Aave Faces $290M Exploit, Implements New Risk Framework
Severity: High (Score: 66.0)
Sources: Pluang
Published: · Updated:
Keywords: aave, risk, framework, revamps, pluang, crypto, stocks
Summary
In April 2026, a $292 million exploit on KelpDAO’s LayerZero bridge led to a significant liquidity crisis for Aave, resulting in $8.45 billion withdrawn in just 48 hours. This event marked the largest liquidity crisis in DeFi history, prompting Aave to introduce a new risk management framework. Aave founder Stani Kulechov announced this framework on June 10, 2026, which includes four layers: Asset Risk, Bridging Risk, Automated Risk Oracles, and Monitoring. The exploit's impact forced an emergency bailout of $300 million to stabilize the situation. The new framework aims to enhance security and prevent future incidents. Aave's response reflects the growing need for robust risk management in decentralized finance. Key Points: • Aave experienced a $292 million exploit on KelpDAO's LayerZero bridge in April 2026. • The exploit triggered a liquidity crisis, with $8.45 billion withdrawn from Aave in 48 hours. • Aave introduced a new risk management framework on June 10, 2026, to enhance security.
Detailed Analysis
**Impact** In April 2026, a $290-$292 million exploit targeted the KelpDAO rsETH LayerZero bridge, causing an $8.45 billion liquidity withdrawal from Aave within 48 hours. This event represents the largest liquidity crisis in DeFi history, impacting Aave’s global user base and forcing a $300 million emergency bailout. The exploit affected decentralized finance sectors reliant on bridging assets across chains. **Technical Details** The attack exploited vulnerabilities in the KelpDAO LayerZero bridge used by Aave, focusing on bridging risk within the protocol. Specific CVEs or malware details were not provided. The incident occurred during the exploitation phase of the kill chain, leveraging weaknesses in cross-chain asset transfer mechanisms. No IOCs were disclosed in the articles. **Recommended Response** Aave has implemented a new risk framework comprising four layers: Asset Risk, Bridging Risk, Automated Risk Oracles, and Monitoring to mitigate similar future exploits. Defenders should prioritize monitoring bridging transactions and deploying anomaly detection on cross-chain transfers. No specific patches or IOCs are available; continuous risk assessment and real-time monitoring of bridge activity are advised.
Source articles (2)
- Aave revamps risk management after $290M KelpDA... | Pluang – Crypto, Stocks, Gold & Funds — Pluang · 2026-06-10
In April 2026, a $292 million exploit on KelpDAO’s LayerZero bridge triggered a massive withdrawal of $8.45 billion from Aave within 48 hours, marking the largest liquidity crisis in DeFi history. The… - Aave revamps security with new risk framework a... | Pluang – Crypto, Stocks, Gold & Funds — Pluang · 2026-06-10
Following a $290 million exploit of the KelpDAO rsETH bridge in April, Aave founder Stani Kulechov announced a new risk framework for the protocol. This framework introduces four key layers: Asset Ris…
Timeline
- 2026-04-01 — KelpDAO exploit occurs: A $292 million exploit on KelpDAO’s LayerZero bridge leads to massive withdrawals from Aave.
- 2026-04-03 — Liquidity crisis at Aave: $8.45 billion withdrawn from Aave within 48 hours following the exploit, marking a historic crisis.
- 2026-06-10 — Aave announces new risk framework: Aave introduces a new risk management framework with four key layers to enhance security.
Related entities
- Aave (Platform)
- LayerZero (Platform)
- RsETH Bridge (Platform)
- KelpDAO (Company)