KelpDAO Exploit Exposes Cross-Protocol Risks in Aave

The recent KelpDAO exploit has highlighted the risks associated with cross-protocol dependencies in decentralized finance (DeFi) systems. On January 10, an attacker exploited a bridge vulnerability to mint nearly 18% of the circulating supply of rsETH, worth approximately $293 million.

The unbacked tokens then entered Aave V3, enabling large WETH borrowing and creating bad debt risk estimated between $177 million and $290 million. In response, Aave's founder, Stani Kulechov, confirmed that the protocol froze rsETH markets across V3 and V4 to contain the impact.

This decision isolated the effect of the exploit, preventing further exposure within the protocol. However, it also shifted the system into assessment mode, requiring teams to review post-exploit borrowers for potential bad debt.