DeFi United, a coalition of DeFi ecosystem participants, has published a technical plan to restore full backing for Kelp DAO’s rsETH following the $292 million exploit.
The April 18 exploit, widely attributed to North Korea’s Lazarus Group, targeted Kelp DAO’s rsETH bridge with a forged message, allowing the attacker to mint 116,500 unbacked rsETH tokens. Around 107,000 rsETH ended up in lending positions across Aave, resulting in substantial bad debt on the protocol.
Led by Aave, dozens of DeFi protocols contributed funds to the DeFi United initiative to mitigate the wider industry impact, raising over $300 million in ETH.
As the initiative has gathered sufficient ETH commitments, Aave shared that DeFi United is ready to launch the restoration process.
Restoration
“The restoration process involves converting the committed ETH into rsETH in tranches, which will then be transferred to the affected lockbox contract, allowing the bridge to securely resume full operation,” the coalition said in a statement.
The plan is subject to obtaining relevant governance approvals, execution timelines, and execution of definitive agreements, it added.
In parallel with the rsETH restoration, the recovery plan aims to clear the eight affected positions across the markets on Aave Ethereum Core and Arbitrum, which is a necessary step to recover roughly 13,000 ETH in funds on Aave.
This process involves a controlled liquidation sequence, in which the rsETH oracle price will be temporarily adjusted to allow efficient liquidation of the eight affected positions. The liquidated rsETH collateral would be moved to a DeFi United-controlled multisig, redeemed for ETH through KelpDAO, and subsequently used to repay any temporary deficits created in the Aave markets.
Compound, which was also affected by the exploit, is expected to take a similar step to clear the attacker’s position. This would recover approximately 16,776 ETH worth of funds.
“This final phase of the restoration process involves unpausing and unfreezing rsETH and ETH across all affected instances, and restoring the Loan-to-Value (LTV) ratios for ETH and any other assets whose configurations were temporarily adjusted,” the statement added.
Risks
The plan, designed to restore rsETH without socializing losses, does carry risks.
A key concern is that deployment of the restoration plan is contingent on finalizing agreements and obtaining governance approvals, during which the attacker could attempt to interfere.
“Deliberate interference by the attacker could result in incomplete deficit accrual, requiring additional liquidation steps to fully resolve the positions,” the statement said.
It also said that new security measures on LayerZero and Kelp DAO following the exploit remain “in production,” meaning they have not yet been battle-tested, and security risks may remain. The statement explained that this is why the ETH-to-rsETH conversion and lockbox deposits will be carried out in several tranches.
“The successful coordinated execution of these steps as planned ensures that rsETH backing is fully restored, and all affected markets are stabilized,” the statement said. “Progress will be communicated publicly as recovery efforts advance.”
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
