Author: Climber, CryptoPulse Labs
On April 24, Aave, in collaboration with several institutions, launched a rescue plan called "DeFi United" to address the approximately $292 million loss caused by the KelpDAO vulnerability attack and prevent further bad debt from spreading.
The attack primarily stemmed from a vulnerability in KelpDAO's integration with LayerZero, where hackers forged unsecured rsETH and used it as collateral on Aave to borrow approximately $190 million in assets. This led to distorted collateralization and triggered a bank run, causing the platform's TVL to plummet by about $10 billion at one point.
Currently, Lido Finance, EtherFi, and founder Stani Kulechov have proposed funding plans. Aave has secured potential support of 43.5k ETH to help stabilize the DeFi lending system, but a gap of approximately 68.9k ETH remains.
What started as a technical security incident is rapidly evolving into a test of trust for the industry. When there is no central bank, no mandatory mechanism, and no lender of last resort, can this system truly repair itself?
I. The Vulnerability Isn't the Focus; the Real Problem Is: The Money Is Truly Insufficient
The cause of the incident is actually very clear.
The security incident surrounding rsETH caused a significant imbalance in Aave's asset structure. Hackers, through the lending mechanism, withdrew 99.6k ETH, which is equivalent to directly removing a core piece of liquidity from the system.
The danger of this type of operation lies in the fact that it is not a traditional theft of assets but rather borrowing money by exploiting the rules. From the protocol's perspective, these assets were indeed legitimately borrowed, but from the overall system's perspective, they are no longer within the available range.
Fortunately, a critical "stop-loss" action occurred on-chain shortly after.
On Arbitrum, approximately 30.7k ETH was successfully frozen. This, to some extent, prevented further losses and bought time for subsequent handling. However, even so, an undeniable figure remains on the books—an actual shortfall of roughly 68.9k ETH.
The significance of this number lies in its certainty; it is neither an expected loss nor an unrealized loss but a clear, existing funding gap. In other words, without external replenishment, this hole will not disappear on its own.
More critically, such a gap can quickly translate into a trust issue. Users will not analyze complex technical details or deconstruct lending models. They will only ask one simple question: Is the money I deposited still safe?
Once this question starts being asked repeatedly, the risk has already begun to spread.
The operation of lending protocols essentially relies on the confidence of随时可提取 (suí shí kě tí qǔ -随时可提取 means "withdrawable at any time"). As long as users believe they can withdraw their funds, the system remains stable.
But once confidence wavers, it enters a familiar path. First, a small amount of capital withdrawal, then accelerated outflows, finally evolving into structural pressure.
And now, market reactions have already begun to show.
Aave's total deposit size showed a noticeable decline after the incident, with liquidity margins tightening. This change is not an instantaneous collapse but a typical slow death. Every withdrawal amplifies the system's instability.
This is also why the core of this incident is not about how much was hacked. It's about a more fundamental question: When a DeFi protocol faces a real funding gap, does this system have the ability to repair itself?
II. "DeFi United": An Experiment in Rescue Without a Central Bank
Facing the gap, Aave did not choose to wait for the market to self-correct.
Instead, it proactively initiated a symbolic action by establishing a joint rescue mechanism called "DeFi United."
This step essentially does something very common in traditional finance but extremely rare on-chain: introducing external liquidity support.
In traditional systems, this role is usually assumed by the central bank.
When financial institutions face liquidity problems, there is a clear backstop mechanism. But in the world of DeFi, no such role exists.
Thus, this attempt became an alternative solution. That is, for leading protocols within the industry to collectively assume the role of the lender of last resort.
Consequently, a somewhat uncommon scene emerged. Protocols that competed in different sectors began to集中表达支持 (jí zhōng biǎo dá zhī chí -集中表达支持 means "centrally express support"):
Lido Finance offers 2500 stETH (proposal stage)
EtherFi Foundation offers 5000 ETH (in proposal)
Stani Kulechov personally contributes 5000 ETH
Golem Foundation offers 1000 ETH
Mantle proposes to offer 30000 ETH (currently the largest amount)
Additionally, projects like Ethena, LayerZero, Ink Foundation, Tydra have also publicly expressed support.
In terms of scale, this is a significant "blood transfusion action." The current potential support scale is about 43.5k ETH. If fully realized, it could cover most of the gap.
But the problem is equally clear: it still cannot completely fill the 68.9k ETH shortfall.
More importantly, the status of these funds is not entirely consistent.
Some are clearly committed contributions, but some are still in the governance proposal stage and require community voting to pass. Others have merely expressed support without specifying an amount.
This makes the entire rescue mechanism semi-deterministic. It is valid in direction but still carries uncertainty in execution.
Even so, the mechanism itself is significant enough. Because it clearly demonstrates, for the first time, a possibility: DeFi can attempt to address systemic risks through horizontal collaboration among projects.
Why are these protocols willing to step in? The reasons are actually not complicated.
Aave is not an isolated protocol; it is a core node in the entire DeFi liquidity network. If it encounters problems, the impact will spread outward. For example, the value of staked assets may come under pressure, restaking structure may be impacted, and the stablecoin collateral system may also experience fluctuations, etc.
In other words, this is no longer just one project's problem. It is a potential source of risk that could affect the entire ecosystem.
So the essence of this joint rescue is not just to help Aave overcome difficulties. It is to prevent cracks from appearing in the entire DeFi credit system.
III. The Real Test: Can DeFi Withstand the "Crisis of Trust"?
As the event progresses, the problem is shifting from the funding level to the structural level. And this crisis is becoming a critical test for DeFi.
Let's return to the most critical question first: Can this funding gap be completely filled?
If yes, Aave's asset-liability relationship will rebalance. Market confidence will gradually recover, and capital flows will stabilize.
But if not, even if only a part is missing, it will leave hidden dangers.
The market will not be reassured because most of it has been covered; it will only focus on one result: whether the risk has been completely eliminated (chè dǐ xiāo chú -彻底消除).
Secondly, the mechanism itself is being tested. Can "DeFi United" become a long-term solution?
At least for now, it still has several structural problems.
For example, it lacks enforcement power. All participants' contributions are based on voluntariness. Once the market environment changes, whether commitments will be honored remains uncertain.
Furthermore, there is a lack of standardized rules. There are no clear contribution ratios, trigger conditions, or return mechanisms. Each rescue requires重新协调 (chóng xīn xié tiáo -重新协调 means "re-coordination"), which means efficiency and stability are limited.
Then there is the issue of scale上限 (shàng xiàn -上限 means "upper limit"). This gap is about 68.9k ETH. But if larger risks emerge in the future, whether this mechanism can still cover them remains unknown.
And these issues also determine one thing: This mechanism currently seems more like a temporary solution than a mature industry rescue system.
Even so, it still holds significant meaning. Because it provides a direction: in the absence of centralized backing, can DeFi spontaneously form a risk-sharing mechanism?
Therefore, this event can be seen as an on-chain version of a stress test. It will not directly determine the success or failure of the industry, but it will affect how the market perceives it.
If this rescue succeeds, it may bring several changes. For example, DeFi forms a cross-protocol collaborative risk response mechanism for the first time, the credit of leading protocols is repaired or even strengthened, and the market's trust boundary for on-chain finance is重新得到扩展 (chóng xīn dé dào kuò zhǎn -重新得到扩展 means "re-extended").
But if it fails, the consequences are equally clear. User trust in lending protocols declines, capital further withdraws from high-risk structures, and the risk premium for the entire DeFi system rises, etc.
And the deeper impact is that users may start to rethink a question: Is DeFi truly a system that can承载大规模资产 (chéng zài dà guī mó zī chǎn -承载大规模资产 means "bear large-scale assets") in the long term?
Conclusion
On the surface, this is a gap of 68.9k ETH. But on a deeper level, this is a major test about how trust is rebuilt.
In an environment without a central bank, without regulatory backstops, leading DeFi projects are using the most primitive way to answer the most core question: When risk truly occurs, can this system save itself?
The answer is not yet fully revealed, but one thing is certain: regardless of success or failure, this attempt will注定需要更长的时间和付出来修复重建 (zhù dìng xū yào gèng cháng de shí jiān hé fù chū lái xiū fù chóng jiàn -注定需要更长的时间和付出来修复重建 means "destined to require more time and effort to repair and rebuild").
