A $300 million vulnerability doesn’t usually come with a concise fix manual. This time, the team leading the Kelp DAO recovery effort is trying to write one.
Following the Kelp DAO hack that rocked the DeFi lending market this month, releasing over 116,000 improperly accounted tokens, DeFi United, a consortium of multiple blockchain projects and crypto ecosystem individuals, has laid out a detailed step-by-step plan to restore support for rsETH.
The proposal, which circulated on Aave’s official X account, reads like a coordinated cleanup operation that relies heavily on Aave’s infrastructure to undo the damage and restore stability to the market.
The incident dates back to April 18, when attackers exploited a vulnerability in the rsETH bridge. By forging a legitimate-looking message, the attacker tricked the Ethereum side of the system into releasing 116,500 rsETH, making the system think the funds had been transferred when in fact they had not, allowing the creation of large amounts of rsETH without support.
These tokens are not sitting idle. They are distributed across multiple wallets and deployed in DeFi, with a large portion used as collateral on Aave and other lending platforms.
This is where the problem becomes systemic: protocols like Aave suddenly find themselves holding collateral that is, at least temporarily, not fully backed.
Under the proposal, much of the money that was siphoned off is still in play. Approximately 107,000 of the original 116,500 rsETH are still in active positions on Aave and Compound.
This leaves two issues that need to be addressed immediately: restoring actual support for rsETH itself, and unwinding loans created using these additional tokens.
DeFi United’s proposal aims to solve both sides of this equation simultaneously.
In terms of support, the organization stated that it has prepared enough ETH pledges to fully recollateralize rsETH. The plan is to feed ETH back into the system in stages, convert it to rsETH and deposit it back into the system so that the token is fully supported again.
Meanwhile, attention has turned to the loan market, where the damage has been most visible.
Our plan is not to let things unfold chaotically, but to step in and carefully resolve the chaos.
A large part of this involves handling positions established by attackers on Aave. These are essentially loans backed by rsETH that should never exist in the first place. The proposal suggests not waiting for these loans to collapse on their own (which could lead to more market disruption), but instead pushing the system so that they can be closed in a more controlled manner.
In practice, temporarily adjusting the way rsETH is valued within the system will allow those bad positions to be liquidated or closed more smoothly. When these positions are closed, the underlying asset (such as ETH) can be reclaimed. The proposal estimates that Aave alone could release approximately 13,000 ETH.
Once the collateral is back in hand, it is converted to ETH and used to cover the gap created by the breach – essentially filling the hole left behind.
This process is not without risks. It depends on governance approval of multiple chains, successful deployment of committed funds, and smooth execution of terminations.
Still, the plan reflects a more coordinated response than DeFi has typically taken before. If executed as expected, the end goal is simple: as the proposal states, “rsETH support fully recovers and all affected markets stabilize”.
Read more: Industry leaders are pouring hundreds of millions into rescue plan for Aave users after massive cryptocurrency hack