As Aave's building collapses, Spark's high-rise is rising

Author: Zhou, ChainCatcher

On April 18, attackers exploited a vulnerability in the validation nodes of the Kelp DAO cross-chain bridge, releasing approximately $292 million worth of uncollateralized rsETH, which was then deposited into Aave to borrow real WETH.

This batch of uncollateralized rsETH was accepted as compliant collateral, but the borrowed real WETH could not be equivalently covered, leading Aave to face a potential bad debt exposure of up to $230.1 million.

According to on-chain analyst Yu Jin's monitoring, as of the morning of April 23, Aave's TVL had fallen below $30 billion, dropping from $45.8 billion before the incident to $29.6 billion, with an outflow amounting to $16.2 billion, a decline of over 40%.

The spread of panic extended far beyond this. Protocols such as Morpho, Sky, and JupLend, which were not directly involved with rsETH, also experienced large-scale outflows, and even protocols on Solana were not spared.

However, this crisis also created an unexpected winner. Some of the funds fleeing Aave flowed directly into Spark, with the SPK token rising over 150% in the past week.

1. Aave at the Forefront

Why did Aave become the most pressured party in this incident? It starts with its structure.

rsETH, as the liquidity re-staking token of Kelp DAO, has a price trend highly correlated with ETH and is classified by Aave's risk model as a high-quality collateral with low volatility and high liquidity.

Under E-Mode (Efficiency Mode), it enjoys a loan-to-value ratio (LTV) of up to 93%-95%, allowing users to cycle borrow WETH with extremely high leverage.

This parameter setting essentially prices the strong price correlation between rsETH and ETH, as well as its liquidity performance in the secondary market, but overlooks rsETH's deep dependence on the cross-chain bridging contract (LayerZero V2).

As a result, when attackers exploited a single DVN vulnerability configured by Kelp on April 18, minting approximately 116,500 uncollateralized rsETH (worth about $292 million) and depositing most of it (about 89,567 tokens) into Aave to borrow real WETH, the protocol operated normally as designed, with the liquidation mechanism and oracle not triggering any anomalies, yet it was directly exposed to hundreds of millions in bad debt.

Ironically, just nine days before the incident (April 9), the newly appointed risk service provider LlamaRisk submitted a Risk Stewards proposal to raise the supply cap of rsETH on the Ethereum mainnet from 480,000 to 530,000, citing "strong market demand, ample on-chain liquidity, and healthy user leverage behavior."

At that time, the utilization rate of rsETH in Aave was already close to 99.9%, and the leveraged re-staking strategy was in full swing, yet no one re-evaluated the security assumptions underlying the bridge.

After the attack, Aave quickly suspended WETH withdrawals, leading to a significant discount on the deposit certificate aETHWETH. On-chain tracking shows that due to Aave's suspension of WETH withdrawals, the deposit certificate aETHWETH was discounted, with a whale withdrawing 13,000 ETH from the exchange, buying aETHWETH through Swap, and then repaying the loan 1:1, netting 143 ETH.

The contagion effect quickly spread to the stablecoin pool. Circle's chief economist Gordon Liao initiated an emergency governance proposal, suggesting raising the maximum deposit interest rate for USDC on Aave V3 Ethereum mainnet to about 48.2% to address the situation where the USDC pool's utilization rate had exceeded 99.87% for several consecutive days, leading to near paralysis of liquidity.

Currently, this turmoil is still fermenting. Aave has previously proposed two paths for handling losses: one is for all rsETH holders to collectively bear about 15% of the discount, with the bad debt scale around $123.7 million; the other is to isolate the losses to L2, leaving the Ethereum mainnet unaffected, but Mantle would face a 71.45% WETH gap, and Arbitrum would face a 26.67% gap, expanding the bad debt scale to about $230.1 million.

On April 21, the Arbitrum Security Council announced an emergency freeze of 30,766 ETH (approximately $71 million) held by addresses related to the attack and transferred them to a governance-controlled intermediary wallet.

Aave founder Stani Kulechov stated that the team is working with multiple partners to advance several recovery plans to achieve an orderly return to normal market conditions and protect user interests. The Arbitrum Security Council has recovered $70 million worth of ETH, which significantly reduces potential risk exposure.

DefiLlama founder 0xngmi further pointed out that if the frozen funds are prioritized for use in the Arbitrum native Aave market, the bad debt on that chain is expected to decrease by 80% or even approach zero in the case of shared depreciation of rsETH.

Nevertheless, Aave's Umbrella security reserves (approximately $80 million to $100 million) are still insufficient against a potential gap of $230.1 million. The protocol has suggested pausing the Umbrella module to avoid automatic slashing being triggered too quickly, opting for manual handling by governance.

As of now, the WETH reserves in the Ethereum Core V3 market have been partially unfrozen, but the LTV remains at 0; WETH reserves on chains such as Prime, Arbitrum, Base, Mantle, and Linea are still frozen or restricted.

2. Why Did Spark Avoid This Loss?

Spark achieved zero direct losses in this Kelp DAO rsETH bridge attack, a decision that can be traced back to January 2026. At the same time Aave included rsETH in E-Mode and opened high-leverage lending, Spark chose to delist rsETH and other low-utilization assets while tightening collateral admission standards.

After the incident, Spark's strategic director monetsupply.eth explained the logic at the time, stating that Spark has long set a high maximum interest rate cap for the ETH lending market and actively ceded some business and revenue to Aave over the past year (the latter had previously lowered ETH borrowing rates to below 10% to attract leveraged users).

This choice sparked strong dissatisfaction among users of ETH cyclical leverage strategies, with some funds opting to flee Spark. However, it proved that delisting rsETH was an extremely prudent move—SparkLend's ETH withdrawal liquidity remained ample, while Aave's related market had fallen into a high utilization lock-up state.

monetsupply.eth also warned that insufficient liquidity for ETH, as a core collateral, is not merely an inconvenience for users but a systemic security risk.

He pointed out that under Aave's current environment, about 16.5% of the ETH market's supply is supported by rsETH, and if losses related to rsETH loans occur on both the mainnet and L2, E-Mode could face a reduction of 10%-15%. This would prompt ETH suppliers to accelerate their exit, locking the utilization rate at 100%, making borrowing rates ineffective in incentivizing unrelated LST cyclical repayments to release liquidity.

Therefore, if ETH prices fall another 15%-20%, Aave could face significant bad debt accumulation. For Spark, this zero-loss outcome also hinges on the premise that the market does not continue to decline.

The [Spark Protocol](https://www.rootdata.com/zh/Projects/detail/Spark Protocol?k=Nzc3NQ== "decentralized lending market") team stated in an interview with ChainCatcher that Spark's avoidance of the impact was not solely due to the delisting action, but rather a comprehensive set of more conservative risk parameters. They noted that Spark adopted conservative LTV and strict supply caps when onboarding rsETH, meaning that even without delisting, potential losses would be very limited and easy to recover. "Any collateral coming online means assuming a certain degree of risk; it is unrealistic to assume that losses will never occur. At SparkLend, we expect such events to happen occasionally and ensure that the protocol is resilient to these scenarios."

The Spark Protocol team also revealed that they are equipped with multiple warning tools, including AI detection and custom monitoring software. Upon learning of a potential attack, they completed a review of all direct and indirect exposures within 30 minutes and initiated a full market exit plan.

Regarding the influx of large amounts of funds after the incident, they stated that Spark can borrow billions from Sky at any time to meet any liquidity needs, and such high-concentration inflows are more a recognition of Spark Savings' security. Throughout the crisis, Spark Savings USDT was the only place that maintained ample liquidity, with USDT's liquidity never falling below $400 million.

No one anticipated that the biggest short-term beneficiary of the Aave bad debt storm would be Spark. After funds fled Aave en masse, some flowed directly into Spark. The latest DefiLlama data shows that its TVL has rapidly risen from about $1.9 billion before the incident to the $3.3-3.5 billion level (an increase of over 80%), partly due to continued injections from large holders like Sun Yuchen.

Image source: Defillama

Meanwhile, the price of the SPK token saw a strong rebound: as of the time of writing, SPK's price rose over 95% in the past 24 hours and over 180% in the past 7 days. F2Pool co-founder Wang Chun expressed in a post that he received 83.7 million SPK rewards from Spark over the past year and sold them all on CoWSwap for 663 ETH and $1.4 million, now "feeling a bit regretful."

Image source: RootData

However, as DefiLlama founder 0xngmi stated, there are no real winners in such events.

The growth of Spark's TVL is essentially a reallocation of existing DeFi funds between protocols, rather than new capital entering the market. The entire industry's "cake" has shrunk in the short term, and no one can remain unaffected.

3. Who Should Be Held Responsible?

The entry point of this attack was the Kelp DAO cross-chain bridge, configured with a single validation node from LayerZero. The smart contracts of the lending protocol had no issues, but the losses ultimately fell on the lending protocol and its users.

Crypto researcher CM pointed out a long-ignored distinction: bridged assets and native assets are essentially two different things, just as bridged USDC is not equivalent to real USDC. The price of rsETH can be highly correlated with ETH, but its security heavily depends on the reliability of the bridging contract.

These are two completely different matters. As mentioned earlier, Aave's risk model accurately priced the price correlation and liquidity but systematically overlooked the risks of bridging infrastructure.

The problem does not stop there. Aave covers 22 chains, each with different bridging configurations, different oracle sources, and different liquidation paths. This complexity is already difficult to monitor in real-time through manual governance. When multiple chains encounter issues simultaneously, the only thing the protocol can do is freeze the market, as there is no pre-designed mechanism to determine how to allocate losses.

In terms of accountability, Kelp DAO and LayerZero have fallen into a public blame game: Kelp emphasizes that LayerZero's default configuration has risks and that many protocols are using similar settings; LayerZero points out that Kelp chose a low-security single validator configuration, despite having recommended a multi-DVN solution.

Both parties have yet to reach a clear division of responsibility or compensation framework. The latest data from Polymarket shows that the market's betting probability that "Kelp will share the losses" has dropped from about 50% at the beginning of the incident to about 12%.

Regarding loss distribution, a third voice has emerged in the community.

Veteran DeFi player @DeFi_Dad questioned in discussions why both proposals involve users bearing the losses, and why not have a "white knight" intervene to fill the gap through a debt repayment plan? He named Bybit, Coinbase, and Binance, believing this is an opportunity for CEX to showcase their presence.

Crypto investor @anndylian proposed a more specific plan: Kelp DAO issues "debt certificates" to Aave, promising to gradually repurchase and destroy uncollateralized rsETH with future staking commission income, turning a one-time hard decoupling into installment debt repayment to avoid a collapse in Kelp token prices due to immediate payouts.

Regarding the boundaries of responsibility, the industry consensus leans towards: Kelp DAO, as the issuer of rsETH, bears the responsibility for the configuration choices of the LayerZero official bridge, thus the losses related to rsETH should primarily be socialized among all rsETH holders; while the bad debts generated on Aave should be the responsibility of Aave DAO for its risk management decisions (including rsETH's LTV, supply cap, and E-Mode settings).

Ultimately, Kelp and LayerZero are passing the buck, highlighting a pain point in DeFi today: in a complex system where cross-chain, LRT, and lending protocols are deeply intertwined, once an incident occurs, no one can clearly define who should bear the responsibility, and the ones who often pay the price are the lending protocols and their users.

Although Kelp DAO has recently released signals of "user priority" and active negotiation, how the incident ultimately concludes still heavily depends on Kelp's disposal plan for the remaining endorsed assets and governance voting from all parties.

This also confirms one point: in the absence of industry consensus on responsibility boundaries, lending protocols must actively internalize external dependencies such as bridging risks into their own risk control systems, rather than relying on post-event accountability or external bailouts.