Aave Hit by Phishing Attack Just After Reaching $60 Billion in Net Deposits

Attack Overview

With its permissionless lending and borrowing services, Aave, the most popular decentralized finance (DeFi) protocol on Ethereum, has established itself. The protocol operates on fourteen networks. Founded by Stani Kulechov in 2017, Aave stands out for its notable total value locked (TVL) as well as its governance token. Currently, the AAVE governance token is worth around $271 with a market capitalization of $4.15 billion. On August 6, 2025, Aave reached a historic milestone of $60 billion, tripling from $18 billion in August 2002. However, on August 8, 2020, blockchain security researchers such as PeckShield reported that Aave had been the target of a phishing attack. This highlights the potential risks posed by the rapid growth of cryptocurrencies.

The event began when Aave announced a $60 billion net deposit milestone on August 6, 2025, reflecting a surge in demand for decentralized lending and borrowing. However, just a day later, on August 7, 2025, PeckShield discovered a phishing campaign conducted through Google Ads. The fake ads were designed to look like Aave's official investment pages. Users were taken to fraudulent websites with fake domains such as "aaxe[.]co[.]com". The attacker could withdraw all assets once the wallet was connected, taking advantage of the irreversibility of blockchain transactions.

After Aave reached the milestone, the attack proceeded rapidly, attracting a surge in community attention, as it turned out. While there have been no specific reports of funds lost, the magnitude of the campaign using Google Ads puts institutional and individual investors at high risk. While Aave has yet to provide an official response, security experts are encouraging users to double-check the URL and use tools like Revoke.cash to revoke access in the event of a wallet breach. Concerns have been raised that the major achievements of free finance could become attractive targets for cybercriminals.

Big Impact on DeFi Protocols

While the protocol was not directly responsible for the vulnerability, the phishing attack could have led to users losing trust in Aave. However, Aave could improve its reputation by increasing community education and partnering with security providers if managed well. For DeFi, the event highlights the growth potential—with Aave’s TVL reaching $34.9 billion, up 45% in the quarter—and highlights the need for stronger security. It could potentially spur other protocols like Compound or MakerDAO to improve their defenses if managed well.

The event raises several issues. First, Aave could face regulatory pressure or withdrawal of funds if serious asset losses occur, affecting TVL. Second, the use of Google Ads for phishing shows that major advertising platforms are becoming tools for fraudsters. To prevent this, Aave and Google must cooperate more closely. Third, a negative market reaction could reverse this trend if bad news spreads. AAVE price has increased by 5.98% in 24 hours. Last but not least, competition from other protocols or similar attacks could weaken Aave's leadership.

Conclude

Aave’s phishing attack shortly after hitting $60 billion in net deposits on August 7, 2025, is an important wake-up call, reflecting the intersection of success and risk in DeFi. The move highlights Aave’s growth potential but also raises questions about its ability to protect users from increasingly sophisticated threats. While Aave has an opportunity to strengthen its reputation by improving security, challenges from regulation, market trust, and competition require a swift response. As DeFi grows, the event is a reminder that security must go hand in hand with innovation to ensure long-term sustainability.

Disclaimer: The information presented in this article is the author's personal opinion on the cryptocurrency field. It is not intended to be financial or investment advice. Any investment decision should be based on careful consideration of your personal portfolio and risk tolerance. The views expressed in the article do not represent the official position of the platform. We recommend that readers conduct their own research and consult with a professional before making any investment decisions.