DeFi United Unveils Plan to Restore rsETH After $300M Exploit

Get the Finance newsletter
Daily finance — markets, central banks, M&A, the prints that move money. Free.
- DeFi United, a coalition of blockchain projects and crypto individuals, released a step-by-step recovery plan addressing the April 18 Kelp DAO bridge exploit, which created 116,500 unbacked rsETH and roughly a $300 million hole.
- The attack exploited a vulnerability in rsETH's bridge by forging a legitimate-looking message that tricked the Ethereum side of the system into releasing tokens it believed had been moved — those tokens were then spread across wallets and used as collateral on Aave and other lending platforms.
- DeFi United's plan tackles both sides of the problem simultaneously: re-collateralizing rsETH with fresh ETH commitments the coalition has already lined up, while unwinding bad Aave positions by temporarily adjusting rsETH's on-system valuation to enable controlled liquidation.
- The proposal estimates the unwind could free up around 13,000 ETH from Aave alone, which would then be converted and used to cover the shortfall left by the exploit.
- Roughly 107,000 of the original 116,500 rsETH remain tied up in active lending positions across Aave and Compound, meaning most of the exploited funds are still in play rather than lost.
- Execution hinges on governance approvals across multiple chains and the successful deployment of committed funds, with the stated end goal that rsETH backing is fully restored and all affected markets are stabilized.
Why it matters: The plan hinges on a coordinated, multi-protocol cleanup — an unusual response in DeFi, where hacks typically trigger chaotic liquidations. For Aave and rsETH holders, execution determines whether the $300 million hole closes cleanly or cascades through lending markets; for the broader sector, the cross-chain governance coordination required will test whether DeFi coalitions can act as effective circuit breakers.




