On April 18, Kelp DAO's cross-chain bridge was attacked, with the attacker minting 116,500 rsETH without real asset backing, which were then deposited into Aave to borrow WETH. The Aave Guardian initiated an emergency freeze within hours. According to on-chain estimates by Lookonchain, the potential bad debt faced by Aave V3 and V4 is approximately $195 million.
In contrast, SparkLend, the lending protocol under the MakerDAO (Sky) ecosystem, suffered no losses.
This is not because Spark's team is smarter than Aave's, nor because they identified the vulnerability in this cross-chain bridge in advance. Spark's reason for exiting rsETH was written in a governance forum post three months ago and has nothing to do with the security of the bridge contract.
January 29, 2026, is the core date of this article. On this day, Spark executed a governance operation called Spell, halting new supply of rsETH. On the same day, Aave's rsETH E-Mode officially launched, allowing users to use rsETH as collateral to borrow WETH with a maximum loan-to-value (LTV) ratio of 93%.
One exited, the other expanded, both on the same day.
Spark's decision to exit began with a governance post submitted by PhoenixLabs (Spark's ecosystem execution body) on January 16, 2026. The reason was straightforward: low utilization of rsETH, with almost all usage coming from a single wallet (on-chain address 0xb99a), and the holder of this wallet had expressed willingness to use alternative collateral like wstETH or weETH. The original governance post stated, "Exiting rsETH can improve SparkLend's safety margin and enhance risk-adjusted returns." This was a periodic asset cleanup; other assets exited in the same batch included tBTC, ezETH, and the entire Gnosis Chain market, all for the unified reason of "low utilization."
Aave's expansion decision started earlier, from a proposal initiated by ACI (Aave Chan Initiative, a governance proposal body led by Marc Zeller) on November 17, 2025. The motivation was clear: "Restore WETH utilization, expected to attract $1 billion in rsETH inflows." Chaos Labs completed risk parameter confirmation in January, setting the E-Mode LTV at 93% and the liquidation threshold at 95%. Entities involved in the decision included ACI, Chaos Labs, LlamaRisk, and Aave community voters. This was an expansion decision driven by multiple parties, not a mistake by a single entity.
Three months later, the market delivered the result.
In Aave's current Umbrella insurance mechanism, available funds are approximately $50 million, covering only about 25% of the potential $195 million bad debt. The loss absorption order is: aWETH stakers bear the loss first, followed by WETH depositors proportionally, then stkAAVE and the DAO treasury. Aave's TVL dropped from $26.4 billion to $19.8 billion, including panic withdrawals. The USDT market utilization reached 100% within hours, with new borrowing amounting to approximately $300 million.
In SparkLend's rsETH market, the current frozen residual value is $37,300, equivalent to 15.32 rsETH. Wallet 0xb99a had almost entirely migrated to wstETH and weETH after new supply was prohibited on January 29, exactly matching the prediction in the governance post.
Spark co-founder Sam MacPherson (@hexonaut) pointed out on April 19: Protocols claiming no exposure to rsETH does not mean they truly have no exposure. If users have collateral in affected lending markets, indirect exposure still exists. Spark had no direct losses, but indirect risks are still being assessed.
Both protocols made opposite decisions on the same day. This is not about whether Spark or Aave made the right decision; the starting points of the two systems were completely different.
Spark's risk control logic is triggered by "whether marginal cost exceeds marginal benefit." If utilization falls below a threshold, single-user concentration exceeds the standard, or risk-adjusted returns are subpar, any hit places the asset on the exit candidate list. This is a proactive, efficiency-oriented tightening mechanism, unrelated to whether the asset itself has security risks.
Aave's logic is triggered by "market growth opportunities." WETH utilization was relatively low, the rsETH market was large enough, and E-Mode could attract incremental funds. Starting from this entry point, the parameter direction was expansion: LTV 93%, loose supply cap, and promotion by multiple governance entities.
These two protocols answer completely different questions: "Is this asset worth continuing to hold?" versus "How much incremental value can this asset bring?" Before a risk event is triggered, both approaches are reasonable business logics. The referee only appears after the trigger.
Spark's safety outcome has another layer of support.
In his April 19 X post announcing the "exit from rsETH," Sam MacPherson mentioned: "SparkLend has rate-limited supply and borrow caps. Its oracle mechanism also uses a three-median system." This points to two other lines of defense in Spark's risk control system.
One is the physical constraint during operation. The Rate-Limited Supply Cap limits the maximum supply per unit time, and the Borrow Cap limits the maximum borrowing scale. The implication of these two designs is that even if Spark had not exited rsETH, the attacker could not have deposited $292 million worth of rsETH in one go as they did on Aave; the loss scale would have been compressed by a hard cap.
The other line is at the price information layer: a 3-median oracle, taking the median from three independent price sources—Chronicle, Chainlink, and RedStone—with Uniswap TWAP as a fallback in extreme cases. Manipulation of a single price source does not affect liquidation triggers. In contrast, Aave faced an exposure window during this event due to lagging oracle prices, a design-level difference rather than an execution-level mistake.
The design logic of these three lines of defense is consistent: they do not rely on identifying specific risks in advance but instead limit the maximum exposure scale of any single risk event at the system level.
The final loss figure depends on Kelp DAO's loss distribution plan. Currently, there are three options: socializing the loss among all-chain rsETH holders (reducing the bad debt scale), having L2 rsETH holders bear the loss alone (mainnet Aave bad debt remains unchanged), or a snapshot rollback (extremely difficult to execute). This number will be answered in the coming weeks.
But the results of the two decision-making philosophies can already be quantified: a gap of approximately $195 million, triggered on the same date, written into the governance operations on the same day.
