Tydro, the Aave-backed lending protocol for Ink with $247 million in deposits, shut down all markets on May 4 after issues were discovered with a third-party oracle provider. The closure comes barely two weeks after Tydro contributed to coordinated relief efforts for Aave following the $290 million KelpDAO exploit that affected the protocol.
Tydro posted on X that it “temporarily halted all markets out of an abundance of caution following reports of issues with a third-party oracle,” adding that user funds remained safe.
However, it did not provide a timeline for the restoration.
How did Tydro go from savior to saved?
On April 23, Tydro and the Ink Foundation announced they joined Aave and other ecosystem participants in a “coordinated DeFi relief effort” to help parties affected by the KelpDAO rsETH exploit and “support an orderly resolution for lenders and reduce bad debt,” according to Tydro’s post at the time.
This exploit, which siphoned off approximately $290 million via uncollateralized rsETH tokens smashed through a vulnerability in the KelpDAO bridge on April 18. The incident led to $15.1 billion in outflows from Aave for three and a half days. Aave saw its deposits drop from $48.5 billion to $30.7 billion as users fled to competing platforms like Spark.
Tydro, which describes itself as “a non-custodial lending protocol for onchain capital markets, powered by Aave and built on Ink,” is now facing its own problems, even though it has not confirmed whether it was exploited or not.
Currently, Tydro has over $206.7 million in active loans and generated over $943,000 in fees over the last 30 days, per DeFiLlama data.
Has Aave recovered from the April exploit?
Aave itself has yet to fully recover from the consequences of the April exploit. On the same day Tydro went dark, Aave LLC filed an emergency motion to revoke a restraining order served on Arbitrum DAO on May 1 that “seeks to seize approximately $71 million in ETH belonging to the victims of the April 18 exploit,” according to the protocol post on X.
The plaintiffs who filed the restraining order claim that the thief is connected to North Korea and the funds seized as a result already belong to North Korea, against whom they already harbor grievances.
Aave disputes this position, stating: “A thief does not acquire legal ownership of stolen property by simply taking it, and the law is clear on this.” It wrote: “These assets have been recovered to be returned to users who fell victim to the April 18, 2026 exploit. Freezing them harms the very people this recovery effort is designed to protect.”
Tydro users, on the other hand, are still in the dark about how long the markets will remain frozen and whether the oracle issue has exposed positions to liquidation risk. For now, they can only assume that the protocol says it is “actively investigating.”