Aave has experienced a withdrawal of $8.45 billion without compromising the core functionality of the agreement

After KelpDAO's rsETH cross chain bridge was attacked in April 2026, Aave experienced a withdrawal of $8.45 billion in funds, and the core functions of the protocol did not malfunction. KelpDAO's LayerZero cross chain bridge was attacked, resulting in the theft of $292 million rsETH, raising concerns in the market about the value and solvency of rsETH collateral. The Aave risk management team has initiated an emergency freeze and parameter adjustment mechanism to limit the spread of risks. Aave founder Stani Kulechov believes that protocols operate as designed under extreme pressure. Independent analysts pointed out that the incident exposed the concentration risk, liquidity risk, and contagion risk brought by the highly interconnected protocols in the DeFi lending system. Aave controls risks through loan to value (LTV) limits, liquidation thresholds, supply limits, borrowing limits, Isolation Mode, E-Mode, and governance mechanisms.