What to Know
- $300 millionin new Aave borrowing emerged within 24 hours of the KelpDAO exploit, not from demand, but from depositors unable to withdraw
- 116,500 rsETHworth approximately$292 millionwere fake tokens minted by the attacker and used as collateral to drain real assets from Aave
- $6 billionin liquidity fled Aave within hours as whales exited first, pushing USDT and USDC pool utilization to100%and locking everyone else inside
- Trapped depositors can exit only by borrowing against their own collateral at up to75% LTVaccepting a10-25% lossjust to free any cash
The Aave liquidity crunch triggered by Saturday’s KelpDAO exploit has produced one of DeFi’s most quietly brutal mechanics: depositors who cannot withdraw borrowing against their own trapped funds at a deliberate loss, just to get any money out at all. According to data from Chaos Labs, roughly$300 millionin new USDT-collateralized borrowing hit Aave in the single day following theApril 18attack, not because anyone wanted use, but because the exit doors were welded shut.
How the Aave Liquidity Crunch Began: The KelpDAO Bridge Exploit
The KelpDAO attack didn’t target Aave directly. That’s the detail that makes it so damaging. OnApril 18an attacker found a way to manipulate KelpDAO’s cross-chain bridge infrastructure into releasing116,500 rsETHa liquid re-staking token representing staked ETH positions, without any real backing behind them. That’s roughly18%of rsETH’s entire circulating supply, worth about$292 millionat the time of the attack.
Those counterfeit tokens were immediately deposited into lending protocols, primarilyAaveand used as collateral to borrow real assets: ETH, wETH, and stablecoins. Fake tokens in. Real money out. The attacker didn’t need to crack Aave’s code; they just needed the system to believe the collateral was legitimate, and it did.
Aave founder Stani Kulechov confirmed that Aave’s own contracts were never compromised. The protocol frozersETHmarkets on both V3 and V4 within hours of the exploit going public. That freeze stopped the active drain. But it also triggered a second crisis that nobody saw coming.
Whales Left First, and the Pool Ran Dry
When exploit news broke, large holders moved fast. Justin Sun, MEXC exchange, and other institutional-scale wallets began pulling funds from Aave almost immediately. Within hours, over$6 billionin assets had left the protocol, a withdrawal pace that no lending pool is built to absorb gracefully.
Aave’s liquidity pools work on a simple mechanic: depositors earn yield, borrowers pay interest, and the gap between total deposits and total loans is the “available liquidity”, the amount depositors can actually withdraw at any moment. When outflows eat through that buffer entirely, utilization hits100%and the exit is gone.
ETH markets hit100% utilizationfirst. Then the contagion spread to USDT and USDC pools. “When the rsETH exploit happened and AAVE incurred bad debt, whales like Justin Sun, MEXC exchange, and others immediately withdrew billions from AAVE,” crypto analyst Duo Nine said in a post-incident breakdown. “These markets are now also stuck with money locked.”
That [borrowed] WETH is gone. The rsETH holding its place in the vaults is worth whatever an unbacked claim is worth, approaching zero on the L2 side, where 20+ chains held bridged rsETH backed by a now-empty mainnet lockbox.
What Does the $300 Million Borrowing Surge Actually Mean?
Here’s the perverse logic that produced the$300 millionborrowing spike. Depositors stuck in maxed-out pools still have money in Aave, they just can’t withdraw it. Aave allows borrowing up to75% loan-to-valueagainst deposited collateral, so a user with$100,000in locked USDT can borrow$75,000in a moveable stablecoin.
That’s not a clever trade. That’s paying a10-25% tollto exit your own position. You’re accepting 75 cents on every dollar, leaving behind a debt that still earns interest, and walking away lighter than you walked in. The fact that$300 millionworth of people chose this option tells you exactly how desperate the situation became.
monetsupply.eth, pseudonymous head of strategy at Spark, a competing DeFi lending protocol, flagged the cascading effect this creates. Borrowing against locked USDT to access USDC doesn’t free the system; it just shifts the pressure. “With a 75% max LTV, users with stuck USDT deposits can take out up to 3/4 of the value of their Aave position. But this ends up reducing liquidity in other markets, with USDC and USDe markets now at 100% utilization as well,” they observed.
We’re now seeing some negative secondary effects of illiquidity in Aave stablecoin markets. Because users can’t withdraw due to 100% utilization, there has been a ~$300 million increase in borrowing with USDT collateral in just the past day since the rsETH exploit.
The Bank Run Analogy, And Why It Breaks Down
The comparison to a traditional bank run is almost accurate. A fractional reserve bank holds far less cash than it owes depositors, in a panic, the first people in line get paid and the last ones don’t. But banks have emergency mechanisms: central bank lending facilities, FDIC insurance, overnight repo markets, a phone call to a finance minister.
DeFi has code. Specifically, it has interest rate curves that are supposed to make borrowing expensive when utilization climbs high, which should attract fresh capital into the pool and naturally restore liquidity. The assumption baked into that mechanism is that utilization spikes are temporary noise. A coordinated$6 billionwithdrawal triggered by an external exploit is not noise, it’s a scenario the interest rate model doesn’t have a good answer for.
TheKelpDAO exploitdidn’t just steal money. It demonstrated that whale coordination during a crisis can overwhelm a DeFi protocol’s self-correction mechanisms entirely. Smart contracts can freeze bad collateral. They cannot freeze the panic response of the people holding good collateral.
Who Pays the Price When DeFi’s Exit Doors Close?
Not the whales. Justin Sun and MEXC got their money out in the first hours. The people paying the 25% haircut to escape are retail depositors, smaller funds, and anyone who wasn’t watching a Discord alert feed on a Saturday afternoon.
That asymmetry, between who gets out clean and who pays to leave, is the part of this story that deserves more scrutiny than it’s getting. The standard DeFi narrative says that smart contracts remove gatekeepers and give everyone equal access. What this week showed is that block-by-block on-chain execution speed still creates a tiered system: those with the fastest bots and the biggest positions move first, and everyone else absorbs the consequences.
Duo Nine put it plainly: “Some users decided to borrow against USDT/USDC and exit via other markets at a 10-25% loss. Basically you borrow GHO/DAI/USDe against your locked USDT/C.” He wasn’t describing a strategy. He was describing a distress exit. And$300 millionin distress exits is a number that should be uncomfortable for anyone who believes permissionless finance is categorically fairer than the alternative.
As whales took out their money, USDT and USDC also hit 100% utilization. These markets are now also stuck with money locked.
Frequently Asked Questions
What caused the Aave liquidity crunch in April 2026?
The KelpDAO exploit on April 18, 2026 triggered the crunch. An attacker released 116,500 fake rsETH tokens worth approximately $292 million and used them as Aave collateral to borrow real assets. News of the exploit caused large holders to withdraw over $6 billion from Aave, pushing stablecoin pool utilization to 100%.
Why can't Aave depositors withdraw their USDT and USDC?
When a lending pool hits 100% utilization, every deposited dollar has been borrowed out, nothing remains for withdrawals. The mass exit of large holders following the KelpDAO exploit drained Aave’s ETH, USDT, and USDC pools to that threshold, effectively locking remaining depositors inside the protocol.
What is the $300 million Aave borrowing spike?
Trapped depositors unable to withdraw their USDT began borrowing other stablecoins, GHO, DAI, USDe, against their locked holdings at up to 75% LTV. This created $300 million in new borrowing within 24 hours, not from demand for use, but from depositors accepting a 10-25% loss just to access any liquidity.
Was Aave hacked in the KelpDAO exploit?
No. Aave’s own smart contracts were not compromised. Aave founder Stani Kulechov confirmed the exploit originated externally through KelpDAO’s bridge infrastructure. Aave froze rsETH markets on V3 and V4 within hours, stopping further damage, but the liquidity crisis from mass withdrawals was already underway.
This article is for informational purposes only and does not constitute investment advice. Every investment and trading decision involves risk. Readers should conduct their own research before making any financial decisions.
100% utilization is wild, anyone checking what the supply APY spiked to during the peak? If it went parabolic that’s a red flag for whoever was late to withdraw.
the framing here bugs me a bit, calling depositors trapped when Aave’s mechanism is working exactly as designed. illiquidity during stress is a feature of the interest rate model, not some unique failure
saw this coming the second KelpDAO news hit. rsETH looped positions on Aave were a ticking bomb, 300M borrow surge is just the exit liquidity scramble playing out in real time
reminds me of the stETH depeg panic in June 2022, same playbook with looped staking derivatives. people never learn that recursive leverage on illiquid collateral blows up the moment the underlying wobbles, and the 10-25% loss quoted here is honestly lighter than what Celsius users ate
borrowing against your own funds at a loss is peak defi
did anyone actually get liquidated or were they just forced to eat the spread to exit? curious if the oracle held up through this or if there were any bad debt events on the E-Mode positions