The Aave DAO is being asked to commit 25,000 ETH from its treasury to help close a massive funding gap left behind by the April 18 exploit of Kelp DAO's rsETH bridge, a vulnerability that drained roughly $292 million from one of DeFi's most widely-used liquid restaking products. The proposal, put forward Thursday by Aave service provider TokenLogic, would make Aave the single largest contributor to a broader coalition effort dubbed "DeFi United", a coordinated response involving some of the sector's biggest names.

 

The attack exploited a configuration flaw in Kelp's LayerZero bridge adapter, which was running a single-verifier setup. That weakness let the attacker mint 152,577 rsETH tokens that had no actual ETH backing, which were then used as collateral on Aave to borrow approximately $190 million in legitimate assets. The fallout was severe. More than $10 billion in net withdrawals hit Aave in the days following the breach, and the protocol's affected V3 deployments on Ethereum, Arbitrum, and Mantle were left sitting on bad debt that, by various estimates, lands somewhere between $123 million and $230 million, depending on how recoveries play out.

 

The Funding Gap and How It Gets Closed

At the prevailing rsETH-to-ETH ratio of 1.0696, the original shortfall came out to roughly 163,183 ETH. Since then, a series of coordinated actions have chipped away at the hole. Kelp recovered and froze tokens representing approximately 43,168 ETH in value. The Arbitrum Security Council stepped in to freeze 30,766 ETH that the attacker was still holding on that network, following input from law enforcement. Liquidating the hacker's remaining positions across Aave and Compound is expected to recover a further 14,168 ETH. That gets you to a shortfall of around 75,081 ETH, still a very large number.

 

To plug what remains, the DeFi United coalition has assembled a funding stack that combines direct donations, a credit facility, and the requested Aave treasury contribution. Public contributors including EtherFi, Lido, Ethena, Ink Foundation, BGD Labs, and several individual ecosystem participants have pledged a combined 14,570 ETH so far, with more conversations reportedly in progress. Mantle has proposed a credit facility of up to 30,000 ETH, structured with interest at Lido's rate plus 1% and a repayment term of up to 36 months. Bybit co-founder Ben Zhou said the exchange, as Mantle's largest stakeholder, would vote yes on the facility, drawing a parallel to industry support Bybit received after its own security incident. Together, those streams narrow the residual gap to approximately 30,000 ETH. The Aave treasury request covers most of that.

 

 

A Complex Recovery With Real Execution Risk

What makes this more complicated than a straightforward treasury disbursement is the mechanics of actually executing the recovery. The coalition needs to place the full 120,015 ETH into the LayerZero lockbox to restore rsETH's backing. But a significant chunk of the expected recoveries, roughly 44,787 ETH worth, are not yet liquid. They depend on the Arbitrum Security Council releasing frozen funds, and on successfully liquidating the attacker's positions on Aave and Compound. Those processes could stretch out over weeks.

 

To bridge that timing gap, the coalition is arranging a separate tranche of short-duration loans from additional ecosystem partners. The proposal also includes a notable authorization: Aave Labs would be permitted to pledge DAO assets and future protocol revenue as collateral to secure these funding arrangements. That is a significant move, and the TokenLogic proposal is candid about the risks involved, noting the recovery depends on actions outside the coalition's control, including Kelp reopening withdrawals, LayerZero reopening its bridge, and the Security Council completing its process. "This is a call to arms," the proposal states. "The path there is not risk-free."

 

What the Industry Is Saying

Aave founder Stani Kulechov has already put skin in the game, pledging 5,000 ETH personally stating that "Aave is my life's work and we're working nonstop to find the best possible outcome for users.". The response has drawn both measured optimism and pointed skepticism from across the ecosystem. Matthew Pinnock, COO at Altura DeFi, told Decrypt the effort signals that DeFi is "moving beyond isolated protocols to a more coordinated financial system," while also emphasizing that "socialised recovery methods" need to be paired with clear accountability frameworks. Georgii Verbitskii, founder of yield platform TYMIO, was more cautious, telling the publication that without concrete details on the initiative's structure, "it's difficult to expect any meaningful structural shift in DeFi." He also predicted the incident would push users and protocols toward more conservative, base-layer configurations, likely reducing appetite for wrapped products and liquid staking derivatives.

 

 

On the constructive side, Sergey Kravtsov, CEO of Papaya Finance, described the coordinated effort as "an emergent immune response of a financial system that is actually decentralized", competing protocols stepping in because letting bad debt cascade, as he put it, "would have hurt everyone."

 

Governance Process Still Underway

The proposal is currently in the community feedback phase on Aave's governance forum. If it reaches consensus, it moves to a Snapshot vote before heading to an on-chain AIP. Timing matters here. The DeFi United coalition has flagged that ETH price appreciation could make the dollar-denominated bad debt worse by the hour if governance moves slowly. A separate proposal to pause AAVE buybacks has also been floated, suggesting the DAO is bracing for a period of concentrated capital deployment.

 

For Aave, this is partly precedent-following. After the 2022 CRV short-squeeze incident left the DAO with roughly $1.9 million in bad debt, it chose to cover the shortfall rather than socialize losses among suppliers. The current situation is orders of magnitude larger, but the underlying posture is the same: the Aave DAO balance sheet is being positioned as a backstop for systemic DeFi events, at least when the protocol itself is directly exposed. Personally, it is amazing to see the DeFi community rally behind this endeavor in wake of such a monumental exploit.

 

A carefully planned attack on Kelp DAO's cross-chain bridge drained 116,500 rsETH, worth roughly $292 million, from the liquid restaking protocol on Saturday, instantly becoming the largest DeFi exploit of 2026. The fallout spread almost immediately, pulling in Aave, SparkLend, Fluid and Lido before Kelp's own emergency systems could fully catch up.

 

The exploit was first flagged by on-chain investigator ZachXBT at around 2:52 PM ET, with six attacker wallets identified. Those wallets, it turned out, had been pre-funded via Tornado Cash, the coin-mixing service widely used to obscure transaction origins. That kind of preparation doesn't happen overnight, and points to a deliberate, well-resourced operation that had studied Kelp's architecture before making its move.

 

How the Attack Worked

At 17:35 UTC, an attacker-controlled wallet called the lzReceive function on LayerZero's EndpointV2 contract. LayerZero is the cross-chain messaging infrastructure that Kelp relied on to move rsETH between networks. By spoofing a valid instruction from another chain, the attacker tricked the bridge's verification logic into releasing 116,500 rsETH directly to an address they controlled. It was a clean hit. Kelp's emergency multisig paused core contracts 46 minutes later, at 18:21 UTC. Two follow-up attempts at 18:26 and 18:28 UTC were blocked, each carrying the same LayerZero packet aimed at pulling another 40,000 rsETH worth roughly $100 million. The pause held.

 

The bridge that was drained served as the reserve backing wrapped versions of rsETH deployed across more than 20 networks, including Arbitrum, Base, Linea, Blast, Mantle and Scroll. With those reserves gone, holders of rsETH on layer 2s are now left wondering what exactly their tokens are worth. That uncertainty creates a dangerous feedback loop: panic redemptions on layer 2 networks pressure the unaffected Ethereum-side supply, which in turn could force Kelp to unwind underlying EigenLayer restaking positions to honor withdrawals.

 

The Contagion Moves Fast

The stolen rsETH didn't just sit in an attacker's wallet. The second phase of the attack played out on Aave V3, where the attacker deposited the drained rsETH as collateral and borrowed a substantial volume of Wrapped Ether against it. Because the rsETH was no longer backed by anything real at that point, the resulting debt positions are effectively unliquidatable. Aave's WETH reserve is now carrying bad debt it cannot recover through normal liquidation mechanisms. Some estimates put the bad debt exposure on Aave V3 at close to $177 million.

 

Aave moved quickly, freezing rsETH markets on both V3 and V4 within hours. Founder Stani Kulechov clarified on X that Aave's own contracts had not been compromised and that the freeze was precautionary while the situation was assessed. The AAVE token still dropped about 10% on the news, a reflection of how exposed the protocol's broader ecosystem appeared even if its core code was clean. SparkLend and Fluid followed with their own rsETH market freezes.

 

Lido Finance paused additional deposits into its earnETH product, which carries rsETH exposure, while being careful to note that stETH and wstETH remain unaffected. Ethena, the stablecoin issuer, took its own precautionary step, temporarily shutting down its LayerZero OFT bridges from Ethereum mainnet for roughly six hours despite having no direct rsETH exposure and maintaining collateralization above 101%. Upshift, which runs non-custodial yield vaults, paused deposits and withdrawals to its High Growth ETH and Kelp Gain vaults, though its USDC and AUSD products had no rsETH exposure.

 

Kelp's Response, and Its History

Kelp, which operates under the KernelDAO umbrella, posted its first public acknowledgment on X at 20:10 UTC, nearly three hours after the drain. The team said it was investigating the suspicious cross-chain activity with LayerZero, Unichain, its auditors and external security specialists. It has not yet disclosed how the attacker bypassed the bridge's validation logic or what the path to recovery looks like for rsETH holders across layer 2 networks.

 

It isn't Kelp's first serious incident. Back in April 2025, a bug in its fee contract caused excess rsETH minting and triggered a temporary pause, though that event did not result in direct user losses. This time the damage is far more severe and far more public.

 

 

The Kelp DAO exploit overtakes the Drift Protocol hack from April 1, 2026, where attackers drained roughly $295 million from the Solana-based perpetuals exchange in a targeted administrative breach, as 2026's largest DeFi loss. The pattern is hard to ignore. DeFi attacks are getting larger and more sophisticated, and as Ledger CTO Charles Guillemet noted earlier this month, AI tools are now actively lowering the cost and complexity of carrying out these attacks.

 

What the Kelp incident also lays bare is a structural risk baked into DeFi's composability model. Liquid restaking tokens like rsETH were whitelisted as collateral on major lending protocols because they held real value and generated real yield. The assumption underlying all of that was that the token would remain fully backed. When that assumption collapsed on Saturday afternoon, there was no circuit breaker, no committee vote and no grace period. The losses cascaded instantly across protocols that had nothing to do with the original exploit. That's the architecture working exactly as designed, and also its greatest vulnerability.