Aave Suffers Massive TVL Collapse Following KelpDAO Security Breach

Aave, a leading DeFi lending protocol, has faced a significant setback after experiencing a $15 billion reduction in total value locked (TVL) within just four days.

The collapse is attributed to a security breach tied to KelpDAO, which exploited a vulnerability in its rsETH bridging infrastructure. The malicious actor created fraudulent collateral tokens, borrowed legitimate ETH from Aave's liquidity pools, and withdrew the funds, leaving behind bad debt estimated at $196 million to $280 million.

Prior to the April 18 security incident, Aave held approximately $48.5 billion in aggregate deposits. By April 22, this amount had decreased sharply to around $30.7 billion. Total outflows exceeded $16.2 billion, erasing more than a third of the platform's deposit base.

SparkLend, another DeFi lending protocol, emerged as a beneficiary of the capital flight, with its TVL increasing to $3.2 billion and absorbing around $1.3 billion in fresh deposits over the same period.