Cryptoquant: KelpDAO Hack 'Contagion' Triggers Worst DeFi Liquidity Crunch Since 2024

The KelpDAO exploit allowed an attacker to siphon unbacked rsETH tokens and deposit them into Aave, triggering one of the sharpest liquidity contractions in recent DeFi history, according to the latest Cryptoquant report dubbed the “ DeFi Contagion.”

Key Takeaways:

• The KelpDAO exploit on April 18, 2026, exposed Aave to an estimated $124M-$230M in bad debt within 72 hours.
• Aaves total value locked fell 33%, shedding billions, with $USDT and $USDC borrow rates hitting 14%.
• $USDe supply shed $800 million in three days, signaling continued DeFi liquidity stress across major protocols.

KelpDAO rsETH Hack Triggers Multi-Billion-Dollar Liquidity Drain on Aave

According to Cryptoquants assessment of the situation, the attacker used the drained uncollateralized rsETH to exchange for WETH and stablecoins on Aave, exploiting a critical vulnerability in KelpDAOs infrastructure. The attack quickly rippled across the broader DeFi ecosystem.

Cryptoquant researchers found that Aaves aETHrsETH contract holds approximately 83% of all rsETH circulating supply, making it the single most exposed protocol to the hack. The firm estimates Aave now carries between $124 million and $230 million in potential bad debt tied to depegged rsETH collateral.

Aaves total value locked (TVL) dropped massively in the 72 hours following the exploit, a 33% drop that Cryptoquant described as one of the sharpest protocol-level liquidity contractions in recent DeFi history.

Borrowing rates across Aaves three largest markets reflected the pressure immediately. Cryptoquant data shows $USDT and $USDC borrow rates on Aave V3 jumped from 3.4% to 14% as users rushed to borrow stablecoins and exit the protocol. Before the hack, those rates had held steady at 3.4%, consistent with normal DeFi lending conditions.

$ETH borrowing rates on Aave V3 climbed to 8%, the highest reading Cryptoquant has recorded since at least January 2024. Rates later stabilized near 5%, still more than double the pre-hack level of 2%.

The simultaneous rate spike across $ETH, $USDC, and $USDT signals system-wide stress rather than isolated market movement, according to the Cryptoquant report. $ETH, $USDC, and $USDT are Aaves three largest markets by total value locked.

Cryptoquant researchers described the dynamics as a classic DeFi liquidity crunch: depositors withdrawing while borrowers increase demand at the same time, leaving available liquidity to fall rapidly and interest rates to reset higher. As of the report date, rates remain elevated above pre-hack levels.

The yield-bearing stablecoin, $USDe, the fourth-largest asset on Aave with $412 million in protocol deposits, also saw significant pressure. Cryptoquant tracked a net collapse in $USDe minting activity in the days following the hack, driven by both contagion from the Aave crisis and persistently negative $ETH and BTC perpetual futures funding rates.

$USDe‘s total supply fell from $5.8 billion to $5 billion in three days, a decline of $800 million or 14%. Cryptoquant called it one of the largest short-term redemption events in $USDe’s history.

As one of the largest stablecoins globally behind only $USDT, $USDC, USDS, and DAI, $USDes contraction points to a meaningful withdrawal of liquidity from the broader DeFi ecosystem, the firm noted.

Negative perpetual funding rates compressed $USDes delta-neutral yield during this period, accelerating redemption incentives for holders. Cryptoquant explained that the combination of hack-driven risk-off behavior and structural funding rate pressure marks a significant deterioration in DeFi market conditions.

The latest Cryptoquant report highlights the systemic risk of concentrated collateral exposure in DeFi lending protocols, noting that Aaves outsized rsETH position amplified contagion far beyond the initial exploit.