Hackers took $293 million from Aave's lending pools. The industry responded with $300 million in pledges. A governance vote will decide what happens next.
On April 18, attackers exploited a flaw in Kelp DAO's cross-chain bridge and minted 116,500 tokens out of thin air. They deposited them into Aave DeFi's largest lending protocol as collateral, and borrowed $190 million in real assets against them. Aave's own systems functioned as designed. The collateral was fraudulent. By Sunday morning, the protocol had $196 million in bad debt and had lost $6.6 billion in total deposits as users rushed to withdraw.
Aave immediately froze the affected markets and halted new borrowing against the compromised token. That stopped the bleeding. But the hole remained.
What followed was one of the most coordinated responses in DeFi's history and it raised questions the industry wasn't expecting to answer.
Aave founder Stani Kulechov publicly pledged 5,000 ETH from his personal holdings. According to a Consensys spokesperson, Kulechov reached out to ecosystem participants early to help coordinate a broader response. Consensys committed up to 30,000 ETH. EtherFi proposed 5,000 ETH. Lido put forward 2,500 stETH. A coalition DeFi United formed around the effort, with total pledges crossing $300 million within days. A governance proposal was filed for Aave's own DAO to contribute a further 25,000 ETH from its treasury, pending a community vote.
In parallel, Arbitrum's Security Council froze $71.5 million traced to the attacker's wallets. DeFi United published a technical recovery plan: convert pledged ETH into rsETH in controlled tranches, then liquidate the attacker's positions at adjusted prices to claw back as much as possible. North Korean-affiliated hackers are suspected, though no formal attribution has been confirmed.
The vote on Aave's treasury contribution is live this week. The remaining question who absorbs the losses not covered by pledges has not been resolved. Users with rsETH positions across Ethereum, Arbitrum, Base, Mantle, and Linea remain locked out of their accounts while the recovery executes.
WHERE THINGS STAND
The funds exist. The plan is published. The governance vote is this week. Until it clears, thousands of users are still waiting to find out how much they get back and whether the recovery is as complete as the pledges suggest.
From breaking news to thought-provoking opinion pieces, our newsletter keeps you informed & engaged.
