A major crypto hack that drained nearly $300 million from a little-known decentralized finance (DeFi) project has shaken investor confidence, triggering a wave of withdrawals from one of the sector’s biggest lending platforms, Aave.
- +$300m DeFi hack triggers panic as billions exit Aave
The attack, which happened over the weekend, saw hackers steal a derivative form of Ether and use it in an unusual way that intensified fears across the market.
The attack, which happened over the weekend, saw hackers steal a derivative form of Ether and use it in an unusual way that intensified fears across the market. Instead of quickly laundering the stolen funds, the attackers deposited about $200 million worth of the tokens as collateral on Aave to borrow other cryptocurrencies.
This move raised concerns among users that the collateral backing loans on the platform could be unreliable or even worthless. As panic spread, depositors rushed to withdraw their funds, sparking what analysts describe as a bank run in the DeFi space.
Data from industry tracker DefiLlama shows that Aave recorded about $9 billion in net outflows within days of the incident. The platform’s total value locked, a key measure of assets held, dropped sharply by more than one-third to around $17.5 billion.
Market watchers say the reaction reflects deep concerns about risk in decentralized systems. “Users are withdrawing first and asking questions later,” said a crypto portfolio manager, highlighting the uncertainty over who would bear losses if the collateral proved invalid.
The breach has been linked to vulnerabilities in cross-chain bridge technology, software that allows assets to move between different blockchain networks. These systems have long been seen as weak points in the crypto ecosystem.
The affected protocol, Kelp DAO, has since paused operations as it investigates the attack. Meanwhile, LayerZero, which developed the bridge technology involved, indicated that the scale and sophistication of the hack suggest possible links to North Korean cyber groups.
Cybersecurity firms including PeckShield and Cyvers said the attackers borrowed as much as $236 million using the stolen tokens across multiple platforms, with most of the activity taking place on Aave.
In response, Aave has frozen markets related to the affected token, known as rsETH, and said the asset remains fully backed. However, restrictions are still in place as a precaution.
The incident comes just weeks after another major DeFi breach involving Drift Protocol, where about $280 million was stolen, raising fresh concerns about the security of decentralized platforms.
For many investors, the latest attack highlights a fundamental issue in DeFi, the absence of a central authority to absorb losses or provide guarantees.
As uncertainty lingers, confidence in the fast-growing sector appears to be under renewed pressure.
