Aave faced a withdrawal onslaught of $8.45 billion during the rsETH crisis, reigniting debate on DeFi risk management capability
BlockBeats News, June 19th, following the April 2026 attack on KelpDAO's rsETH cross-chain bridge, Aave experienced approximately $84.5 billion in fund outflows. However, the protocol's core functionality remained intact, successfully completing one of the largest DeFi stress tests to date.
This crisis originated from an attack on KelpDAO's LayerZero cross-chain bridge, where about $292 million worth of rsETH was stolen, triggering market concerns about the value and solvency of rsETH collateral. As rsETH is widely used across protocols like Aave as collateral, the risk quickly spread, leading to a concentration of fund withdrawals, with some markets experiencing utilization rates of up to 100% and some users unable to withdraw funds immediately.
Facing liquidity shortages, the Aave risk management team initiated emergency freezes and parameter adjustments to contain risk contagion. Aave founder Stani Kulechov viewed this event as a testament to DeFi's maturity, stating that the protocol still operated as designed under extreme stress, demonstrating the resilience of an on-chain transparent, rules-based system.
However, several independent analysts pointed out that while Aave averted a systemic collapse, the event exposed concentration risks, liquidity risks, and the contagion risks brought by high protocol interconnectivity within the DeFi lending system. The behavior of large borrowers may have impacts on system stability beyond what models anticipate.
Aave currently mitigates risks through various layers of protection such as Loan-to-Value (LTV) limits, liquidation thresholds, supply caps, borrowing limits, Isolation Mode, E-Mode, and governance mechanisms. These mechanisms generally functioned during this crisis, but observers believe that governance response speed and risk models need further optimization to address future unforeseen systemic shocks.
Analysts believe that this event illustrates that DeFi protocols can withstand large-scale runs without external assistance, but a single stress test may not entirely prove system security. As composability between protocols continues to strengthen, an issue with an external asset or a cross-chain bridge could rapidly evolve into a liquidity crisis for the entire ecosystem.
