Aave V3 incurs bad debt after KelpDAO rsETH exploit

Aave’s V3 lending protocol on Ethereum is grappling with bad debt after an exploit involving KelpDAO’s rsETH liquid restaking token on April 18, 2026, prompted calls for users to withdraw assets.

On-chain security firm PeckShield first flagged the suspicious activity, which saw attackers manipulate the rsETH collateral value to borrow a significant amount of Wrapped Ether (WETH), according to a post-mortem analysis.

The vulnerability was not in Aave itself but in how KelpDAO’s rsETH token was integrated. Attackers were able to exploit a flaw in the rsETH contract, use the compromised token as collateral on Aave, and borrow WETH without sufficient backing, leaving the lending pool with a shortfall. Data from DefiLlama shows Aave's total value locked on Ethereum stands at over $5 billion.

The exploit forces a critical test for Aave’s governance and its Safety Module, which may be used to cover the losses. This incident could trigger a broader re-evaluation of the risks associated with newly listed liquid restaking tokens across major DeFi lending platforms like Compound and MakerDAO.

The immediate fallout from the exploit has been a warning from Aave Chan founder Marc Zeller, who urged WETH suppliers on the V3 market to withdraw their assets. This is a precautionary measure as the protocol works to contain the financial damage and prevent further losses. The price of Aave’s native token, AAVE, saw a decline in the hours following the news.

Liquid restaking, a nascent but fast-growing sector of DeFi pioneered by protocols like EigenLayer, allows users to secure other networks with their staked Ether. This event highlights the potential security vulnerabilities when these complex, multi-layered tokens are integrated into established lending protocols. The security of the underlying restaking strategy and the oracle pricing mechanism are now under intense scrutiny.

Aave’s governance forum is now the focal point for the community, where a proposal to use the Safety Module to recapitalize the protocol is expected. The Safety Module is a dedicated pool of AAVE tokens staked by users to act as insurance against shortfall events. The outcome of this process will be a key indicator of the protocol's resilience and its ability to manage risk.

This article is for informational purposes only and does not constitute investment advice.