Same Day, Different Fate: Aave Embraces rsETH, Suffers Nearly $200 Million Loss; Spark Exits Unscathed
- Core Viewpoint: This article compares the opposing governance decisions made by Aave and SparkLend regarding the same asset, rsETH, and their outcomes following the Kelp DAO cross-chain bridge attack. It reveals two distinct DeFi risk management philosophies: SparkLend's active tightening mechanism based on "marginal cost and benefit," and Aave's expansion logic based on "market growth opportunities."
- Key Elements:
- Event and Loss: The Kelp DAO cross-chain bridge was attacked. The attacker minted unbacked rsETH, deposited it into Aave, and borrowed WETH, exposing Aave to approximately $195 million in potential bad debt and causing a significant drop in its TVL.
- Decision Contrast: On January 29, 2026, SparkLend proactively halted new rsETH supply due to "low utilization." On the same day, Aave enabled E-Mode for rsETH, allowing collateralized borrowing with an LTV as high as 93%.
- Risk Control Mechanism Differences: SparkLend implements deposit/borrow rate limits and hard caps, and uses a tri-median oracle, systematically limiting the maximum exposure to any single risk.
- Loss Coverage and Impact: Aave's Safety Module can only cover about 25% of the potential bad debt. The remaining losses will be absorbed sequentially by stakers, depositors, etc., triggering market panic and capital outflows.
- Root of Decision Logic: Spark's decision was based on asset utilization efficiency and safety margins, while Aave's decision aimed to increase WETH utilization and attract incremental capital. Both were reasonable business logics prior to the incident.
On April 18, the Kelp DAO bridge was attacked, with the attacker minting 116,500 rsETH not backed by real assets, which were then deposited into Aave to borrow WETH. The Aave Guardian initiated an emergency freeze within hours. According to on-chain estimates by Lookonchain, the potential bad debt faced by Aave V3 and V4 is approximately $195 million.
In contrast, the lending protocol SparkLend, under the MakerDAO (Sky) ecosystem, suffered no losses.
This isn't because Spark's team is smarter than Aave's, nor because they foresaw the vulnerability in this bridge. The reason for Spark's exit from rsETH was documented in a governance forum post three months prior and had nothing to do with the bridge contract's security.
January 29, 2026, is the core date of this article. On this day, Spark executed a governance action called a Spell, halting the onboarding of new rsETH supply. On the same day, Aave's rsETH E-Mode officially went live, allowing users to borrow WETH using rsETH as collateral with a maximum loan-to-value (LTV) ratio of 93%.
One exited, the other expanded, both on the same day.
The starting point for Spark's exit decision was a governance post submitted by PhoenixLabs (Spark's ecosystem execution arm) on January 16, 2026. The reason was straightforward: low utilization of rsETH, with almost all usage coming from a single wallet (on-chain address 0xb99a), whose holder had already expressed willingness to use alternative collaterals like wstETH or weETH. The original governance post stated, "Exiting rsETH can improve SparkLend's safety margin and enhance risk-adjusted returns." This was part of a periodic asset cleanup; tBTC, ezETH, and the entire Gnosis Chain market were also exited in the same batch, all citing "low utilization."
Aave's expansion decision started earlier, originating from a proposal initiated by ACI (Aave Chan Initiative, a governance proposal body led by Marc Zeller) on November 17, 2025. The motivation was clear: "To restore WETH utilization, expecting to attract $1 billion in rsETH inflows." Chaos Labs finalized the risk parameter confirmation in January, setting the E-Mode LTV at 93% and the liquidation threshold at 95%. Decision-making entities included ACI, Chaos Labs, LlamaRisk, and the Aave community voters. This was an expansion decision driven by multiple parties, not a mistake by a single entity.
Three months later, the market delivered the outcome.
In Aave's current Umbrella insurance mechanism, available funds are approximately $50 million, covering only about 25% of the potential $195 million bad debt. The loss absorption sequence is: aWETH stakers bear the brunt first, followed by WETH depositors proportionally, then stkAAVE, and finally the DAO treasury. Aave's TVL dropped from $26.4 billion to $19.8 billion, including panic withdrawals. The utilization rate of the USDT market reached 100% within hours, with new borrowing amounting to approximately $300 million.
The current frozen residual value in Spark's rsETH market on SparkLend is $37,300, equivalent to 15.32 rsETH. Wallet 0xb99a had almost entirely migrated to wstETH and weETH after the new supply ban on January 29, perfectly aligning with the governance post's prediction.
Spark co-founder Sam MacPherson (@hexonaut) pointed out on April 19: Protocols claiming to have no exposure to rsETH may not be entirely risk-free; if users hold collateral in affected lending markets, indirect exposure still exists. Spark suffered no direct losses, but indirect risks are still being assessed.
Two protocols made opposite decisions on the same day. This isn't about which one, Spark or Aave, made the "right" decision; the starting points of their two systems were entirely different.
Spark's risk control logic is triggered by "whether marginal cost exceeds marginal benefit." If utilization falls below a threshold, single-user concentration exceeds limits, or risk-adjusted returns are inadequate, the asset enters the exit candidate list. This is a proactive, efficiency-oriented tightening mechanism, independent of whether the asset itself has security risks.
Aave's logic is triggered by "market growth opportunities." With low WETH utilization and a sizable rsETH market, E-Mode could attract incremental capital. From this starting point, the parameter direction was expansion: 93% LTV, relaxed supply caps, and promotion by multiple governance entities.
These two protocols are answering completely different questions: "Is this asset worth continuing to hold?" versus "How much incremental value can this asset bring?" Both lines of questioning represent reasonable business logic before a risk event is triggered; the verdict only appears after the trigger.
Spark's safety outcome has another layer of support.
In his April 19 X post announcing the "exit from rsETH," Sam MacPherson mentioned: "SparkLend has rate-limited supply and borrow caps. Its oracle also uses a three-median mechanism." This points to two other lines of defense in Spark's risk control system.
One is a physical constraint during operation. The Rate-Limited Supply Cap limits the maximum supply per unit time, and the Borrow Cap limits the maximum borrowing scale. The implication is that even if Spark had not exited rsETH, an attacker could not have deposited $292 million worth of rsETH in one go as they did on Aave; the loss scale would have been capped and compressed by hard limits.
The other defense is at the price information layer: a 3-median oracle, taking the median from three independent price sources—Chronicle, Chainlink, and RedStone—with Uniswap TWAP as a fallback in extreme scenarios. Manipulation of a single price source does not affect liquidation triggers. In contrast, Aave faced an exposure window during this event due to oracle price lag, a difference in design rather than an execution error.
The design logic of these three lines of defense is consistent: they do not rely on identifying specific risks in advance but instead limit the maximum exposure scale of any single risk event at the system level.
The final loss figure depends on Kelp DAO's loss distribution plan. Currently, three options coexist: socializing losses among all-chain rsETH holders (reducing bad debt scale), having L2 rsETH holders bear the burden alone (mainnet Aave bad debt unchanged), or a snapshot rollback (extremely difficult operation). This number will be determined in the coming weeks.
But the results of the two decision-making philosophies are already quantifiable: a gap of approximately $195 million, triggered on the same date, written into the governance actions of the same day.
