Yahoo

    Aave Tested by Major DeFi Crisis — Dragonfly Says It Isn’t Cracking Yet

    Aave Tested by Major DeFi Crisis — Dragonfly Says It Isn’t Cracking Yet. Credit: CCN
    Aave Tested by Major DeFi Crisis — Dragonfly Says It Isn’t Cracking Yet. Credit: CCN
    Prashant Jha
    4 min read
    Explore cryptocurrencies on Coinbase

    Key Takeaways

    • Dragonfly’s Haseeb Qureshi says Aave has enough capital to absorb bad debt from the rsETH hack without breaking.

    • A $292 million KelpDAO exploit involving unbacked rsETH triggered panic withdrawals, draining nearly $8 billion from Aave’s TVL in days.

    • Arbitrum’s Security Council froze $100M (30k ETH) of stolen funds using emergency powers.

    Decentralized finance (DeFi) is once again under pressure following a major exploit on KelpDAO’s rsETH bridge.

    The attack, which drained roughly $292–293 million in unbacked rsETH tokens, quickly spilled into Aave , one of the largest lending protocols in the ecosystem.

    While user withdrawals triggered a sharp drop in Aave’s total value locked (TVL), a prominent venture capital investor is pushing back against concerns, arguing the protocol remains resilient.

    Dragonfly’s Vote of Confidence: Aave Can Absorb the Bad Debt

    Dragonfly Capital Managing Partner Haseeb Qureshi offered a measured but optimistic assessment in a widely shared statement.

    Drawing comparisons to past DeFi shocks—including the 2020 liquidation cascade, the 2022 Terra-Luna collapse, and the stETH depeg—he argued that such events have historically strengthened the ecosystem.

    “DeFi has withstood severe shocks,” he noted, adding that protocols evolve through “repeated corrections,” much like traditional finance over time.

    Crucially, Qureshi does not view the current situation as systemic.

    He pointed to Aave’s capital reserves, saying the protocol “has enough capital to absorb bad debt” without breaking.

    “The important thing is that these failures are not fatal. The heart of DeFi is risk-averse and robust. AAVE might take on some bad debt, but it has the equity to pay it. DeFi isn’t going away. And seeing the vigorous debate around how to improve it is exactly the process by which it keeps getting better.”

    His comments come as Aave deals with an estimated $177–236 million in bad debt after attackers used stolen rsETH as collateral to borrow wrapped ETH (WETH) across V3 and V4 markets.

    Aave moved quickly, freezing rsETH markets on both versions to prevent further borrowing.

    Founder Stani Kulechov also clarified that Aave’s smart contracts were not exploited—the issue originated from KelpDAO’s LayerZero-powered bridge.

    Fallout From the KelpDAO Hack: $8 Billion Leaves Aave

    The exploit unfolded on April 18, 2026.

    Attackers exploited KelpDAO’s cross-chain bridge to mint 116,500 rsETH (about 18% of the circulating supply) without proper backing.

    Valued at roughly $292–293 million, those tokens were quickly deposited as collateral on Aave and other lending platforms.

    Borrowers then withdrew large amounts of WETH, leaving Aave exposed to positions  that could not be liquidated once rsETH lost credibility.

    Within 48 hours, withdrawals accelerated sharply.

    Data from DeFiLlama shows Aave’s TVL dropping from about $26.4 billion to $18.6 billion—a decline of nearly $8 billion.

    This contributed to a broader $13 billion drop in total DeFi TVL, which fell from $99.5 billion to around $86.3 billion.

    The AAVE token also declined by roughly 16–20% during the period.

    Liquidity stress followed. Some pools reached near-100% utilization, temporarily limiting withdrawals.

    Other protocols, including SparkLend, Fluid, and Curve, paused related activity, amplifying the impact across Ethereum and Layer-2 networks.

    Analysts describe this as a “collateral contagion” event: a failure in one asset turned it into toxic collateral, exposing how interconnected DeFi systems can amplify risk.

    Arbitrum Moves Fast: $100 Million in Stolen Funds Frozen

    Arbitrum responded quickly.

    The network’s Security Council used emergency powers to freeze 30,766 ETH (worth about $100 million) linked to the attacker.

    Arbitrum moved the funds to a secure intermediary wallet, effectively removing a large portion of the stolen assets from circulation on Arbitrum.

    The action targeted wallets tied to the exploit and, according to some observers, showed patterns consistent with past attacks linked to the Lazarus Group.

    By acting quickly, Arbitrum limited further movement or laundering of the funds, giving protocols and investigators more time to respond.

    A Stress Test for DeFi

    The KelpDAO rsETH exploit stands as one of the largest DeFi incidents of 2026 and reinforces ongoing concerns around bridge security and collateral risk.

    At the same time, the response from Aave’s market controls to Arbitrum’s intervention shows how the ecosystem is evolving.

    Combined with reassurances from investors like Dragonfly, the episode suggests DeFi may be better positioned than in previous cycles to absorb shocks, even as risks remain.

    Top Trending Crypto Articles

    The post Aave Tested by Major DeFi Crisis — Dragonfly Says It Isn’t Cracking Yet appeared first on ccn.com .

    Terms and Privacy Policy
    Your Privacy Choices
    More Info

    Recommended Stories

    Mobilize your Website
    View Site in Mobile | Classic
    Share by: