coindesk.com
A $300 million hole doesn’t usually come with a neat repair manual. This time, the group spearheading the Kelp DAO recovery effort is trying to write one.
DeFi United, a coalition of multiple blockchain projects and crypto ecosystem individuals, has laid out a detailed, step-by-step plan to restore the backing of rsETH after this month’s Kelp DAO hack sent shockwaves through DeFi lending markets, releasing more than 116,000 tokens that weren’t properly accounted for.
The proposal, circulated on Aave’s official X account, reads like a coordinated cleanup operation, one that leans heavily on Aave’s infrastructure to unwind the damage and get markets back on a stable footing.
The incident traces back to April 18, when an attacker exploited a vulnerability in rsETH’s bridge. By forging a message that appeared legitimate, the attacker tricked the Ethereum side of the system into releasing 116,500 rsETH, making the system believe the funds had moved when they hadn’t, allowing a large batch of rsETH to be created without backing.
Those tokens didn’t just sit idle. They were spread across multiple wallets and deployed across DeFi, with a significant portion used as collateral on Aave and other lending platforms.
That’s where the problem became systemic: protocols like Aave suddenly found themselves holding collateral that, at least temporarily, wasn’t fully backed.
According to the proposal, most of the exploited funds are still in play. Roughly 107,000 of the original 116,500 rsETH remain tied up in active positions across Aave and Compound.
That leaves two problems to solve at once: restoring the actual backing of rsETH itself, and unwinding the loans created using those extra tokens.
DeFi United’s proposal aims to tackle both sides of that equation simultaneously.
On the backing side, the group says it has already lined up enough $ETH commitments to fully re-collateralize rsETH. The plan is to feed that $ETH back into the system in stages, converting it to rsETH and depositing it back into the system so the token is once again fully backed.
At the same time, attention shifts to the lending markets where the damage is most visible.
Instead of letting things play out chaotically, the plan is to step in and carefully unwind the mess.
A big part of that involves dealing with the positions the attacker opened on Aave. These are essentially loans backed by rsETH that shouldn’t have existed in the first place. Rather than waiting for those loans to collapse on their own — which could cause more market disruption — the proposal suggests nudging the system so they can be closed out in a more controlled way.
In practice, temporarily adjusting how rsETH is valued inside the system will enable those bad positions to be liquidated or closed more smoothly. As those positions are unwound, the underlying assets (like $ETH) can be recovered. The proposal estimates this could free up around 13,000 $ETH from Aave alone.
Once that collateral is back in hand, it gets converted into $ETH and used to cover the shortfall created by the exploit — essentially filling the hole left behind.
The process isn’t risk-free. It hinges on governance approvals across multiple chains, the successful deployment of committed funds and a smooth execution of the unwind.
Still, the plan reflects a more coordinated response than DeFi has often managed previously. If executed as intended, the end goal is straightforward: “rsETH backing is fully restored, and all affected markets are stabilized,” as the proposal says.
Read more: Industry leaders are pouring hundreds of millions into a rescue plan for Aave users after massive crypto hack