DeFi 借貸協議 Aave 在 KelpDAO rsETH 遭駭後陷入提款危機

📄完整原文· 由 trafilatura 自動擷取4725 字

Aave, one of DeFi’s largest lending protocols, is managing a liquidity crisis and an estimated $177 million to $200 million in bad debt after attackers siphoned 116,500 rsETH from Kelp’s bridge on Saturday, deposited the tokens on Aave V3 as collateral, and borrowed wrapped ether (WETH) against them. DeFi Lender Aave Battles Withdrawal Crisis After KelpDAO rsETH Exploit Key Takeaways: - Attackers obtained 116,500 rsETH from Kelp’s bridge on April 18, 2026, and deposited the tokens on Aave V3 as collateral to borrow wrapped ether (WETH). - Aave’s WETH pool hit 100% utilization as $5.4B+ in outflows pushed TVL down 24.11%, with AAVE token falling 17.7% on April 19. - Aave’s Umbrella backstop is expected to cover an estimated $177M–$200M in bad debt, with the project confirming the protocol’s contracts were not exploited. Aave WETH Pool Hits 100% Utilization After rsETH Exploit Leaves $200M in Bad Debt Once KelpDAO paused rsETH contracts in response to the exploit, the collateral backing those borrow positions became worthless. The loans could no longer be liquidated in any meaningful way, leaving Aave holding bad debt across its WETH reserves. Estimates place total borrowed value across Aave and smaller exposures on Compound and Euler at up to $200 million or more. Aave confirmed the protocol’s own contracts were not exploited. “Aave’s contracts have not been exploited,” the project’s X account stated, describing the event as an issue tied to rsETH. The team froze rsETH markets on Aave V3 and V4, removed borrowing power against that collateral, and set loan-to-value ratios to zero in affected deployments. Aave founder Stani Kulechov stated: “rsETH has been frozen on Aave V3 and V4, the asset does not have any borrowing power as a measure due to KelpDAO bridge exploit that happened outside of Aave. Both Aave V3 and V4 does not have further exposure to rsETH.” The freeze stopped new activity against rsETH, but it did not stop users from trying to exit the protocol entirely. The fear of bad debt spillover set off a wave of withdrawals that hit Aave’s ETH and WETH pools with force. Outflows in ETH and WETH reportedly reached $5.4 billion within hours. As capital drained out, several reports said pool utilization in the WETH market climbed to 100%. At that level, no liquidity remains in the pool for suppliers to redeem against. When a pool runs at full utilization on Aave, withdrawals stop working. Suppliers who want to exit cannot, because the protocol can only fulfill redemptions from liquidity that is sitting idle in the pool. With borrowers holding nearly everything, there is nothing left to pull. Stablecoin pools felt pressure from the same dynamic. While USDC and USDT reserves had no direct exposure to rsETH, the broader exit pushed utilization in some stablecoin markets to high levels on certain deployments. Users reported failed and delayed withdrawals across those markets as available liquidity thinned out. Aave’s total value locked (TVL) dropped from approximately $26.4 billion to $19.776 billion. Defillama data shows a 24.11% TVL decline as of April 19. The AAVE token fell 17.7% on the same day, according to market data, as holders priced in bad debt uncertainty and the mechanics of what an Umbrella activation might mean for staked positions. Aave’s Umbrella system is the protocol’s built-in backstop for exactly this kind of event. If bad debt is confirmed, the mechanism can draw on reserves and, depending on the situation, may involve slashing staked AAVE to cover the deficit. The precise impact on depositors is still being determined. Other protocols connected to overlapping liquidity pools, including Sparklend, as reported rate spikes and temporary pauses as capital shifted away from affected markets. ZachXBT Flags $280M+ KelpDAO Exploit Hitting Ethereum DeFi Lending Markets ZachXBT Flags $280M+ KelpDAO Exploit Hitting Ethereum DeFi Lending Markets An attacker reportedly exploited a vulnerability in KelpDAO's rsETH liquid restaking token on April 18, 2026, draining an estimated $280… Read NowAn attacker reportedly exploited a vulnerability in KelpDAO's rsETH liquid restaking token on April 18, 2026, draining an estimated $280… As of April 19, no new exploits or expansions of the incident have been reported. ETH pool utilization remains elevated, and full withdrawal access depends on either panic subsiding organically or the Umbrella mechanism settling the bad debt and restoring confidence in the reserves. The protocol’s next steps likely center on completing a bad debt review, issuing a formal Umbrella resolution, and monitoring whether outflows stabilize as markets absorb the full picture of what the KelpDAO incident left behind.

資料狀態✓ 已擷取全文閱讀原文（Bitcoin.com）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-18

在 KelpDAO rsETH 遭駭後，Aave WETH 供應商被敦促提款

相似度 280%關鍵字 aave/exploit/rseth

2026-04-22

Aave 存款減少 150 億美元，Kelp 漏洞引發 DeFi 借貸平台資金出逃

相似度 230%關鍵字 defi/aave/exploit

2026-04-20

在 Kelp DAO 橋接漏洞引發 DeFi 混亂後，Aave 可能面臨高達 2.3 億美元的損失

相似度 230%關鍵字 defi/aave/exploit

2026-04-20

KelpDAO 遭駭震盪借貸市場，DeFi 生態系 140 億美元蒸發

相似度 230%關鍵字 defi/kelpdao/exploit

2026-04-20

KelpDAO 遭駭後，前 20 大鏈上的 DeFi TVL 皆出現下滑

相似度 230%關鍵字 defi/kelpdao/exploit

2026-04-20

晨間快訊：KelpDAO 遭 2.92 億美元駭客攻擊，DeFi 前景引發質疑

相似度 230%關鍵字 defi/kelpdao/exploit

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：d2f4552e9d

來源：Bitcoin.com

發佈：2026-04-19 16:05:45

分類：一般 · 導出分類 neutral

標的：未指定

社群投票：+0 / −0 · ⭐ 0 重要 · 💬 0 留言