The resilience of decentralized finance protocols was put to the test in April 2026 when an exploit involving KelpDAO’s rsETH triggered a significant liquidity crisis across Aave’s lending markets. The incident, which saw an attacker deposit unbacked assets to borrow large quantities of Wrapped ETH (WETH), forced the protocol’s automated interest rate models to react in real time. As utilization rates hit 100%, borrow and supply yields spiked dramatically, illustrating the rapid propagation of risk within shared liquidity pools.

The fallout extended beyond WETH, creating a cascading effect that resembled a traditional bank run. Within 24 hours, over $2 billion in stablecoin liquidity was withdrawn from Aave pools as participants scrambled to secure their assets. While the protocol’s pooled model offers deep capital efficiency, this event highlighted the inherent vulnerability of shared liquidity, where stress in one asset class can quickly impact the broader ecosystem. Despite the creation of approximately $123 million in bad debt, the community-led DeFi United initiative successfully intervened to backstop the affected markets.

In the wake of these challenges, Aave has continued to expand its infrastructure through Aave Horizon, a specialized platform designed for institutional participants. By enabling the use of tokenized real-world assets (RWAs)—such as U.S. Treasury funds from issuers like Superstate, VanEck, and Ripple—as collateral, the protocol is shifting toward a more diversified credit model. This evolution aims to integrate traditional financial instruments into the on-chain environment, allowing institutional investors to access 24/7 liquidity without liquidating their holdings.

As of mid-2026, market conditions have largely stabilized, with liquidity levels recovering across major pools. The transition toward RWA-backed lending represents a significant milestone for on-chain finance, moving beyond crypto-native collateral toward a more sustainable, institutional-grade framework. The lessons learned from the KelpDAO incident remain a focal point for developers and risk managers as they refine the balance between composability and systemic security.