For years, DeFi users have been saying, "Just use Aave." With a total value locked (TVL) exceeding $26 billion, numerous audits, and a well-established risk management system, the protocol seemed like a "safe haven." However, on April 18, the long-standing reputation of the project, which had already been marred by various conflicts and disagreements, took a serious hit: hackers stole $293 million from the Kelp DAO liquid restaking protocol and blocked Aave users' funds within a day.
Let’s explore how this happened, why the $55 million insurance from Umbrella might not be enough, and whether safe places exist in DeFi.
How Hackers Breached Kelp DAO
On April 18, attackers extracted 116,500 rsETH worth $293 million through the Kelp DAO cross-chain bridge based on LayerZero. The attack is preliminarily linked to the North Korean group TraderTraitor, a division of the Lazarus Group, which is responsible for hacks on Bybit ($1.5 billion), Ronin ($625 million), and Drift Protocol ($280 million).
The attack scheme was multi-layered. The hackers gained access to the RPC server list used by the decentralized verified network (DVN) of LayerZero Labs. They then compromised two of these servers by installing modified versions of op-geth. Simultaneously, they launched a DDoS attack on the "clean" servers to force the system to switch to the poisoned nodes.
According to LayerZero's description, the attackers compromised two RPC servers and spoofed the responses visible only to the verifier, hiding traces from monitoring systems. After the attack, the malicious code self-destructed, deleting logs.
A key detail was Kelp's security configuration. The protocol used a 1/1 DVN scheme — a single verifier without redundancy. LayerZero had recommended that all integrators use a multi-DVN setup, but Kelp ignored these recommendations. With multi-verification, the fake cross-chain message would have failed verification: independent DVNs would have rejected it.
"Exploiting a single point of failure meant that an independent verifier could not intercept and reject the forgery. LayerZero and other parties had previously informed the project about best practices for diversifying DVNs. Despite these recommendations, Kelp opted for the 1/1 DVN scheme," emphasized LayerZero Labs.
Dragonfly Capital partner Hasib Qureshi pointed out a contradiction in LayerZero's position: the protocol is shirking responsibility, even though LayerZero Labs operated the compromised DVN.
The Kelp team responded 46 minutes after detecting suspicious activity. During this time, the attackers deposited the stolen tokens into Aave v3 as collateral and received wETH in return. They borrowed around $196 million directly on the platform, with their total positions in Aave, Compound, and Euler reaching approximately $236 million.
Impact on Aave
Within two days, the TVL of the largest lending protocol plummeted from $26.3 billion to $17.7 billion — investors withdrew over $8.6 billion. The price of the AAVE token dropped by 15% to $91, and the asset's market capitalization fell from $1.8 billion to $1.3 billion.
Data: DefiLlama.The pools of USDT and USDC in Aave v3 were completely depleted. Assets worth $5.1 billion were temporarily frozen — they can only be withdrawn after new liquidity flows in or loans are repaid. The rsETH markets are frozen in versions v3 and v4. Reserves of wETH are locked on Ethereum, Arbitrum, Base, Mantle, and Linea.
The freeze triggered a cascading effect. Users with frozen USDT deposits began borrowing against these funds in other pools — the volume of USDT-collateralized loans increased by $300 million in a single day. This led to a 100% utilization of the USDC and USDe markets.
we're now seeing some negative secondary effects of illiquidity in Aave stablecoin markets (in this example, Aave Core USDT on Ethereum)
— monetsupply.eth (@MonetSupply) April 19, 2026
because users can't withdraw due to 100% utilization, there has been a ~$300 million increase in borrowing with USDT collateral in just the… pic.twitter.com/ReGjGaIqAh
"Aave should immediately prohibit new loans against illiquid collateral — for example, set LTV=0 for USDT, USDC, and USDe on Aave Core or completely suspend loans," wrote the strategy director of a competing lending platform under the pseudonym monetsupply.eth.
First Disclosure from Umbrella
The Umbrella module is the updated Safety Module of the Aave protocol. Unlike the previous system, where slashing decisions were made through DAO voting, Umbrella operates automatically: when hopeless debt arises, the smart contract burns staked aTokens without delay.
Users stake tokens, earning protocol income plus additional rewards in GHO or AAVE. In return, they accept the risk of slashing — forced deductions to cover deficits.
At the time of the incident, approximately $55 million in ETH was staked in Umbrella. The Aave DAO treasury holds assets worth about $85 million, including $51 million in AAVE tokens. The old Safety Module had never activated slashing.
The Kelp case became the first real test of the mechanism. The Aave team initially stated that Umbrella would cover any deficit, then softened the wording to "exploring ways to compensate."
Who Will Foot the Bill?
The founder of DefiLlama under the pseudonym 0xngmi considered three possible outcomes.
Socialization of losses among all rsETH holders. In this case, the assets of each owner, according to the expert, would be "trimmed by 18.5%." Aave froze 666,000 rsETH, most positions at maximum leverage — close to the liquidation threshold (LTV 95%). Under "socialization of losses," the entire capital of these positions would be wiped out. This would create hopeless debt of about $216 million. Of this, Umbrella would cover $55 million, the DAO treasury — another $85 million. This leaves $76 million in uncovered losses.
Losses fall on L2-networks. Aave stated that rsETH on Ethereum is "fully collateralized." If the main network is not "trimmed," all the impact will fall on L2 users. According to calculations by monetsupply.eth, there is $361 million in rsETH on second-layer networks: Base — $71 million, Arbitrum — $152 million, Mantle — $116 million, Ink — $21 million, Linea — $1.4 million. Hopeless debt of $341 million would fall on wETH providers in these networks, and Umbrella would cover nothing — the module only works on Ethereum.
"Concentrating losses on external chains is the worst outcome for Aave. With a uniform distribution of losses, Umbrella would be activated for $50 million, and there would be a chance to use rsETH collateral on Aave Core for partial debt repayment. Losses on L2 networks would become manageable," believes monetsupply.eth.
Reverting to a snapshot before the hack. This technically complex option — funds were actively moved after the attack. The hacker borrowed $124 million on Ethereum and $18 million on Arbitrum. If only these amounts are returned, the total loss after Umbrella coverage would be $91 million.
Cascading Effects and the Search for a "Safe Haven"
The repercussions affected not only Aave. The TVL of the entire DeFi sector plummeted from $99.4 billion to $85.8 billion — a 12% drop in a single day.
Data: DefiLlama.The largest protocols lost: Lido — 2.26%, EigenLayer — 2.42%, Morpho — 7.51%, Ethena — 3.04%. Aave suffered the most — down 21.54%.
Some community members pointed to Morpho as a safe alternative, as the isolated markets of Morpho Blue allow for damage limitation to specific asset pairs.
Web3 researcher Vladimir Menaskop called this argument superficial. In his view, isolated markets do not eliminate risks — they change their form.
"Borrower risks in Morpho are not eliminated through isolated markets. They manifest in a different form: from technical aspects, we shift to economic ones. Markets are isolated at the smart contract level, but not at the level of asset interconnectedness, interactions with vaults, and exposure to different assets," believes Menaskop.
He described an attack vector specific to isolated markets. Each market in Morpho Blue is a pair of "collateral — loan." Liquidity is fragmented. To execute a liquidation, it is sufficient to manipulate the price of one of the two assets: drop the value of the collateral or raise the price of the borrowed asset.
"Isolation here works against you: since each market is independent? Yes. Thus, applying the scheme to one — you can apply it to another, to the next, until all markets are 'closed.' In global protection at the DAO level, protection engages immediately for all," explained Menaskop.
Morpho has already faced attacks: manipulation of the LP pool oracle Aerodrome, an exploit of $230,000 in 2024, and an incident with an MEV bot in April 2025.
Meanwhile, Morpho's TVL before the hack was $6 billion compared to Aave's $26 billion. A less liquid protocol is a less attractive target, but also a less resilient structure in the face of a serious attack.
Lessons for DeFi Users
The Kelp and Aave cases have exposed systemic risks that every DeFi participant should consider.
Cross-chain bridges remain a weak link. Kelp has confirmed once again: a single point of failure invites attack.
Pool lending creates a contagion effect. Toxic collateral in one pool blocks funds for all liquidity providers. Aave users who had no dealings with rsETH cannot withdraw their USDT and USDC.
Isolated markets protect against some risks while creating others. Morpho limits damage to specific pairs but fragments liquidity and opens vectors for economic attacks.
Diversification is basic hygiene. Menaskop described his own approach: entering a position with 1–3% of the portfolio and distributing assets among protocols.
Security is not a property of the protocol, but a process. Aave underwent audits by Certora, MixBytes, Ackee Blockchain, and StErMi. Kelp was also reviewed by specialists. LayerZero Labs maintained SOC2 and launched EDR on every device. None of this prevented the attack on the RPC server infrastructure.
"The loss will be significant not in terms of money, but in that there is now no tier-1 lending protocol," concluded Menaskop.
What’s Next?
The Aave team continues to explore compensation options. LayerZero is cooperating with law enforcement and tracking the stolen funds. Kelp DAO is determining the final distribution of losses.
The outcome will impact the future of the lending model in DeFi. If losses are socialized among all users, trust in pool protocols will be undermined.
The coming weeks will reveal how resilient the architecture of the largest DeFi protocols is to stress tests from real attacks and whether the market is willing to pay for these lessons.
Text: Sasha Kosovan