Aave Sees $300 Million Surge in Borrowing Amid Liquidity Crisis Following KelpDAO Exploit

The aftermath of the KelpDAO hack has triggered a chain reaction in stablecoin markets, with users on Aave borrowing approximately $300 million against their USDT deposits in the first 24 hours following the attack, according to data from Chaos Labs. This borrowing surge is not driven by demand, but rather by users' inability to withdraw their funds due to maxed-out stablecoin pools. As a result, depositors are taking out loans against their own funds at a loss in order to access liquidity. This situation can be likened to a bank refusing to process customer fiat deposit withdrawal requests, prompting customers to take out loans on these deposits out of desperation. The head of strategy at Spark, a rival DeFi lending platform, noted that 'we're now seeing some negative secondary effects of illiquidity in Aave stablecoin markets.' The KelpDAO exploit has led to a ~$300 million increase in borrowing with USDT collateral in just one day. To understand how a single exploit on KelpDAO resulted in the simultaneous locking of every stablecoin exit on Aave, it's essential to comprehend how the system is designed to work and where it failed. Aave is a decentralized finance protocol that enables users to lend and borrow cryptocurrencies without intermediaries. It operates on the assumption that there is always sufficient liquidity for lenders to withdraw their deposits and for borrowers to unwind their positions. However, when this assumption breaks down, the entire system is affected. The KelpDAO exploit involved the manipulation of the protocol's bridge infrastructure, resulting in the release of 116,500 rsETH tokens, which were then used to borrow real ETH and other assets. The fake tokens were deposited into lending protocols, primarily Aave, to borrow against them. The borrowed assets are now gone, and the rsETH tokens holding their place in the vaults are essentially worthless. Aave froze rsETH markets on V3 and V4, stopping the bleeding but also triggering a chain reaction that led to the $300 million borrowing surge. When the exploit was discovered, large investors withdrew billions of dollars' worth of cryptocurrencies from Aave's liquidity pools, draining the pools and causing utilization rates to reach 100%. This meant that users could no longer withdraw their ETH, USDT, or USDC from Aave. Trapped depositors, unable to withdraw their money, began borrowing against their locked deposits, accepting significant losses in the process. This desperate act of borrowing against their own money has reduced liquidity in other markets, with USDC and USDe markets now also at 100% utilization. The incident highlights the risks associated with decentralized finance, demonstrating that 'decentralized' does not mean 'without risk.'