|
A $292 million exploit froze $26 billion in deposits. The collateral was fake. The concentration was real.
Decentralised lending runs on shared pools. Lenders deposit assets and earn interest. Borrowers lock up collateral worth more than they borrow. So, if a borrower defaults, the protocol sells the collateral. The catch: if every token in a pool has been lent out, lenders cannot withdraw until borrowers repay.
On April 18, attackers exploited Kelp DAO’s cross-chain bridge to mint 116,500 rsETH on Ethereum, without locking any real value behind them. The bridge had a single point of failure: one verifier node, operated by LayerZero Labs, with no independent check despite the promise of decentralisation. The fabricated tokens looked identical to real ones.
The attacker deposited them on Aave, the largest decentralised lending protocol ($26.4B in deposits), and borrowed $193 million in real Ether against worthless collateral. That $193 million is now bad debt. Aave’s safety reserve covers $54 million, roughly a quarter. The rest falls to token holders or depositors.
Why it became a system-wide crisis
Before the exploit, 98.5% of all collateral backing Ether loans on Aave was the same asset class: staking derivatives. When the collateral collapsed, there was nothing to diversify against.
Large holders withdrew billions within hours, pushing pools to 100% utilisation: fully lent out, no withdrawals possible. Locked lenders borrowed stablecoins against their frozen positions, draining USDC and USDT pools too. A restaking token problem froze dollar-denominated pools with no connection to it. The contagion crossed blockchains: Solana’s Kamino Finance saw stablecoin pools freeze.
|
|
Source: Chainalysis, Immunefi, CoinDesk, Halborn · As of April 2026
|
| |
Where capital is moving
Aave’s market share fell from 68% to 61% in four days. SparkLend (which removed rsETH in January) took in $1.8B. Protocols like Morpho, which isolate each collateral type so failures cannot cascade, are gaining ground.
Fireblocks issued internal guidance on restaking exposure. Custodians suspended new liquid-restaking collateral inflows. The conversation has shifted from whether decentralised lending can scale to whether it can be underwritten.
|
%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%20295.5%20295.5'%20style='enable-background:new%200%200%20295.5%20295.5;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%23231F20;}%20%3c/style%3e%3ctitle%3eclock%20icon%3c/title%3e%3cpath%20class='st0'%20d='M268.8,147.7c0,66.9-54.2,121.1-121.1,121.1c-66.9,0-121.1-54.2-121.1-121.1S80.9,26.6,147.8,26.6V0%20C66.1,0,0,66.1,0,147.8s66.1,147.8,147.8,147.8s147.8-66.1,147.8-147.8c0,0,0,0,0,0H268.8z'/%3e%3cpolygon%20class='st0'%20points='134.4,80.6%20134.4,134.4%20134.4,147.8%20134.4,161.1%20187.8,161.1%20187.8,134.4%20161.1,134.4%20161.1,80.6%20'/%3e%3c/svg%3e)
4 min read
