On April 18, the cross-chain bridge of Kelp DAO was attacked, with the attacker minting 116,500 rsETH tokens not backed by real assets, then depositing them into Aave and borrowing WETH. Aave Guardians initiated an emergency freeze within hours. According to on-chain estimates by Lookonchain, Aave V3 and V4 face a potential bad debt of about $195 million.
In contrast, the lending protocol SparkLend in the MakerDAO (Sky) ecosystem did not suffer any losses.
This was not because Spark's team was smarter than Aave's, nor because they foresaw the vulnerability of this cross-chain bridge in advance. The reason Spark exited rsETH was outlined in a governance forum post 3 months ago, completely unrelated to the security of the bridge contract.
January 29, 2026, is the key date of this article. On that day, Spark executed a governance action called Spell, halting new rsETH supply. On the same day, Aave's rsETH E-Mode was launched, allowing users to borrow WETH using rsETH as collateral with a maximum Loan-to-Value (LTV) ratio of 93%.
One exiting, one expanding, both on the same day.
The decision to exit by Spark had its starting point in a governance post submitted by PhoenixLabs (Spark's ecosystem executor) on January 16, 2026. The reason for the exit was straightforward: low rsETH usage, with almost all volume coming from a single wallet (on-chain address 0xb99a), whose owner had expressed willingness to use alternative collateral like wstETH or weETH. The original governance post stated, "Exiting rsETH can improve SparkLend's safety margin and increase risk-adjusted returns." This was a periodic asset cleanup, with tBTC, ezETH, and the entire Gnosis Chain market exiting in the same batch, all for the unified reason of "low usage."
Aave's expansion decision had an earlier starting point, originating from a proposal launched by ACI (Aave Chan Initiative), a governance proposal organization led by Marc Zeller, on November 17, 2025. The proposal's motivation was clear: "Restore WETH utilization, expecting to attract $1 billion rsETH inflow." Chaos Labs completed risk parameter validation in January, confirming an E-Mode LTV of 93% and a liquidation threshold of 95%. Decision-making parties included ACI, Chaos Labs, LlamaRisk, and the Aave Community Voters. This was a multi-party-driven expansion decision, not a mistake by a single entity.
Three months later, the market provided the outcome.
In Aave's current Umbrella insurance mechanism, the available funds amount to around $50 million, covering only 25% of the potential $195 million default. The loss absorption order is as follows: aWETH stakers first, followed by WETH depositors pro-rata, then stkAAVE and the DAO treasury. Aave's TVL dropped from $26.4 billion to $19.8 billion, including panic withdrawals. The USDT market utilization reached 100% within hours, with approximately $300 million in new borrowing.
In Spark's rsETH market on SparkLend, the current frozen value is $37,300, equivalent to 15.32 rsETH. The wallet address 0xb99a, which almost entirely migrated to wstETH and weETH after new supply was halted on January 29, aligns perfectly with the governance forum's prediction.
Spark co-founder Sam MacPherson (@hexonaut) highlighted on April 19 that claiming no risk exposure to rsETH in a protocol does not mean there is truly no risk exposure, as indirect exposure remains for users with collateral in the affected lending markets. Spark did not incur direct losses, but indirect risks are still being assessed.
Two protocols made opposite decisions on the same day, indicating that it is not about who made the right decision between Spark and Aave; the root issues of the two systems are fundamentally different.
Spark's risk management logic uses the trigger of "whether marginal cost exceeds marginal revenue," with metrics such as utilization below the threshold, excessive concentration of a single user, and underperforming risk-adjusted returns, triggering assets to be placed on an exit candidate list. This is an active, efficiency-driven tightening mechanism unrelated to the asset's own security risk.
Aave's logic trigger is the "market expansion opportunity." With low WETH utilization and a sizable rsETH market, the E-Mode can attract incremental capital. From this entry point, the parameter direction is expansion, with an LTV of 93%, a generous supply cap, and multiple governing bodies pushing together.
These two protocols address completely different questions: "Is this asset worth holding further?" or "How much incremental value can this asset bring?" Both sets of questions are valid business logic before a risk event is triggered, with the referee appearing only after the trigger.
The security outcome of Spark has another layer of support.
In a post on April 19, Sam MacPherson announced the "exit of rsETH" and mentioned: "SparkLend has rate-limited deposit and borrowing caps. Its oracle mechanism also utilizes a three-party median." This statement points to the other two lines of defense in Spark's risk management system.
One is the on-chain physical constraints. The Rate-Limited Supply Cap restricts the maximum supply within a unit of time, while the Borrow Cap limits the maximum borrowing size. The implication of these two designs is that even if Spark had not exited rsETH at the time, an attacker would not be able to deposit $292 million worth of rsETH in one go, as the loss magnitude would be forcibly capped.
The other line of defense is at the price information level, with a three-party median oracle taking the median of prices from three independent sources: Chronicle, Chainlink, and RedStone. In extreme scenarios, it falls back to Uniswap TWAP. If a single price source is manipulated, it does not affect the liquidation trigger. In contrast, Aave faced an exposure window due to oracle price lag in this event, highlighting a design difference rather than an operational mistake.
The design logic of the three lines of defense is consistent: not relying on the prior identification of specific risks but rather limiting the maximum exposure of any single risk event at a system level.
The final loss figure depends on Kelp DAO's loss allocation plan. Currently, three options coexist: socialized loss among all on-chain rsETH holders (reducing the default scale), standalone losses for L2 rsETH holders (maintaining the Aave mainnet defaults), and snapshot rollback (extremely operationally difficult). This figure will be determined in the upcoming weeks.
However, the results of the two decision philosophies are now quantifiable, with a gap of approximately $195 million. The trigger date is the same, marked in the governance actions of the same day.
