TLDR
- Aave liquidated the Kelp DAO attacker’s remaining rsETH-backed positions.
- Recovered collateral was sent to the DeFi United Recovery Guardian wallet.
- Aave said no user funds were used and Umbrella was not activated.
- Arbitrum DAO is voting on releasing 30,765 ETH to the recovery fund.
- DeFi United remains about 10% short of fully restoring rsETH backing.
Aave Labs has completed the liquidation of the Kelp DAO attacker’s remaining rsETH-backed positions on Ethereum and Arbitrum, moving the DeFi United recovery plan closer to restoring backing for the restaked Ether token after April’s $293 million exploit.
The liquidation covered positions linked to the attacker who used stolen rsETH as collateral across lending markets. Aave said the recovered collateral was transferred to Recovery Guardian, a multisignature wallet managed by the DeFi United recovery group.
The protocol said no user funds were affected during the liquidation process. Aave also said its Umbrella protection system was not activated, meaning the recovery action did not require the protocol’s automated debt protection mechanism.
The operation is part of a wider effort to repair damage caused by the April 18 attack on Kelp DAO’s bridge infrastructure. Hackers drained 116,500 rsETH and later deposited the assets into Aave v3 as collateral to borrow wrapped Ether, creating more than $190 million in bad debt.
Aave Transfers Recovered Collateral to Recovery Guardian
Aave’s liquidation of the remaining attacker positions released collateral tied to the exploit and placed it under Recovery Guardian control. The wallet is operated by DeFi United, a coalition working to restore backing for rsETH and coordinate recovered assets.
The liquidation was carried out on Ethereum and Arbitrum, where the attacker’s rsETH-backed positions remained after the exploit. Aave had previously estimated that clearing those positions could release about 13,000 ETH, valued near $30.2 million based on reported figures.
Galaxy Digital research vice president Thaddeus Pinakiewicz said the recovery effort remains about 10% short of the Ether needed to fully recapitalize rsETH. He said additional commitments are still needed from Circle, Ethena, Frax and Ink, the Ethereum layer 2 network backed by Kraken.
The missing portion remains a key part of the recovery plan. DeFi United is seeking enough backing to restore confidence in rsETH after the exploit disrupted lending positions and liquidity across decentralized finance markets.
Frozen Arbitrum Ether Remains Under Review
Another part of the recovery effort centers on 30,765 ETH, worth about $71 million, that was frozen by the Arbitrum Security Council after the funds were traced to addresses tied to the rsETH exploit.
Arbitrum DAO members have been voting on whether to release the frozen Ether to the DeFi United recovery fund. More than 90% of votes were reported in favor of the proposal, with voting expected to close on Friday.
The frozen assets are also subject to a legal dispute. U.S. law firm Gerstein Harrow LLP filed a restraining notice seeking to stop redistribution of the funds. The plaintiffs cited unpaid judgments against North Korea and argued that the attacker may have been connected to Lazarus Group.
Aave filed an emergency motion in New York on May 4 asking the court to vacate the restraining notice. The protocol argued that the Ether should be returned to affected users and said no court had determined that North Korea, Lazarus Group or a related entity carried out the exploit.
The legal process leaves part of the recovery fund unavailable while the dispute continues. Aave and DeFi United are still seeking to direct the frozen Ether toward users and protocols affected by the attack.
Kelp DAO Plans Bridge Changes After Exploit
The April exploit also created tension between Kelp DAO and LayerZero over the bridge configuration used by the protocol. Kelp DAO said the attack exposed weaknesses in the setup and announced plans to migrate rsETH to Chainlink’s Cross-Chain Interoperability Protocol.
Kelp DAO said LayerZero had approved the single-verifier configuration later blamed for the exploit. LayerZero co-founder and chief executive Bryan Pellegrino rejected that claim and said Kelp moved away from LayerZero’s default multi-verifier setup on its own.
The dispute centers on responsibility for bridge security decisions before the attack. Kelp DAO has said its planned migration is intended to improve cross-chain controls for rsETH, while LayerZero has disputed claims that it approved the vulnerable setup.
The exploit caused large disruptions across DeFi lending markets. Aave’s total value locked fell after the attack, but data cited from DefiLlama showed that outflows have slowed in recent days.
Aave’s total value locked has climbed back above $15 billion after dropping near $14.2 billion after the exploit. The recovery in deposits suggests lending activity has steadied as liquidation and recovery work continues.
The completed liquidation removes one remaining source of bad debt tied to the attacker’s positions. Full restoration of rsETH backing still depends on frozen Ether, outside support commitments and final distribution decisions by the recovery group.
