Kelp DAO Vulnerability Triggers Exodus of Hundreds of Billions; Two Major DeFi Lending Pathologies Clash Head-On
Title: Kelp DAO Exploit Triggers $15 Billion Exodus, Exposing a Clash Between Two DeFi Lending Models.
In April 2026, a hacker exploited a LayerZero bridge vulnerability in the Kelp DAO project, minting $292 million in fake rsETH tokens. These were deposited into Aave as collateral to borrow real Ethereum, draining the protocol's liquidity. Within three and a half days, Aave saw $15 billion in deposits flee, forcing a costly $160 million bailout. The root cause was identified as Aave's governance, which had previously voted to set rsETH's loan-to-value ratio to a risky 93%, leaving minimal safety margin.
This incident starkly contrasts with the experience of Morpho, the second-largest DeFi lending protocol. Some fake rsETH also flowed into Morpho, but the exposure was limited to $1 million across isolated, pre-configured markets, preventing systemic contagion.
The event highlights a fundamental divergence in DeFi lending architectures. Aave employs a shared liquidity pool model, where all deposits back all approved collateral assets, governed by DAO vote. This creates systemic risk, as seen when even users who never interacted with rsETH faced frozen funds. Furthermore, Aave's governance, influenced by leveraged borrowers, prioritized their interests during the crisis, even lowering borrowing rates for frozen markets at the expense of safer depositors. Its supplemental insurance mechanism, Umbrella, also failed as providers withdrew capital when needed.
Morpho operates on an isolated market model. Anyone can create a separate lending market with fixed parameters (collateral, loan asset, oracle, rates). Independent risk managers (curators) allocate capital to these markets, bearing losses within their own vaults if they occur. This structure prevents risk from spreading and removes governance conflicts, as curators' decisions are not subject to community override.
Beyond crisis management, the shared pool model carries a hidden cost: idle capital. In Aave's core markets, the spread between borrowing and deposit rates represents unusable funds, costing an estimated $52 million annually in lost value. Morpho's model targets a higher utilization rate (90% vs. Aave's 60-80%) because it eliminates rehypothecation risk, dynamically adjusting rates to balance supply and demand without governance delays. Consequently, Morpho often offers higher net yields to depositors.
Institutional adoption underscores this difference. Major players like Coinbase (powering its lending for over 100M users), Apollo Global Management, Anchorage Digital, and SG-FORGE (Societe Generale) have chosen to build on Morpho. They require compliant, self-controlled risk parameters that Aave's community-governed model cannot provide. This trend is amplified by regulations like the proposed US GENIUS Act, which will push stablecoin issuers to seek neutral, controllable infrastructure like Morpho to manage trillions in reserve assets.
marsbit2 дня назад 01:44
