#KelpDAO跨链桥遭攻击 rsETH Three possible paths for handling the hacker incident: difficult to reconcile bad debt reputation, testing KelpDAO's credibility and Aave's risk tolerance. DeFiLlama founder 0xngmi analyzed three potential actions KelpDAO might take after the rsETH hacker event, each with obvious flaws. The final decision will test KelpDAO's credibility and Aave's risk-bearing capacity.

Path one: All users share the losses collectively. KelpDAO would proportionally deduct 18.5% of losses from all rsETH holders. Currently, about 666k rsETH are collateralized across the Aave network, mainly on mainnet and Layer 2, with high leverage (assuming a 95% liquidation LTV). In case of socialized losses, all positions on the mainnet would be wiped out, resulting in approximately $216 million in bad debt. The Umbrella protocol can cover $55 million of bad debt, with the Aave treasury bearing an additional $85 million, leaving a shortfall of about $76 million. KelpDAO might attempt to cover this gap by borrowing or selling Aave tokens (currently valued at around $51 million), but this would put significant pressure on Aave, and all users would need to share the losses.
Path two: Directly rug the rsETH holders on Layer 2. KelpDAO only guarantees mainnet rsETH, considering Layer 2 rsETH as worthless. Currently, Aave L2 has about $359 million in rsETH collateral (based on current oracle prices). If fully leveraged, this could generate about $341 million in bad debt, which cannot be covered by Umbrella. Aave would have to use its treasury or borrow to rescue part of the market, likely abandoning chains like Arbitrum, Mantle, and Base, which would suffer the largest losses, causing these L2 markets to collapse. This approach would have less impact on Aave's mainnet but would severely damage the credibility of the L2 ecosystem and could trigger chain reactions.
Path three: Attempt to only return funds to holders at the snapshot before the hack, which is extremely difficult to execute. KelpDAO would try to fully reimburse rsETH holders as of the pre-hack snapshot, while subsequent buyers or transferees would bear the losses themselves. However, since funds had already flowed out significantly after the attack, and DeFi protocols are essentially liquidity pools, it’s impossible to distinguish between different deposit batches, making technical implementation highly challenging. The hacker borrowed $124 million on Aave mainnet and $18 million on Arbitrum; after deducting Umbrella coverage, about $91 million in losses remain. Although this approach could theoretically minimize contagion, in practice, it is nearly impossible to implement and could lead to legal and community disputes.