As Aave's building collapses, Spark's high-rise is rising

Author: Zhou, ChainCatcher

On April 18, attackers exploited a vulnerability in the Kelp DAO cross-chain bridge's validation nodes, releasing approximately $292 million worth of uncollateralized rsETH, which was then deposited into Aave to borrow real WETH.

This batch of uncollateralized rsETH was accepted as compliant collateral, but the borrowed real WETH could not be equivalently covered, leading Aave to face a potential bad debt exposure of up to $230.1 million.

According to on-chain analyst Yu Jin's monitoring, as of the morning of April 23, Aave's TVL had fallen below $30 billion, dropping from $45.8 billion before the incident to $29.6 billion, with an outflow amounting to $16.2 billion, a decline of over 40%.

The panic spread far beyond this. Protocols not directly involved with rsETH, such as Morpho, Sky, and JupLend, also experienced large outflows, and even protocols on Solana were not spared.

However, this crisis also created an unexpected winner. Some of the funds fleeing Aave directly flowed into Spark, with the SPK token rising over 150% in the past 7 days.

1. Aave at the Forefront

Why did Aave become the most pressured party in this incident? It starts with its structure.

rsETH, as the liquidity re-staking token of Kelp DAO, has a price trend highly correlated with ETH and is classified as high-quality collateral with low volatility and high liquidity in Aave's risk model.

In E-Mode (Efficiency Mode), it enjoys a loan-to-value ratio (LTV) of up to 93%-95%, allowing users to borrow WETH with extremely high leverage.

This parameter setting essentially prices the strong price correlation between rsETH and ETH, as well as its liquidity performance in the secondary market, while neglecting the deep dependency of rsETH on the cross-chain bridging contract (LayerZero V2).

As a result, when attackers exploited a single DVN vulnerability configured by Kelp on April 18 to mint approximately 116,500 uncollateralized rsETH (worth about $292 million) and deposited most of it (about 89,567 tokens) into Aave to borrow real WETH, the protocol operated normally as designed, with the liquidation mechanism and oracle not triggering any anomalies, yet it was directly exposed to hundreds of millions in bad debt.

Ironically, just 9 days before the incident (April 9), the newly appointed risk service provider LlamaRisk submitted a Risk Stewards proposal to raise the supply cap of rsETH on the Ethereum mainnet from 480,000 to 530,000, citing "strong market demand, ample on-chain liquidity, and healthy user leverage behavior."

At that time, the utilization rate of rsETH in Aave was already close to 99.9%, and the leveraged re-staking strategy was in full swing, yet no one re-evaluated the security assumptions underlying the bridging.

After the attack, Aave quickly suspended WETH withdrawals, leading to a significant discount on the deposit receipt aETHWETH. On-chain tracking shows that due to Aave's suspension of WETH withdrawals, the deposit receipt aETHWETH was discounted, with a whale withdrawing 13,000 ETH from the exchange, buying aETHWETH through Swap, and then repaying the loan 1:1, netting 143 ETH.

The contagion effect quickly spread to the stablecoin pool. Circle's chief economist Gordon Liao initiated an emergency governance proposal, suggesting raising the maximum deposit interest rate for USDC on Aave V3 Ethereum mainnet to about 48.2% to address the situation where the USDC pool's utilization rate had exceeded 99.87% for several consecutive days, rendering liquidity nearly paralyzed.

Currently, this turmoil is still fermenting. Aave has previously proposed two paths for handling losses: one is for all rsETH holders to collectively bear about 15% of the discount, with the bad debt scale being approximately $123.7 million; the other is to isolate the losses to L2, leaving the Ethereum mainnet unaffected, but Mantle would face a 71.45% WETH gap, and Arbitrum would face a 26.67% gap, expanding the bad debt scale to about $230.1 million.

On April 21, the Arbitrum Security Council announced an emergency freeze of 30,766 ETH (approximately $71 million) held by addresses related to the attack and transferred them to a governance-controlled intermediary wallet.

Aave founder Stani Kulechov stated that the team is working with multiple partners to advance several recovery plans to achieve an orderly return to normal market conditions and protect user interests. The Arbitrum Security Council has recovered ETH worth $70 million, which significantly reduces potential risk exposure.

DefiLlama founder 0xngmi further pointed out that if the frozen funds are prioritized for use in the Arbitrum local Aave market, the bad debt on that chain is expected to decrease by 80% or even approach zero under the shared depreciation of rsETH.

Nevertheless, Aave's Umbrella security reserve (approximately $80 million to $100 million) appears insufficient against a potential gap of up to $230.1 million. The protocol has suggested pausing the Umbrella module to avoid automatic slashing being triggered too quickly, opting for manual governance handling instead.

As of now, the WETH reserves in the Ethereum Core V3 market have been partially unfrozen, but the LTV remains at 0; WETH reserves on chains such as Prime, Arbitrum, Base, Mantle, and Linea are still frozen or restricted.

2. Why Did Spark Avoid This Loss?

Spark achieved zero direct losses in the Kelp DAO rsETH bridging attack, a decision that can be traced back to January 2026. At the same time Aave incorporated rsETH into E-Mode and opened high-leverage lending, Spark chose to delist rsETH and other low-utilization assets while tightening collateral admission standards.

After the incident, Spark's strategic director monetsupply.eth explained the logic at the time, stating that Spark has long set a high maximum interest rate cap for the ETH lending market and actively transferred some business and revenue to Aave over the past year (the latter had previously lowered ETH borrowing rates to below 10% to attract leveraged users).

This choice sparked strong dissatisfaction among users of ETH circular leverage strategies, with some funds opting to exit Spark. However, it proved that delisting rsETH was an extremely prudent move—SparkLend's ETH withdrawal liquidity remained ample, while Aave's related market fell into a high-utilization lock-up state.

monetsupply.eth also warned that insufficient liquidity for ETH as a core collateral is not merely an inconvenience for users but a systemic security risk.

He pointed out that in Aave's current environment, about 16.5% of the supply in the ETH market is supported by rsETH, and if losses related to rsETH loans occur on both the mainnet and L2, E-Mode could face a reduction of 10%-15%. This would prompt ETH suppliers to accelerate their exit, locking utilization at 100%, and borrowing rates would fail to effectively incentivize unrelated LST circular repayments to release liquidity.

Therefore, if ETH prices drop another 15%-20%, Aave could face significant bad debt accumulation. For Spark, this zero-loss situation also hinges on the premise that the market does not continue to decline.

The [Spark Protocol](https://www.rootdata.com/zh/Projects/detail/Spark Protocol?k=Nzc3NQ== "decentralized lending market") team stated in an interview with ChainCatcher that Spark's avoidance of the impact was not due to a single delisting action but rather a comprehensive and more conservative risk parameter system. They noted that Spark adopted conservative LTV and strict supply caps when onboarding rsETH, meaning that even without delisting, potential losses would be very limited and easily recoverable. "Any collateral coming online means assuming a certain level of risk; it is unrealistic to assume that losses will never occur. At SparkLend, we expect such events to happen occasionally and ensure that the protocol is resilient to these scenarios."

The Spark Protocol team also revealed that they are equipped with multiple warning tools, including AI detection and custom monitoring software. Upon learning of a potential attack, they completed a review of all direct and indirect exposures within 30 minutes and initiated a full market exit plan.

Regarding the influx of large amounts of funds after the incident, they stated that Spark could borrow billions from Sky at any time to meet any liquidity needs, and such high-concentration inflows are more a recognition of Spark Savings' safety. Throughout the crisis, Spark Savings USDT was the only place that maintained ample liquidity, with USDT liquidity never dropping below $400 million.

No one anticipated that the biggest short-term beneficiary of the Aave bad debt storm would be Spark. After funds fled Aave en masse, some flowed directly into Spark. The latest DefiLlama data shows that its TVL has rapidly risen from about $1.9 billion before the incident to the $3.3-3.5 billion level (an increase of over 80%), partly due to continued injections from large holders like Sun Yuchen.

Image Source: Defillama

Meanwhile, the SPK token price saw a strong rebound: as of the time of writing, SPK had risen over 95% in the past 24 hours and over 180% in the past 7 days. F2Pool co-founder Wang Chun expressed in a post that he received 83.7 million SPK rewards from Spark over the past year and sold them all on CoWSwap for 663 ETH and $1.4 million, now feeling "a bit regretful."

Image Source: RootData

However, as DefiLlama founder 0xngmi stated, there are no real winners in such events.

The growth in Spark's TVL is essentially a redistribution of existing DeFi funds among protocols, rather than new capital entering the market. The entire industry's "cake" has shrunk in the short term, and no one can remain unaffected.

3. Who Should Be Held Responsible?

The entry point of this attack was the Kelp DAO cross-chain bridge, configured with a single validation node in LayerZero. The smart contracts of the lending protocol had no issues, but the losses ultimately fell on the lending protocol and its users.

Crypto researcher CM pointed out a long-ignored distinction: bridged assets and native assets are fundamentally different, just as bridged USDC is not equivalent to real USDC. The price of rsETH can be highly correlated with ETH, but its security heavily relies on the reliability of the bridging contract.

These are two completely different matters. As mentioned earlier, Aave's risk model accurately priced the price correlation and liquidity but systematically overlooked the risks of bridging infrastructure.

The problem does not stop there. Aave covers 22 chains, each with different bridging configurations, different oracle sources, and different liquidation paths. This complexity is difficult to monitor in real-time through manual governance. When multiple chains encounter issues simultaneously, the only option for the protocol is to freeze the market, as there is no pre-designed mechanism to determine how to allocate losses.

In terms of accountability, Kelp DAO and LayerZero have fallen into a public blame game: Kelp emphasizes that LayerZero's default configuration poses risks and that many protocols are using similar settings; LayerZero points out that Kelp chose a low-security single validator configuration, despite having recommended a multi-DVN solution.

Both parties have yet to reach a clear division of responsibility or compensation framework. The latest data from Polymarket shows that the market's betting probability on "Kelp will bear the losses" has dropped from 50% at the beginning of the incident to about 12%.

Amid the discussions on loss distribution, a third voice has emerged in the community.

Veteran DeFi player @DeFi_Dad questioned in the discussion why both proposals require users to bear the losses, and why not have a "white knight" intervene to fill the gap through a debt repayment plan? He named Bybit, Coinbase, and Binance, believing this is an opportunity for CEX to showcase their presence.

Crypto investor @anndylian proposed a more specific plan: Kelp DAO issues "debt certificates" to Aave, promising to gradually repurchase and destroy uncollateralized rsETH with future staking commission income, turning a one-time hard decoupling into installment debt repayment to avoid a collapse in Kelp token prices due to immediate payouts.

Regarding the boundaries of responsibility, the industry consensus leans towards: Kelp DAO, as the issuer of rsETH, bears the responsibility for the configuration choices of the LayerZero official bridge, thus the losses related to rsETH should primarily be socialized among all rsETH holders; while the bad debts generated on Aave should be the responsibility of Aave DAO for its risk management decisions (including the LTV, supply cap, and E-Mode settings for rsETH).

Ultimately, Kelp and LayerZero are passing the buck, highlighting a pain point in DeFi today: in the complex system where cross-chain, LRT, and lending protocols are deeply intertwined, once an incident occurs, no one can clearly determine who should bear the responsibility, and the ones who ultimately pay the price are often the lending protocols and their users.

Although Kelp DAO has recently signaled "user priority" and active negotiation, how the incident will ultimately conclude still heavily depends on Kelp's disposal plan for the remaining endorsed assets and the governance votes from all parties.

This also confirms one point: in the absence of industry consensus on responsibility boundaries, lending protocols must proactively internalize external dependencies such as bridging risks into their own risk control systems, rather than relying on post-event accountability or external bailouts.