Aave TVL Plunges $6.28B After KelpDAO LayerZero Cross-Chain Hack

Aave's TVL plunged $6.28B after KelpDAO's LayerZero cross-chain bridge was compromised, exposing ~$292M in rsETH. Read how this DeFi hack affects liquidity.

Aave, one of the most trusted decentralized lending platforms in DeFi, experienced a dramatic outflow after a third-party cross-chain staking protocol was compromised. According to on-chain investigator LookonChain, Aave’s total value locked (TVL) dropped by $6.28 billion in under 48 hours following a hack on KelpDAO’s LayerZero-powered cross-chain bridge, which reportedly exposed about $292 million in rsETH.

The incident highlights the deep interdependence of cross-chain infrastructure and lending markets. Aave’s TVL — a key metric reflecting liquidity and user confidence in a decentralized lending protocol — can be highly sensitive to upstream breaches. When a cross-chain staking or bridge service is attacked, wrapped tokens and derivatives such as rsETH can rapidly lose trust or become illiquid, prompting users to withdraw funds from related lending markets.

KelpDAO’s LayerZero integration underscores the appeal and risk of cross-chain solutions. LayerZero enables messages and asset transfers across blockchains, but third-party implementations can introduce vulnerabilities. In this case, the compromise in KelpDAO’s cross-chain bridge ricocheted into Aave’s ecosystem, demonstrating that even established protocols are exposed to external protocol risk.

The short-term consequences are clear: reduced liquidity, increased volatility in borrowing and lending rates, and a potential decline in user confidence across DeFi. Longer-term effects may include a reassessment of cross-chain exposure, tighter due diligence on integrations, and accelerated demand for on-chain auditing and monitoring tools.

For users and protocol teams, the practical steps are straightforward. Users should monitor official Aave and KelpDAO channels, avoid interacting with suspicious token contracts, and consider reducing exposure to assets tied to compromised bridges. Protocols should prioritize composability audits, implement circuit breakers for third-party assets, and collaborate with security firms for rapid incident response.

This episode serves as a reminder that DeFi security extends beyond a single smart contract. Cross-chain bridges and staking wrappers are critical infrastructure, and their vulnerabilities can quickly affect TVL and market health. As investigations continue, the community will be watching both the recovery of the compromised staking assets and how Aave and other platforms shore up defenses to restore liquidity and trust.

Back