Billions of dollars lost in Aave... DeFi collateral risks exposed by bridge attack

AAVE has seen a massive outflow of funds. This is not due to a hacker attack, but rather is affected by external “bridge attacks,” with liquidity withdrawals on the scale of tens of billions of dollars occurring in just one day, again highlighting the structural risks across DeFi.

As of the 18th, AAVE’s total value locked (TVL) stood at 26.4 billion dollars (about 38.7499 trillion KRW), but during the weekend it plunged sharply to around 20 billion dollars (about 29.356 trillion KRW). In the same period, the AAVE token price fell 16% to $92, and liquidations surged, causing daily fees to spike to $1.99 million (about 2.92 billion KRW).

“Chain-reaction risks” triggered by bridge attacks

The root cause of this incident was a cross-chain bridge attack on the liquidity staking protocol Kelp. After the attacker stole about 116.5k rsETH (about $292 million), they deposited it as collateral into AAVE V3 and borrowed wrapped ether (WETH) using the wrapped asset.

According to on-chain data, only on the AAVE platform about $196 million (about 2876 billion KRW) was borrowed; if Compound and Euler are included, the total risk exposure reaches about $236 million.

The issue is not with AAVE itself, but with the “collateral structure.” Although rsETH is a token based on Ethereum staked assets, this attack effectively damaged the underlying base assets of the collateral.

“Protocol security”… but depositors are uneasy

AAVE founder Stani Kulechov emphasized that “the smart contract was not compromised,” but the market response has been lukewarm. Because even if the problem originates externally, the structure that allows this asset to be used as collateral in the first place already constitutes a risk.

Initially, it was stated that any deficit would be filled using the “Umbrella Reserve,” but later remarks eased to “we are studying loss compensation options.” This suggests uncertainty about the actual size of the losses and/or the ability to compensate them.

Especially since about 39% of AAVE loans are made up of WETH, this attack directly hit the most core “collateral–loan structure.”

Liquidity staking—an underestimated risk

Liquidity staking tokens such as rsETH have expanded rapidly thanks to high yield and have been widely adopted as collateral across major DeFi protocols.

However, the market’s risk model only accounts for the degree of “de-pegging (price deviation),” and fails to reflect extreme cases in which the collateral value approaches zero due to bridge attacks.

Trader Altcoin Sherpa noted: “AAVE is the core infrastructure of DeFi. The exposure of contagion risk here reveals the fragility of the entire system.”

The key is whether “the loopholes can be patched”

The current focus in the market is very clear: whether AAVE’s reserve funds can sufficiently cover the losses, and whether the stkAAVE stakers who support it will actually bear the burden.

This incident is not only a problem for a single protocol; it also reveals the overall structural risk in DeFi created by the “bridge–collateral–loan” chain. Based on AAVE’s outcome in handling the situation, it may have spillover effects on other protocols with similar structures.

TP AI note: Matters needing attention: An article was summarized using a language model based on TokenPost.ai. The main content may be omitted or may differ from the facts.