cryptopolitan.com
Tydro, the Aave-powered lending protocol on Ink with $247 million in deposits, halted all markets on May 4 after detecting problems with a third-party oracle provider. The shutdown comes barely two weeks after Tydro contributed to coordinated relief efforts for Aave following the $290 million KelpDAO exploit that affected the protocol.
Tydro posted on X that it was “temporarily pausing all markets out of an abundance of caution following reports of issues with a third-party oracle,” adding that user funds remained safe.
However, it did not provide a timeline for the restoration.
How did Tydro move from rescuer to rescued?
On April 23, Tydro and the Ink Foundation announced they were joining Aave and other ecosystem participants in a “coordinated DeFi relief effort” to help parties affected by the KelpDAO rsETH exploit and “support an orderly resolution for lenders and mitigate bad debt,” according to Tydro’s post at the time.
That exploit, which saw around $290 million drained through uncollateralized rsETH tokens minted via a KelpDAO bridge vulnerability on April 18. The incident triggered over $15.1 billion in outflows from Aave over three and a half days. Aave saw its deposits fall from $48.5 billion to $30.7 billion as users fled to competing platforms such as Spark.
Tydro, which describes itself as “a non-custodial lending protocol for onchain capital markets, powered by Aave and built on Ink,” now faces headaches of its own, even though it did not confirm if it was exploited or not.
Currently, Tydro holds over $206.7 million in active loans and generated over $943,000 in fees over the past 30 days, per DeFiLlama data.
Has Aave recovered from the April exploit?
Aave itself is yet to fully recover from the April exploit fallout. On the same day Tydro went dark, Aave LLC filed an emergency motion to vacate a restraining notice served on Arbitrum DAO on May 1 that “attempts to seize approximately $71 million in ETH belonging to victims of the April 18 exploit,” according to the protocol’s post on X.
The plaintiffs who filed the restraining order claim the thief is linked to North Korea and the funds seized thereby already belong to North Korea, against whom they already have grievances.
Aave disputes this position, stating, “A thief does not gain lawful ownership of stolen property simply by taking it, and the law is clear on this.” It wrote, “Those assets were recovered to be returned to users victimized in the April 18, 2026 exploit. Freezing them harms the very people this recovery effort is designed to protect.”
Tydro users, on the other hand, are still in the dark on how long markets will remain frozen and whether the oracle issue has exposed any positions to liquidation risk. For now, all they have to go on is that the protocol said it is “actively investigating.”