A $300 million hole doesn’t usually come with a tidy repair manual. This time, the group spearheading the Kelp DAO recovery effort is attempting to write one.
DeFi United, a coalition of multiple blockchain projects and individuals from the crypto ecosystem, has laid out a detailed step-by-step plan to restore support for rsETH after this month’s Kelp DAO hack sent shockwaves through DeFi lending markets, releasing over 116,000 tokens that were not properly accounted for.
The proposal, distributed on Aave’s official X account, reads as a coordinated cleanup operation, relying heavily on Aave’s infrastructure to repair the damage and get markets back to a stable footing.
The incident dates back to April 18, when an attacker exploited a vulnerability in the rsETH bridge. By spoofing a message that looked legitimate, the attacker tricked the Ethereum side of the system into releasing 116,500 rsETH, causing the system to believe the funds had moved when they had not, allowing a large batch of unbacked rsETH to be created.
Those tokens did not remain idle. They were distributed across multiple wallets and deployed in DeFi, with a significant portion used as collateral on Aave and other lending platforms.
That’s where the problem became systemic: protocols like Aave suddenly found themselves with guarantees that, at least temporarily, were not fully supported.
According to the proposal, the majority of the exploited funds are still at stake. Approximately 107,000 of the original 116,500 rsETH remain tied up in active positions on Aave and Compound.
That leaves two problems to solve at once: restoring real backing of rsETH and undoing the loans created with those additional tokens.
DeFi United’s proposal aims to address both sides of that equation simultaneously.
On the backing side, the group says it has already raised enough ETH commitments to fully re-collateralize rsETH. The plan is to bring that ETH back into the system in stages, convert it to rsETH, and deposit it back into the system so that the token is fully backed again.
At the same time, attention is shifting to credit markets where the damage is most visible.
Instead of letting things unfold chaotically, the plan is to intervene and carefully sort out the mess.
Much of that involves dealing with the positions the attacker opened up on Aave. These are essentially rsETH-backed loans that should not have existed in the first place. Instead of waiting for those loans to collapse on their own – which could cause further market disruption – the proposal suggests boosting the system so they can be closed in a more controlled way.
In practice, temporarily adjusting the way rsETH is valued within the system will allow those bad positions to be liquidated or closed more easily. As those positions are liquidated, the underlying assets (like ETH) can recover. The proposal estimates that this could free up around 13,000 ETH from Aave alone.
Once that collateral becomes available again, it is converted to ETH and used to cover the shortfall created by the exploit, essentially filling the hole left behind.
The process is not without risks. It is dependent on multi-chain governance approvals, successful deployment of committed funds, and smooth settlement execution.
Still, the plan reflects a more coordinated response than DeFi has achieved previously. If executed as planned, the end goal is simple: “rsETH support is fully restored and all affected markets are stabilized,” as the proposal says.
Read more: Industry leaders are investing hundreds of millions in a rescue plan for Aave users after a massive cryptocurrency hack
