In the early hours of April 18, 2026, a few hours after the KelpDAO attack, Solidity Developer 0xQuit posted a post on X。

"I wish I could bring better news, but Aave's on WETH seems finished. If so, it would be withdrawn, but it might be too late. After the Umbrella settlement, the regular deposit should be partially recoverable. This is a huge blow to DeFi's vision

When the post was sent, the founder of Aave, Stani Kulechov, had just made another statement on the same platform: rsETH had been frozen, Aave's smart contract was "undamaged" and the problem was on the side of Kelp DAO. Both posts are scrolled on the same time line。

Both posts are true. But they are answering different questions. Stani answered who moved the code, 0xQuit answered who was responsible for the consequences。

The answer is no code is passive. And the consequences fell on everyone who put it in Aave's Weth and thought he was just making a little interest rate。

Six months before the attack, Aave's system of governance approved every decision that made this possible. No one broke any code. An approved set of rules was used to allow agreements to collapse in a well-designed manner. This is something that deserves to be clarified from the outset。

Twelve days

On 6 April, the founder of Chaos Labs, Omer Goldberg, posted on X that Chaos Labs ' cooperation with Aave DAO would officially end。

Over the past three years, Chaos Labs has dominated Aave's risk parameter management. During this period, Aave's TVL grew from $5.2 billion to over $26 billion. Behind every billion dollars of growth is the Chaos Labs model measuring the boundary: which parameters push and which do not move。

Goldberg gave three reasons for separation. One is the "fundamental divide" in the risk strategy, especially after Aave V4 introduced the new structure. Second, the complexity of operations brought about by V4 has increased significantly, but resource compensation has not kept pace. Thirdly, even under a $5 million budget programme, Chaos Labs remains in deficit and economically unsustainable。

"This partnership no longer reflects how we think risks should be managed," he wrote。

Aave's response over there came fast. Stani Kulechov states that the agreement will not be interrupted and that the risk management agency LlamaRicsk will take over full responsibility for "the maintenance of the two-tier risk management system". LlamaRisk then issued a statement committing to “full business continuity” and submitted a formal renewal proposal to Aave DAO within a week. From the outside, this is an orderly handover。

Three days later, on 9 April, LlamaRisk, as the new risk manager, submitted the first regular adjustments: raising the supply limit for rsETH in the Aave V3 main network from 480,000 to 530,000. Based on the chain of data, the utilization factor is healthy, the liquidity is sufficient and the concentration of the position is within the threshold. There are no anomalies。

Nine days later, on April 18, at 17:35 UTC, the attackers transferred the Endpoint V2 contract from Layer Zero to the rsETH Bridge Bridge in Kelp DAO, where a forged cross-chain data package was transferred. The bridge contract did not recognize that information as false. 116,500 rsETH went to the addresses controlled by the attackers。

Forty-six minutes later, Kelp DAO's emergency suspension mechanism was activated, preventing the attackers from following up on two additional attempts at theft, which together accounted for approximately $100 million. However, the initial batch could not be recovered. The attackers targeted approximately $390 million, of which they received three quarters。

Before the suspension mechanism was activated, the attackers had deposited stolen rsETH into Aave V3 as collateral, lending a large number of WeTH and ETH. The market price of rsETH began to collapse after the news of the attack spread and the collateral value disappeared. It had become impossible to liquidate because it was technically effective. This is what makes bad debts。

The document that never came out

On 19 January 2026, the Aave community adopted the governance proposal 434. The core of the proposal is to add WETH to the rsETH LST E-Mode, while increasing the maximum loan value of rsETH in this model from 92.5% to 93%. The figures are not changed much, but the meaning is clear, and users can borrow WETH worth $93 on Aave using $100 rsETH。

This proposal is being promoted by ACI (the core governance service of Aave Chan Initiative, Aave). The text of the proposal sets out expectations: by introducing the rsETH/WETH circular strategy, absorbing the idle ETH liquidity of the agreement, it is expected to bring about a "rsETH inflow of up to $1 billion" while returning the utilization of the WETH pool to the optimal range。

There is another reason for the proposal, which is more straightforward, in order to "maintain the level of competition" with ezETH, weETH. Now that the competitors' LRT assets have been given similar parameters on Aave, rsETH should be aligned。

This is a very common decision-making logic in DeFi, called competition. You get what your opponent gets, you get what you deserve, or it's gonna run away. This logic is almost impeccable in the context of capital efficiency. It also has an inherent one-way pressure, and parameters can only be pulled up and not pushed down. Any proposal to tighten the parameters would be labelled as “decompetitive”. The result is that the whole industry is drifting in the same direction, and no one is asking where it is drifting。

One of the things that can be found in the governance document of the proposal 434 is: can a LTV dedicated to rsETH increase to 93%? When rsETH first came on the market in November 2024, Llama Risk submitted a complete collateral risk assessment that analysed rsETH ' s mechanisms for accumulation of proceeds, intelligent contract structure and liquidity characteristics. But the report says, "Is rsETH available for Aave?" When the LTV was pushed up 93 per cent of the proposal, the governance document was based on horizontal expectations of bid and agreement revenue。

The two other DeFi agreements that accepted rsETH gave different answers, SpankLend set LTV at 72% for rsETH, and the Fluid protocol adopted fixed minimum mortgage rates equivalent to about 75% of LTV. Both families completed the rsETH market freeze within hours of the attack. Aave's figure is 93%. The difference of 21 percentage points is the competitive advantage。

Chaos Labs announced his withdrawal from Aave risk management on 6 April. On 9 April, the newly transferred LlamaRicsk submitted a regular Risk Stewarts adjustment proposal raising the rsETH supply ceiling from 480,000 to 530,000. The reason was that the chain was healthy, well-utilized, sufficiently mobile and well-regulated. All indicators are derived from the chain。

Those chain indicators record the flow of rsETH within Aave, how many people are in use, whether risks are dispersed and whether there is sufficient liquidity. What they don't cover is what kind of bridge they cross before they reach Aave。

An unreadable alarm

In the early hours of March 10, this year, an unusual settlement deal began on the ETA chain. 34 high-leveraging positions using wsteh as collateral, without any warning, triggered successive liquidation lines. It's too late for the users to react, and the clearing robots are already operational。

This was triggered by a configuration error in the CAPO Prophecy System in Aave, which resulted in a discrepancy between the snapshot ratio and the snapshot time stamp, resulting in a reported price of about 1.1939, while the actual market rate was about 1.228. The deviation is 2.85 per cent, which is almost negligible under normal circumstances。

In the E-Mode environment, however, 2.85 per cent of the price was understated enough to push 34 high-leverage positions over the clearing line, resulting in a loss of approximately $27 million in incorrect settlement. From the Edge Risk system of Chaos Labs to the Agent Hub of BGD to the next block, to the liquidation robot to complete the operation, the entire chain will be completed in a few minutes. There is no window left for human intervention。

After that, Chaos Labs published its analysis. The conclusion is: "The event does not reflect defects in the design of the bottom CAPO or the lower chain risk prognosis machine, but rather the chain configuration leads to inconsistencies in the snapshot ratio and the time stamp under different updated constraints. "

The configuration is not a design issue. Accident, not early warning。

Through the governance proposal, Aave has fully compensated the affected users from the recovered funds and the DAO Treasury. This is how it ends. A subsequent industry report states that “despite this incident, Aave's overall deposits and borrowings remained stable at the beginning of 2026, with no substantial erosion of confidence in the core design of the agreement”

In six weeks, the term "core design" will be put to another test, with a scale change。

Here's the bill

About an hour after the attack, Stani Kulechov stressed on X that Aave’s smart contract itself was “undamaged”. There was no problem at the technical level, no code had been broken, no private key had been stolen, and the contract had operated accurately in the manner it had been set up。

This is the problem. When the value of rsETH fell sharply as a result of the attack, E-Mode's "highly relevant" design worked in reverse: the system continued to treat rsETH, which had depreciated significantly, as a valid collateral, and WETH and ETH, which had been loaned, could not be properly liquidated. The mechanisms designed to improve capital efficiency have in extreme cases become locks of bad debts。

The estimated size of the bad debt is between $177 million and $200 million (according to multiple sources, such as Phemex, Yahoo Finance), and the total loan position of the attackers exceeds $236 million (according to CriptoBriefing). With 116,500 rsETH as collateral, 93 per cent of E-Mode LTV can borrow up to approximately $272 million in WETH, about $62 million more than the standard 72 per cent LTV ceiling, and E-Mode compressed the security buffer from 28 per cent to 7 per cent, with any slight price fluctuations sufficient to drive the warehouse out of control。

Aave has a security mechanism specifically designed for this situation, called Umbrala. Users can deposit aWETH into the Umbrella safe house in exchange for additional gains, and when the agreement is in bad debt deficit, this part of the asset will be automatically destroyed to cover the loss without the need for a governance vote. Those who have voluntarily chosen the pledge are mostly those who have learned about the design of the mechanism, who are willing to exchange the principal for a higher rate of return and who also assume the role of a bottom-up agreement, are active supporters of the agreement. Umbrella came online at the end of 2025, replacing the old version of Safety Module, which was the first real test she had officially faced。

Some $50 million in Umbrella's WETH can be used to absorb losses (according to Forbes). The scale of bad debt is $177 million to $200 million. The gap between the two figures is about $127 million to $150 million。

This part is covered by non-committal ordinary WETH depositors. Aave's official document describes the Umbrella mechanism: after the pledged assets have been destroyed, “the remaining WETH suppliers should be partially recoverable, but not guaranteed full recovery, and the depositor may be facing haircut”. “Haircut” means the loss of part of the principal。

The night of the attack, Marc Zeller stood up and spoke. He was the founder of ACI and the main promoter of the proposals 205 and 434 and will leave Aave in July this year. He refutes the "extreme estimate" of the magnitude of bad debt from the outside, stating that the actual figure is "well below that figure" and urging users to extract WETH from Aave V3 to reduce risk. He added that "the incident will effectively test Umbrella" as if it were a stress test, not a loss of the user's real principal。

On the same day, the AAVE token fell by 10.27 per cent and received 105.73 dollars. This occurred at a time when the scale of bad debts had not yet been determined and a large number of WETH depositors were awaiting Umbrella settlement time node。

End

The post was widely transmitted on the night of the attack. Among its people, many are Aave's Weth depositors. They read those lines several times before forwarding them. "At the settlement of Umbrella, the normal deposit should be partially available for withdrawal. What does "part" mean? What does "normal" mean

The last sentence of 0xQuit, "This is a huge blow to DeFi's vision." DeFi's vision has one: your assets, your rules, no one can make decisions you don't know。

Those decisions were taken over the past six months in the text of the Forum ' s proposals. No hackers broke into the door, and none of the code holes were destined for this end in the first place. It was a "efficiency" quest, a "sign" neglect, and a critical window period during which the bill was sent together. The cost of governance is ultimately borne by those who are neither involved nor aware of what has happened。

The code is running in an approved manner. The bill was sent to those who were not involved in the approval。