Aave Sees $300 Million Surge in Borrowing Amid Liquidity Crisis Following KelpDAO Hack

The repercussions of the KelpDAO hack on Saturday are having a profound impact on stablecoin markets in unforeseen ways. According to Chaos Labs data, within the first 24 hours following the attack, Aave users borrowed approximately $300 million against their USDT deposits, valued at around $1.0002, on the platform. This borrowing surge is not driven by demand but rather by users' inability to withdraw their funds due to maxed-out stablecoin pools. As a result, depositors are being forced to take out loans against their own assets at a loss, simply to access liquidity. This desperate measure for liquidity is akin to customers taking out loans on their deposits from a bank that refuses to process their withdrawal requests. The head of strategy at Spark, a rival DeFi lending platform, monetsupply.eth, noted, 'We're now seeing some negative secondary effects of illiquidity in Aave stablecoin markets. Because users can't withdraw due to 100% utilization, there has been a ~$300 million increase in borrowing with USDT collateral in just the past day since the rsETH exploit.' To comprehend how a single exploit on KelpDAO led to a simultaneous lock on every stablecoin exit on Aave, it's essential to understand the system's intended functionality and where it failed. Aave is a decentralized finance protocol that enables users to lend and borrow cryptocurrencies without intermediaries, operating entirely on code on a public blockchain. Users deposit assets into lending pools to earn interest, while others borrow from these pools by posting crypto assets as collateral. The system is designed to self-correct through interest rates, but it relies on the core assumption that there is always sufficient liquidity for lenders to withdraw their deposits and for borrowers to unwind their positions. When this assumption breaks down, the entire system fails, which is what occurred after the KelpDAO exploit. The exploit involved rsETH, a liquid re-staking ether token issued by KelpDAO, which was manipulated by an attacker to release 116,500 rsETH, roughly 18% of the token's circulating supply, worth approximately $292 million. These fake tokens were deposited into lending protocols, mostly Aave, to borrow real ETH and other assets, causing a chain reaction that led to the $300 million borrowing surge. Aave froze rsETH markets on V3 and V4, stopping the immediate damage but also triggering the chain reaction that produced the borrowing surge. The exploit news led to whales and big funds withdrawing billions of dollars worth of cryptocurrencies from Aave's liquidity pools, draining liquidity pools and causing utilization rates to reach 100%. This spread to USDT and USDC pools, with over $6 billion in assets leaving the protocol within hours. Trapped depositors, unable to withdraw their money, resorted to borrowing against their locked deposits, accepting significant losses, simply to extract any liquidity from the system. This desperate act of borrowing against their own money at a loss has reduced liquidity in other markets, with USDC and USDe markets now at 100% utilization. The incident highlights that 'decentralized' does not mean 'without risk' in the DeFi space.