Aave Closes In on Full Recovery After Kelp DAO Hack: What the rsETH Liquidations Mean

Key Highlights

• Aave has liquidated the Kelp DAO hacker’s remaining rsETH collateral positions on both Ethereum and Arbitrum mainnet
• The protocol is now approximately 90% recovered, requiring only 10% more ETH to fully restore its reserve and compensate affected users
• The liquidations were executed through a governance-approved oracle manipulation that forced the attacker’s position into insolvency
• DeFi United has raised more than $320 million in contributions to restore rsETH backing, exceeding the original $292 million exploit value
• Aave’s new collateral security framework, published May 7, adds bridge architecture review and cybersecurity assessment to listing requirements

Aave has completed one of the most technically complex debt recovery operations in DeFi history. On May 7, the protocol executed the final liquidation of the Kelp DAO attacker’s rsETH positions across Ethereum and Arbitrum, clearing the fraudulent collateral that had been holding a portion of the recovery plan in suspension since the April 28 exploit. With those positions cleared, Aave’s recovery stands at approximately 90%, leaving only 10% of the ETH reserve gap remaining before the protocol can fully compensate all affected liquidity providers.

The exploit itself, which drained $292 million through a vulnerability in Kelp DAO’s LayerZero bridge, was the largest DeFi hack of 2026. The attacker forged cross-chain messages to mint unbacked rsETH, deposited the fabricated tokens as collateral on Aave, and borrowed approximately $190 million in real ETH and stablecoins before the protocol’s risk parameters flagged the anomaly and froze rsETH markets. The full story of how the attack was executed and what it reveals about cross-chain bridge security has been covered extensively. What matters now is how the recovery was achieved.

How the Oracle Manipulation Worked

Executing a liquidation of the attacker’s rsETH positions required solving a specific technical problem: the positions were denominated in rsETH, a token whose market price had collapsed to near zero after the exploit but whose oracle price, the price that Aave’s smart contracts used to calculate collateral value, still reflected the pre-exploit rate. As long as the oracle price remained elevated, the attacker’s positions appeared adequately collateralized on paper despite the underlying rsETH being worthless.

Aave’s governance passed a proposal to temporarily manipulate the rsETH price oracle to a value that reflected the asset’s actual post-exploit worth. This price reduction pushed the attacker’s collateral below the liquidation threshold, allowing Aave’s automated liquidation system to seize and auction the rsETH collateral in exchange for covering the associated debt. The oracle manipulation was a one-time, governance-approved intervention rather than a change to Aave’s normal price feed architecture.

The liquidation process worked because the attacker had not fully unwound their position. A portion of the borrowed ETH remained as outstanding debt on Aave, secured by the worthless rsETH collateral. Aave’s emergency governance process, which can accelerate proposal timelines from the standard seven-day period to 24 hours for security-critical votes, allowed the oracle update to be executed before the attacker could find another route to exit the position.

The DeFi United Recovery Machine

The broader recovery from the Kelp DAO exploit has been a cross-protocol effort operating under the DeFi United coalition banner. The coalition formed within days of the attack and has raised more than $320 million in contributions from Aave, Lido, Compound, the Avalanche Foundation, and more than a dozen other protocols and institutional backers. Those contributions funded open-market purchases of rsETH at the post-exploit discount, absorbing selling pressure and gradually restoring the token’s peg to ETH.

The mechanics of the open-market recovery program are straightforward but capital-intensive. At its worst, rsETH traded at 31% below its expected ETH parity value. The DeFi United coalition’s purchases of rsETH at that discount served two purposes: they stabilized the market by providing a buyer of last resort at progressively higher prices, and they accumulated rsETH that can eventually be redeemed for ETH through Kelp DAO’s redemption mechanism as the underlying ETH backing is restored. DeFi United’s governance structure allocated recovery costs proportionately to each contributing protocol’s rsETH exposure, meaning that protocols with larger rsETH markets funded a larger share of the rescue while protocols with minimal rsETH exposure participated symbolically to demonstrate ecosystem solidarity.

The $320 million raised exceeded the $292 million exploit value, providing a buffer that absorbed the market impact costs of the open-market purchases. Without that buffer, the coalition would have needed to spend approximately $292 million to buy back $292 million in rsETH at par, but since the purchases happened at a discount, the actual ETH cost to restore parity was lower than the headline exploit number. The excess contributions are being held in the DeFi United multisig as a contingency reserve.

What 90% Recovery Actually Means

The 90% recovery figure reflects the state of Aave’s ETH reserve relative to the total it needs to fully compensate liquidity providers who held ETH in Aave’s lending markets at the time of the exploit. When the attacker borrowed ETH using fraudulent rsETH collateral and that collateral proved worthless, Aave’s ETH reserve was reduced by the amount of the uncollateralized loan. The safety module covered a portion of that shortfall, and the DeFi United contributions covered the bulk of the remainder. The 10% gap is the portion that the completed rsETH liquidations did not fully resolve.

Closing the final 10% requires either additional contributions to the DeFi United fund, further recovery of assets from the attacker, or a governance decision to use Aave’s protocol fee revenue to gradually replenish the reserve over time. Aave’s fee revenue from lending market activity generates sufficient ETH to close the gap within approximately six to eight weeks at current market activity levels, making the protocol-revenue option the most likely path to final resolution without requiring additional external contributions.

For affected liquidity providers, 90% recovery translates to an approximate 10% haircut on their ETH deposits at the time of the exploit. Aave’s governance has discussed issuing a governance token compensation package for affected users that converts the 10% loss into a claim on future protocol revenue, similar to the approach Euler Finance used after its $197 million hack in 2023. The compensation proposal is expected to reach a formal vote in the next two weeks.

The New Security Framework

Alongside the liquidation milestone, Aave published its overhauled collateral listing standards on May 7. The new framework adds mandatory evaluation across three new dimensions for any asset seeking listing on Aave: cybersecurity assessment of the bridge architecture, review of the validation mechanism used for cross-chain messages, and a supply accounting framework demonstrating that total cross-chain supply is conserved and independently verifiable in real time.

The practical impact is that omnichain tokens like rsETH, which derive their value from ETH locked on one chain but circulate freely across multiple chains via bridges, now face a substantially higher listing bar on Aave. An asset that cannot demonstrate a verifiable supply conservation mechanism or that uses a bridge implementation without independent validator sets and emergency pause controls will not be listed under the new standards, regardless of its financial risk metrics. The full details of Aave’s security framework overhaul and what it means for the rest of DeFi were covered in our earlier analysis.

Compound and Morpho, which also had rsETH exposure during the exploit, have signaled that they will adopt equivalent standards through their own governance processes. If the three largest DeFi lending protocols implement consistent bridge security requirements for collateral listing, it creates an effective market-wide standard even without a regulatory mandate. Protocols that want their assets listed as collateral on the leading lending platforms will need to meet those standards, incentivizing better bridge security at the token level before listing is even sought.

The Frozen $71 Million Complication

The recovery story has one remaining legal complication. Aave filed a court motion on May 4 to unfreeze $71 million in ETH that was frozen by a US court order after the attacker routed a portion of the stolen funds through wallets that triggered OFAC sanctions-related alerts. The frozen ETH is held in Aave’s protocol reserves and represents assets belonging to the DAO’s safety module rather than to the attacker.

Aave’s legal team argues that the protocol reserves are owned by the DAO and its token holders, not by the attacker, and that freezing them harms innocent depositors. The case is proceeding in federal court and represents one of the first attempts by a decentralized protocol to assert legal standing to recover assets frozen in a law enforcement action tied to a hack of its platform. The outcome will have implications for how DeFi protocols structure their legal entities and reserves in anticipation of future security incidents.

The TCB View

Aave’s 90% recovery from the largest DeFi hack of 2026 is a meaningful result that would not have been possible under the fragmented, every-protocol-for-itself governance structure that characterized the DeFi ecosystem two years ago. The DeFi United coalition, the cross-protocol coordination on oracle manipulation, and the governance speed of Aave’s emergency proposals all reflect an ecosystem that has internalized the lessons of prior exploits and built the infrastructure to respond faster and more effectively. The final 10% gap will close. The more important question is whether the new collateral security standards Aave published on May 7 will be adopted broadly enough to reduce the probability of the next exploit of this type. Bridge security is the attack surface that DeFi has consistently underestimated relative to smart contract security. The Kelp DAO exploit was not a smart contract bug. It was a bridge verification failure. The ecosystem now has a framework to address it. Enforcement is the test.