news.bitcoin.com
The KelpDAO exploit allowed an attacker to siphon unbacked rsETH tokens and deposit them into Aave, triggering one of the sharpest liquidity contractions in recent DeFi history, according to the latest Cryptoquant report dubbed the “ DeFi Contagion.”
Key Takeaways:
- The KelpDAO exploit on April 18, 2026, exposed Aave to an estimated $124M-$230M in bad debt within 72 hours.
- Aave’s total value locked fell 33%, shedding billions, with $USDT and $USDC borrow rates hitting 14%.
- $USDe supply shed $800 million in three days, signaling continued DeFi liquidity stress across major protocols.
KelpDAO rsETH Hack Triggers Multi-Billion-Dollar Liquidity Drain on Aave
According to Cryptoquant’s assessment of the situation, the attacker used the drained uncollateralized rsETH to exchange for WETH and stablecoins on Aave, exploiting a critical vulnerability in KelpDAO’s infrastructure. The attack quickly rippled across the broader DeFi ecosystem.
Cryptoquant researchers found that Aave’s aETHrsETH contract holds approximately 83% of all rsETH circulating supply, making it the single most exposed protocol to the hack. The firm estimates Aave now carries between $124 million and $230 million in potential bad debt tied to depegged rsETH collateral.
Aave’s total value locked (TVL) dropped massively in the 72 hours following the exploit, a 33% drop that Cryptoquant described as one of the sharpest protocol-level liquidity contractions in recent DeFi history.
Borrowing rates across Aave’s three largest markets reflected the pressure immediately. Cryptoquant data shows $USDT and $USDC borrow rates on Aave V3 jumped from 3.4% to 14% as users rushed to borrow stablecoins and exit the protocol. Before the hack, those rates had held steady at 3.4%, consistent with normal DeFi lending conditions.
$ETH borrowing rates on Aave V3 climbed to 8%, the highest reading Cryptoquant has recorded since at least January 2024. Rates later stabilized near 5%, still more than double the pre-hack level of 2%.
The simultaneous rate spike across $ETH, $USDC, and $USDT signals system-wide stress rather than isolated market movement, according to the Cryptoquant report. $ETH, $USDC, and $USDT are Aave’s three largest markets by total value locked.
Cryptoquant researchers described the dynamics as a classic DeFi liquidity crunch: depositors withdrawing while borrowers increase demand at the same time, leaving available liquidity to fall rapidly and interest rates to reset higher. As of the report date, rates remain elevated above pre-hack levels.
The yield-bearing stablecoin, $USDe, the fourth-largest asset on Aave with $412 million in protocol deposits, also saw significant pressure. Cryptoquant tracked a net collapse in $USDe minting activity in the days following the hack, driven by both contagion from the Aave crisis and persistently negative $ETH and BTC perpetual futures funding rates.
$USDe’s total supply fell from $5.8 billion to $5 billion in three days, a decline of $800 million or 14%. Cryptoquant called it one of the largest short-term redemption events in $USDe’s history.
As one of the largest stablecoins globally behind only $USDT, $USDC, USDS, and DAI, $USDe’s contraction points to a meaningful withdrawal of liquidity from the broader DeFi ecosystem, the firm noted.
Negative perpetual funding rates compressed $USDe’s delta-neutral yield during this period, accelerating redemption incentives for holders. Cryptoquant explained that the combination of hack-driven risk-off behavior and structural funding rate pressure marks a significant deterioration in DeFi market conditions.
The latest Cryptoquant report highlights the systemic risk of concentrated collateral exposure in DeFi lending protocols, noting that Aave‘s outsized rsETH position amplified contagion far beyond the initial exploit.