A $300 million hole doesn’t usually come with a nice repair manual. This time, the group spearheading the Kelp DAO recovery effort is trying to write one.
DeFi United, a coalition of several blockchain projects and crypto ecosystem individuals, has laid out a detailed, step-by-step plan to restore support for rsETH after this month’s Kelp DAO hack sent shockwaves through the DeFi lending markets and released more than 116,000 tokens that were not properly accounted for.
The proposal, circulated on Aave’s official X account, sounds like a coordinated cleanup operation, one that relies heavily on Aave’s infrastructure to deal with the damage and get the markets back on solid footing.
The incident can be traced back to April 18, when an attacker exploited a vulnerability in rsETH’s bridge. By forging a message that appeared to be legitimate, the attacker tricked the Ethereum side of the system into releasing 116,500 rsETH, causing the system to believe the funds had moved when they had not, allowing a large batch of rsETH to be created without backing.
Those tokens didn’t just sit idle. They were spread across multiple wallets and deployed across DeFi, with a significant portion used as collateral on Aave and other lending platforms.
This is where the problem became systemic: Protocols like Aave suddenly found themselves with collateral that was, at least temporarily, not fully supported.
According to the proposal, the majority of the utilized funds are still in play. About 107,000 of the original 116,500 rsETH remain tied up in active positions across Aave and Compound.
That leaves two problems to solve at once: restoring the actual backing of rsETH itself and settling the loans created using these extra tokens.
DeFi United’s proposal aims to tackle both sides of that equation simultaneously.
On the flip side, the group says it has already lined up enough ETH commitments to fully re-secure rsETH. The plan is to feed that ETH back into the system in stages, convert it to rsETH and deposit it back into the system so that the token is fully supported again.
At the same time, attention is being shifted to the loan markets where the damage is most visible.
Instead of letting things unfold chaotically, the plan is to step in and gently untangle the mess.
A large part of it is about dealing with the positions the striker opened up on Aave. These are essentially loans backed by rsETH that shouldn’t have existed in the first place. Instead of waiting for these loans to collapse on their own — which could cause more market disruption — the proposal suggests pushing the system so they can be phased out in a more controlled manner.
In practice, temporarily adjusting how rsETH is valued inside the system will allow these bad positions to be liquidated or closed more evenly. As these positions are liquidated, the underlying assets (like ETH) can be recovered. The proposal estimates that this could free up around 13,000 ETH from Aave alone.
Once this collateral is back in hand, it is converted to ETH and used to cover the shortfall created by the exploit – essentially filling the gap left behind.
The process is not risk-free. It depends on governance approvals across multiple chains, the successful rollout of committed funds and a smooth execution of the relaxation.
Still, the plan reflects a more coordinated effort than DeFi has often managed in the past. If executed as intended, the end goal is straightforward: “rsETH backing is fully restored and all affected markets are stabilized,” as the proposal states.
Read more: Industry leaders pour hundreds of millions into rescue plan for Aave users after massive crypto hack
