Aave Founder Says $8.45B Outflow Proved Protocol's Resilience; V4 to Revamp Risk Controls

BlockBeats reported on June 8 that a cross-chain bridge built by KelpDAO on LayerZero was attacked in April, leading to $292 million in losses and sparking a rapid outflow from Aave. Deposits on the DeFi lending protocol fell by $8.45 billion within 48 hours. Facing questions over Aave's risk framework, founder and CEO Stani Kulechov said the episode underscored the protocol's "resilience." Speaking at the Proof of Talk conference in Paris, he said Aave V3 has remained stable through multiple market cycles, including periods of extreme stress. Kulechov added that many recent DeFi incidents have been tied to third-party infrastructure rather than flaws in protocols' own smart contracts. Risk analysis firm LlamaRisk offered a different assessment, saying the attacker exploited a vulnerability in KelpDAO to mint worthless collateral, deposit it into Aave, and withdraw real wETH. The incident left about $123.7 million in bad debt on Aave V3. In response, the Aave DAO moved quickly to allocate 25,000 ETH, and Kulechov contributed another 5,000 ETH, putting the total backstop at roughly $300 million. Aave is now preparing a broader overhaul via its V4 upgrade. The new release is expected to introduce a modular "hub-and-spoke" architecture in place of the traditional pooled model, allowing separate risk pricing by collateral type and enabling the protocol to freeze specific collateral before issues spread. The goal is to curb cascading runs that can be triggered by cross-chain bridge failures.