KelpDAO was exploited for roughly $300 million, a breach that immediately triggered heavy withdrawals on Aave and exposed fault lines in crypto lending markets. It is clear how much was taken and that a stabilization effort formed; it is not yet public which counterparties will ultimately shoulder any remaining shortfall.

The latest confirmed developments

Security reporting shows KelpDAO suffered an exploitation of about $300 million, and the incident precipitated a bank run on Aave as users pulled funds amid a spike in concern. Aave’s balances fell sharply — reporting indicates the protocol lost $17 billion in deposits and $5.5 billion in active loans — and a DeFi coalition mobilised more than $300 million to stabilise the situation. See the initial incident reporting and the coalition response for timelines and figures: KelpDAO hack report and DeFi raises $300m for Aave response.

What is still unresolved — and why lenders should care

The confirmed facts show immediate losses and a large emergency pledge, but they stop short of assigning ultimate responsibility for any residual gap between assets and liabilities. That uncertainty matters because this episode demonstrates counterparty risk in crypto-backed lending platforms during loss-of-confidence scenarios and highlights collateral risk across interconnected DeFi protocols. Recovery and the coalition’s capital injection do, however, reinforce longer-term confidence in DeFi stability mechanisms.

Assetify judgement: the event underlines that even rapid, well-funded stabilization efforts cannot substitute for clearer loss-allocation frameworks — lenders and counterparties will need clearer playbooks on who bears losses when confidence breaks.

What still matters now is watching how the pledged funds are deployed, which wallets or protocols are credited, and whether the stabilization steps produce a durable return of deposits and lending activity.