When $10 billion leaves the biggest lending protocol in DeFi, it has to go somewhere. After the $292 million Kelp DAO exploit froze Aave’s core markets and trapped billions in stablecoins, users did not just panic. They moved. And much of that money landed at SparkLend.
SparkLend’s total value locked surged from around $1.89 billion to $3.3 billion as of April 22, per DefiLlama data. That is over $1.4 billion in fresh deposits in four days. The SPK token responded by ripping 80% higher, hitting $0.057 on trading volume of over $500 million.
Aave did not get hacked. But it got stuck holding the bag from someone else’s hack, and users decided they did not want to stick around while the protocol figured out how bad the damage was.
Why Is Capital Leaving Aave for SparkLend?
The Kelp DAO exploit on April 18 created a crisis of confidence that went far beyond the $292 million that was actually stolen. An attacker minted fake rsETH tokens through a compromised bridge, deposited them into Aave as collateral, and borrowed roughly $190 million in real wrapped ETH against them. When users realised Aave was sitting on potentially $124 million to $230 million in bad debt, withdrawals accelerated into a full bank run.
Aave’s TVL plunged by approximately $10 billion in just four days, dropping from $26 billion to around $16 billion. All core markets hit 100% utilisation, meaning nobody could withdraw their stablecoins. That is the kind of experience that permanently changes how users think about counterparty risk.
SparkLend benefited because it had already done the thing that Aave failed to do: manage its exposure to risky collateral. The Spark team had paused rsETH and other low-usage assets as early as January 2026, leaving it completely unaffected by the Kelp incident. When billions started fleeing Aave, SparkLend looked like the safest port in the storm.
Where Else Is the Money Going?
Not all of Aave’s $10 billion went to one place. The capital fragmented across multiple destinations, each reflecting a different risk appetite.
SparkLend captured the largest identifiable share, roughly $1.4 billion. Its connection to the Sky (formerly Maker) ecosystem, which holds $6.5 billion in stablecoin reserves, gave users confidence that the protocol could handle a sudden influx without breaking.
Large liquid staking providers like Lido held relatively steady. That stability suggests users are not abandoning ETH exposure entirely. They are stripping out the extra layers of risk tied to restaking, rehypothecation, and cross-chain bridges. They still want to hold Ether. They just do not want to hold it through three layers of smart contracts anymore.
Real-world asset protocols like Centrifuge and Spiko saw modest inflows as some users rotated into tokenised T-bills and bonds. And a significant share of funds simply moved into stablecoins, particularly USDC, as users parked capital on the sidelines rather than redeploying immediately.
Active loans on SparkLend climbed by roughly $500 million over the same period. That detail matters. It means the inflows are not just parked deposits. People are actively borrowing on Spark, which generates real revenue for the protocol and suggests users are setting up permanent positions, not temporary ones.
What Does the SPK Token Surge Mean?
SPK jumped roughly 80% in 24 hours on April 23, climbing from around $0.032 to $0.057. Trading volume hit $506 million, a 1,300% increase from the previous day. The Upbit listing in South Korea on the same day added fuel, opening the token to one of the world’s most active retail crypto markets.
The question is whether the move sticks. RSI hit 81 on April 22, which puts SPK firmly in overbought territory. F2Pool co-founder publicly admitted regretting selling 83.7 million SPK. Social media narratives around the “Aave vs Spark” trade are running hot.
Some analysts are already cautioning that not all of the capital rotation will be permanent. If Aave resolves its bad debt situation and restores confidence, some deposits may flow back. Aave founder Stani Kulechov said recovery plans are underway, and $70 million in ETH has already been recovered from the Kelp hacker.
Is This the Start of a Bigger DeFi Reshuffling?
What happened this week is bigger than one protocol gaining at another’s expense. The Kelp hack exposed a structural problem in how DeFi handles shared collateral and cross-chain risk. Protocols that accepted exotic restaking tokens as collateral got burned. Protocols that stuck to simpler, more conservative risk models came out ahead.
That lesson will reshape how DeFi protocols make risk management decisions going forward. Curve Finance founder Michael Egorov already called for a unified DeFi security rulebook. Ledger’s CTO predicted 2026 will be the worst year for hacks. With over $600 million stolen in April alone between Drift and Kelp, the case for tighter risk controls has never been stronger.
For SparkLend, the opportunity is real but fragile. Keeping $1.4 billion in new deposits means delivering the kind of reliability that Aave failed to provide when it mattered most. If Spark can do that, this week’s capital rotation could mark the beginning of a lasting shift in how DeFi lending market share is distributed.
Frequently Asked Questions
Why did SparkLend’s TVL surge after the Kelp hack?
SparkLend received over $1.4 billion in deposits after the $292 million Kelp DAO exploit triggered a bank run on Aave. SparkLend had already paused risky assets like rsETH months earlier, making it a safer alternative for users fleeing Aave’s frozen markets.
How much did SPK token gain in April 2026?
SPK surged roughly 80% in 24 hours on April 23, climbing from $0.032 to $0.057. The rally was driven by $1.4 billion in new SparkLend deposits, an Upbit listing in South Korea, and a broader rotation of DeFi capital away from Aave.
Will the capital flowing out of Aave return?
Some of it may. Aave says recovery plans are underway, and $70 million in ETH has been recovered from the Kelp hacker. But the reputational damage from hitting 100% utilisation across all markets is significant, and many users may permanently shift to protocols with tighter risk controls.
