assault commenced Saturday when malicious actors extracted 116,500 rsETH tokens—valued at approximately $293 million—from KelpDAO’s LayerZero-based bridge system. The perpetrators subsequently deposited these compromised tokens as collateral on Aave, a prominent DeFi lending marketplace, to secure loans in wrapped Ether.

Since the stolen rsETH lacked genuine underlying assets, these borrowing activities saddled Aave with an estimated $195 million in bad debt. The mechanism resembles depositing fraudulent currency at a financial institution, then securing legitimate loans against those worthless deposits.

Aave’s total value locked plummeted from approximately $26.4 billion to $18.6 billion by Sunday, based on DeFiLlama data. This dramatic contraction stripped Aave of its ranking as the ecosystem’s largest protocol measured by deposited assets.

Throughout the broader DeFi landscape, TVL contracted from $99.5 billion to $86.3 billion during this same timeframe. Platforms including Euler, Sentora, and Aave registered double-digit percentage declines, with losses heavily concentrated in lending markets and restaking infrastructure.

The AAVE governance token depreciated nearly 20%, sliding from $112 on Saturday to approximately $89.50 within 24 hours. This price movement was partly fueled by substantial withdrawals from institutional participants. Blockchain intelligence platform Lookonchain tracked MEXC exchange and Abraxas Capital as among the largest exiting parties, withdrawing $431 million and $392 million respectively.

Stablecoin Liquidity Completely Exhausted

Aave’s USDT and USDC reserves on version 3 have reached 100% utilization rates. This condition means over $5.1 billion in stablecoins are presently inaccessible and cannot be redeemed until fresh liquidity arrives or outstanding loans receive repayment. At current reporting, merely $2,540 remained available for withdrawal from the $2.87 billion USDT reserve.

Following the security incident, Aave suspended rsETH markets across both v3 and v4 deployments. The platform additionally froze WETH reserves throughout Ethereum, Arbitrum, Base, Mantle, and Linea networks. Aave subsequently verified that rsETH on Ethereum mainnet maintains full backing from underlying asset reserves.

Numerous additional protocols suspended their LayerZero bridge integrations, including Curve Finance, Ethena, and BitGo’s Wrapped Bitcoin service.

Ongoing Investigation Findings

Preliminary examination from Peter Chung, research director at Presto Research, indicates the vulnerability may have originated within the bridge’s verification infrastructure rather than its smart contract code. He emphasized that this event demonstrates how interconnected DeFi protocols can amplify risk contagion far beyond the initial compromise point.

This episode represents the inaugural major examination of Aave’s “Umbrella” security framework, launched in June 2025 to deliver automated safeguards against bad debt scenarios. The crisis arrives merely two weeks following Aave’s separation from risk management provider Chaos Labs on April 6, stemming from conflicts regarding Aave v4’s strategic trajectory and resource allocation.

The post KelpDAO Bridge Exploit Drains $13B from DeFi Markets in Two Days appeared first on Blockonomi.

Source: https://blockonomi.com/kelpdao-bridge-exploit-drains-13b-from-defi-markets-in-two-days/