Aave's CEO Defends Protocol After $8.45 Billion Bank Run

Aave's CEO defends the platform's resilience following an $8.45 billion bank run triggered by a major exploit, attributing vulnerabilities to external factors.

FinanceShareShare this articleCopy linkX (Twitter)LinkedIn Facebook EmailAave's CEO Addresses Protocol's Strength Following $8.45 Billion Withdrawal Crisis

The founder of the leading DeFi platform attributed vulnerabilities in decentralized finance to "third-party” entities, while independent analysis reveals significant weaknesses in Aave’s risk management.

By Olivier Acuna|Edited by Jamie Crawley Jun 8, 2026, 3:17 p.m. 3 min readMake preferred on Stani Kulechov, CEO and founder of Aave Labs, used the Proof of Talk forum to shift blame away from the DeFi exploit that led to significant withdrawals, attributing it to external parties. (Olivier Acuna/CoinDesk)

Key Highlights:

An exploit of KelpDAO’s LayerZero bridge costing $292 million in April 2026 triggered a massive $8.45 billion deposit run on Aave within 48 hours, revealing vulnerabilities in major DeFi platforms.
Aave managed to endure this crisis through a frantic $300 million emergency bailout, which included 25,000 ETH from the Aave DAO and 5,000 ETH from founder Stani Kulechov, despite his claims that the situation demonstrated the protocol’s resilience.
To mitigate future risks, Aave is set to implement a V4 upgrade that will transition from pooled token design to a modular hub-and-spoke system, aimed at localizing risk and enabling the freezing of specific collateral lines to avert contagion from bridge failures.

The decentralized finance sector (DeFi) is in the process of recovery following a series of sophisticated attacks that have sparked a robust discussion about the ability of public blockchain protocols to manage systemic risks effectively.

The situation escalated in April 2026 when the $292 million attack on KelpDAO’s LayerZero bridge prompted an unprecedented $8.45 billion deposit run on Aave, the largest decentralized lending platform, with massive withdrawals occurring in just 48 hours.

Stani Kulechov, the founder and CEO of Aave Labs, defended the platform's mathematical advantages over traditional financial systems at the Proof of Talk forum in Paris last week. Instead of addressing the operational failures that led to a liquidity crisis threatening Aave’s stability, Kulechov framed the significant capital outflow as evidence of the network’s "resilience."

He stated, "Aave's existing V3 infrastructure has seen multiple market cycles," and added, "Aave has been really resilient during really turbulent times."

However, a detailed examination of the crisis reveals that Aave’s survival was less about its autonomous design and more about a frantic, human-led $300 million emergency bailout. This recovery effort included a pledge of 25,000 ETH from the Aave DAO and a personal contribution of 5,000 ETH (valued at $8.4 million) from Kulechov himself to avert disaster.

Shifting Responsibility

Kulechov distinguished between the core smart contract code and the external infrastructure failures affecting the broader market.

He stated, "When it comes to development, there are very few, if any, issues in DeFi protocols' smart contracts generally. It's actually the third-party dependencies related to more traditional security that might impact the DeFi space, as we've seen recently."

While this is technically accurate, the April hack originated from an RPC-spoofing and DDoS attack on LayerZero’s verifier nodes at KelpDAO, rather than an issue within Aave's code. Analysts have suggested that Kulechov’s defense glosses over a more severe reality.

Blockchain risk modeling firm LlamaRisk later disclosed that hackers exploited the vulnerability to mint worthless collateral, deposit it into Aave, and then drain legitimate wrapped Ether (wETH), leaving Aave V3 with an estimated $123.7 million in bad debt. Additionally, banking analysts at the Bank Policy Institute highlighted that Aave's insufficient insurance revealed how DeFi platforms are susceptible to bank runs, negatively impacting their users.

Plans for V4

Kulechov acknowledged that the architectural risks posed by contagion necessitate a comprehensive redesign. To avoid future bridge failures from instigating systemic deposit runs, he indicated that Aave Labs is planning to overhaul its risk management with the upcoming V4 upgrade.

Kulechov elaborated that this upgrade will introduce a modular "hub-and-spoke" system, replacing traditional token pooling, which will empower the core protocol to autonomously apply localized risk premiums and freeze particular collateral lines before contagion can reach primary lending reserves.

He concluded, "When you have a completely auditable and public system, anyone can inspect the code and conduct various types of risk analysis. I believe that is key to building resilient software."

Whether institutional investors will continue to overlook these multi-billion dollar "stress tests" while awaiting the launch of V4 remains a critical question for the mainstream future of DeFi.

DeFi Hack