DeFi United Is Not Unity but Self-Rescue: Capital Structure and Systemic Risks Behind the Aave Incident

Event Overview: How an "Atypical Attack" Became Systemic Risk

In April 2026, the DeFi market faced a landmark risk event. Unlike traditional protocol exploits, this crisis centered on the forgery of Collateral assets themselves.

The attack began with KelpDAO, where hackers exploited a Bridge vulnerability and weaknesses in LayerZero’s verification mechanism to create rsETH with no genuine Collateral backing.

These "forged assets" were then deposited into Aave and used as Collateral to Borrow real ETH, with the total reaching nearly 100,000 ETH.

This structure means:

• Aave’s Risk Control logic itself did not fail

• However, its reliance on "external asset credibility" was breached

• Risk was transmitted through cross-protocol pathways

This highlights DeFi’s core strength and vulnerability: trust between protocols is composable, but so is risk.

Timeline Review: From Exploit to Liquidity Exhaustion

Breaking down the event by timeline reveals how risk spread:

Phase 1: Exploit (Day 0–1)

• Hacker forges rsETH

• Establishes large-scale lending positions on Aave

• Borrows significant amounts of ETH

Phase 2: Market Discovery (Day 2–3)

• Abnormal Collateral activity detected

• Risk begins to be disclosed

• Partial withdrawal of funds begins

Phase 3: Collapse of Confidence (Day 3–6)

• Whales and institutions withdraw first

• Aave TVL drops sharply

• Stablecoin pool Utilization Rate surges

Phase 4: Liquidity Crisis (Current)

• USDC / USDT pools reach nearly 100% Utilization Rate

• Retail users struggle to withdraw

• The market enters a "bank run" state

This process closely mirrors a bank run in traditional finance, but unfolds on-chain and at a much faster pace.

Capital Structure Breakdown: DeFi United’s Three-Tier Capital Sources

Source: Defiunited

Confronted with bad debt and a liquidity crunch, Aave launched the so-called "DeFi United" bailout mechanism.

But at its core, this is not a simple industry donation—it’s a multi-layered capital assembly system.

Tier 1: Direct Funding (Signal Layer)

• Founder Stani Kulechov: 5,000 ETH

• Golem Foundation: about 1,000 ETH

The main function of this tier is to stabilize market expectations and prevent panic from spreading further.

However, the scale of these funds is far from enough to fill the gap.

Tier 2: DAO Treasury (Core Layer)

Includes:

• Aave DAO (about 25,000 ETH)

• Lido (2,500 stETH)

• EtherFi (5,000 ETH)

This tier’s essence is to use protocol-controlled collective Assets to absorb losses.

Key points:

• These funds are not "project team money"

• They come from users’ historical Returns and protocol accumulation

Also, these proposals still require DAO voting—there is a risk they may not pass.

Tier 3: Financial Support (Leverage Layer)

• Mantle: 30,000 ETH (loan)

This structure introduces a critical variable: the bailout is no longer just "filling the gap," but "raising capital."

This means:

• Repayment is required

• May carry Interest Rate

• Increases future burdens

Summary

DeFi United is, in effect, a combination of donations, DAO fiscal spending, credit financing, and future Returns overdraft.

Risk Transmission Mechanism: How rsETH Became a Systemic Hazard

The problem with rsETH is that multiple protocols already accept it as "high-quality Collateral."

If its value or credibility is compromised, the impact spreads rapidly:

• Bad debt appears on Aave

• Other protocols accepting rsETH come under pressure

• Return products trigger liquidations

This process is like an epidemic: asset layer → protocol layer → user layer. The key amplifier is DeFi’s composability.

The Essence of the Liquidity Crisis: How an On-Chain "Bank Run" Happens

Aave’s current issue is essentially a classic liquidity mismatch:

• Assets: long-term lending positions

• Liabilities: deposits withdrawable at any time

When market confidence drops:

• Large investors withdraw first

• Liquidity rapidly decreases

• Remaining users struggle to withdraw

• Panic intensifies

The result is an on-chain bank run.

Governance Structure Issue: Mismatch Between Power and Risk

This event exposed a long-standing issue:

Decision-making power: DAO token holders

Risk-bearing: depositors

When bad debt cannot be fully covered:

• User Assets are "discounted"

• But users have no voting rights

This shows DeFi has not truly achieved equal distribution of risk and governance.

Three Scenario Simulations: Can the Bailout Succeed?

Scenario 1: Full Bailout (Low Probability)

Conditions:

• All DAO proposals pass

• Loans are executed

• Market confidence returns

Result:

• No user losses

• System stability maintained

Scenario 2: Partial Bailout (Baseline Scenario)

Conditions:

• Partial funds secured

• Some bad debt absorbed

Result:

• Users bear partial losses

• Protocol shrinks

Scenario 3: Bailout Fails (Tail Risk)

Conditions:

• Core proposals do not pass

• Liquidity continues to deteriorate

Result:

• Risk spreads

• Multiple protocols decline together

Deeper Impact: DeFi Is Becoming a "Bank-like System"

This event may mark a structural turning point for DeFi.

Previously, the narrative was:

• Trustless

• No intermediaries

• User self-custody

But the reality is evolving toward:

• Systemically important protocols

• Joint rescue mechanisms

• Implicit "lender of last resort"

Although DeFi still lacks a centralized role like the Fed, its structure is beginning to resemble the traditional financial system.

Conclusion

The Aave incident is not just a simple hack, but a systemic release of composability risk under extreme conditions in DeFi.

DeFi United is not simply industry solidarity, but a collective self-rescue under real-world pressure.

One question remains: when the system suffers losses, who ultimately bears them?

Currently, the answer still points to retail users.