#AaveLaunchesrsETHRecoveryPlan Aave Launches rsETH Recovery Plan: DeFi United’s $302M Push to Restore Kelp DAO Exploit Losses

Major industry coalition moves to plug $246M bad debt hole without socializing losses among users

In one of the largest coordinated recovery efforts in decentralized finance history, Aave-led coalition DeFi United has published a detailed technical plan to restore backing for rsETH tokens and eliminate the bad debt left by the April 18 Kelp DAO exploit .

The plan, unveiled on April 28, aims to recover approximately 13,000 ETH from affected positions on Aave and an additional 16,776 ETH from Compound, while fully restoring rsETH's collateral backing . DeFi United has secured 132,704 ETH (approximately $302 million) in commitments from across the ecosystem to fund the recovery .

---

Background: The Kelp DAO Exploit

On April 18, 2026, North Korean hackers exploited a vulnerability in rsETH's bridge from Unichain to Ethereum. A forged inbound data packet was verified on the Ethereum side without a corresponding burn on Unichain, leading to the illicit release of 116,500 rsETH — approximately 18% of the token's circulating supply .

The attackers then deposited portions of these unbacked tokens as collateral on Aave and Compound, borrowing large amounts of Ether and leaving the platforms with a combined $246 million in bad debt . The stolen funds were distributed across multiple addresses, with part deposited on Aave V3 Ethereum, another portion bridged to Arbitrum for additional positions, and the remainder routed through other venues .

Currently, seven addresses linked to the hacker still hold active rsETH collateral positions on Aave and Compound, representing approximately 107,000 rsETH of the original 116,500 stolen .

---

The Recovery Plan: Two Parallel Tracks

The technical implementation focuses on two core objectives :

Track 1: Restoring rsETH's Collateral Backing

rsETH is currently insolvent. While the underlying staked ETH remains intact, the attacker's extraction via collateralized borrowing has created a shortfall that pushed rsETH off its peg to ETH .

To restore full backing, the rsETH-to-ETH exchange rate must return to its nominal Kelp ratio of 1:1.07 .

The restoration process will:

· Convert committed ETH from DeFi United into rsETH in controlled tranches (a deliberate risk-management structure)
· Transfer these rsETH to the bridge lockup contract (RSETH_OFTAdapter 0x85d456b2…98ef3)
· Enable the bridge system to safely resume full operations

LayerZero and Kelp DAO have implemented additional security measures to harden the bridge before operations resume .

Track 2: Clearing Affected Lending Positions

The second track targets eight affected positions across Aave's Ethereum Core and Arbitrum markets. The process requires governance proposals to pass and execute correctly on both networks .

The technical execution involves:

1. Temporarily adjusting the rsETH oracle price to enable efficient liquidations
2. A temporary shortfall will occur during settlement (to be covered in subsequent steps)
3. Recovered rsETH collateral will be transferred to a DeFi United-managed multisig wallet
4. The collateral will be redeemed for ETH through Kelp DAO's standard redemption process
5. The resulting ETH will cover deficits in Aave's Ethereum and Arbitrum markets

All parameter adjustments are strictly temporary and will be fully reverted after completion, with no long-term changes to the Aave protocol .

---

Funding: DeFi United Coalition

The recovery is backed by an unprecedented cross-protocol coalition. As of publication, commitments total 132,704 ETH (~$302 million) .

Key contributors include :

Contributor Commitment
Consensys & Joseph Lubin Up to 30,000 ETH
Mantle Credit facility up to 30,000 ETH
Aave DAO (proposed) 25,000 ETH
EtherFi, Lido, Ethena, Ink Foundation, BGD Labs & others 14,570 ETH
Aave Labs CEO Stani Kulechov 5,000 ETH (personal)

"The Ethereum ecosystem has always been at its best when it moves together," said Consensys founder Joseph Lubin, calling DeFi United a "broad, coordinated response to protect users and strengthen the infrastructure we've all helped build" .

---

Compound Integration

Compound will follow a similar approach to clear the attacker's positions, with DeFi United providing the necessary liquidity. This effort is expected to recover approximately 16,776 ETH on Compound's platform .

During the entire recovery process, WETH and rsETH reserves will remain frozen across Ethereum Core, Arbitrum, Base, Mantle, and Linea .

---

Potential Risks and Execution Challenges

Despite the robust planning, Aave has acknowledged several risks that could impact execution :

Governance Risk

The plan depends on governance proposals passing and executing correctly on both Ethereum and Arbitrum. Any delay or failure could complicate the timeline.

Attacker Interference

"Deliberate interference by the attacker could result in incomplete deficit accrual, requiring additional liquidation steps to fully resolve the positions," Aave warned .

Bridge Security Residual Risk

While LayerZero and Kelp have deployed additional security measures, residual risk remains until they are fully validated in production environments .

Social Coordination Challenge

As Andy, founder of The Rollup, noted: "The next few days are crucial for DeFi — tasks are daunting and must be completed both quickly and securely. This is not only a technical challenge but also a test of social coordination" .

---

What Happens After Recovery

Upon successful execution of both tracks :

· The rsETH price oracle will be restored to normal
· All temporary configuration changes will be reverted
· Suspensions and freezes on rsETH and ETH will be lifted across all affected instances
· Loan-to-value (LTV) ratios for ETH and other assets will be restored
· The protocol will return to normal market operations

Aave has emphasized that the plan is designed to restore rsETH backing without socializing losses among users .

---

Market Implications

The incident has sparked broader questions about DeFi risk management, particularly regarding liquid restaking tokens used as collateral . Cryptoquant analysts described the event as the worst DeFi liquidity crunch since 2024 .

Post-exploit analysis revealed a critical structural vulnerability: 98% of rsETH collateral on Aave was concentrated in a single looping trade — a concentration risk that amplified the damage across the platform .

For users, the key signals to monitor are the governance vote outcomes and subsequent on-chain execution. The incident may accelerate calls for clearer risk frameworks around exotic collateral types in DeFi lending protocols .

---

The Bottom Line

The Aave-led rsETH recovery plan represents a landmark moment for DeFi coordination. With $302 million in committed capital, a detailed technical roadmap, and participation from major ecosystem players including Consensys, Mantle, Lido, and Compound, the industry is attempting something unprecedented: resolving a major exploit without forcing losses onto users.

The coming days will determine whether coordinated governance, technical execution, and social alignment can overcome the risks of attacker interference and cross-chain complexity. If successful, the plan could set a powerful precedent for how DeFi responds to future security incidents.

As Aave stated: "The successful coordinated execution of these steps as planned ensures that rsETH backing is fully restored, and all affected markets are stabilized" .