Aave finishes liquidation of attacker’s last rsETH positions, moves recovery forward
Aave Labs says it has liquidated the remaining rsETH-backed positions tied to the Kelp DAO exploit on Ethereum and Arbitrum, sending recovered collateral to Recovery Guardian — a multisignature wallet controlled by the DeFi United recovery effort. The move, announced on X on Wednesday, is a concrete step toward restoring full backing for rsETH after the April exploit that saw roughly $293 million drained.
According to Aave, the liquidations did not affect user funds and its Umbrella protection mechanism was not triggered. The recovered assets are now in the hands of DeFi United’s multisig, which is coordinating the recapitalisation process.
What’s still needed
Galaxy Digital research VP Thaddeus Pinakiewicz says DeFi United is still about 10% short of the Ether required to fully recapitalise rsETH. Additional commitments are expected from stablecoin issuers Circle, Ethena and Frax, as well as Ink — Kraken’s Ethereum layer-2 — which Pinakiewicz says “Aave needs these commitments to get it over the line and plug the hole.”
How the exploit unfolded
On April 18, attackers drained 116,500 rsETH from Kelp DAO’s bridge infrastructure. Kelp DAO says the stolen rsETH was deposited into Aave v3 as collateral and used to borrow wrapped Ether, producing more than $190 million in bad debt and causing widespread disruptions across DeFi lending markets.
Legal and governance fences
A key portion of the recovery — 30,765 ETH (about $71 million) — was frozen by the Arbitrum DAO on April 21 after funds were traced to addresses linked to the attack. Those assets are now in legal limbo: U.S. law firm Gerstein Harrow LLP filed a restraining notice aimed at stopping redistribution, and Aave filed an emergency motion in New York on May 4 asking the court to vacate that notice. Aave argues the frozen Ether should be returned to affected users and notes no court has determined that North Korea, the Lazarus Group, or any related entity carried out the exploit.
Arbitrum DAO members are still voting on whether to release the frozen ETH to DeFi United’s recovery fund, with more than 90% of votes so far in favour and voting expected to conclude on Friday.
Fractures between Kelp DAO and LayerZero
Tensions have also surfaced between Kelp DAO and the bridge provider LayerZero. After the exploit exposed what Kelp DAO called weaknesses in its LayerZero-linked setup, Kelp said it plans to migrate rsETH to Chainlink’s Cross-Chain Interoperability Protocol (CCIP). Kelp accused LayerZero of approving a single-verifier configuration that contributed to the attack. LayerZero co-founder and CEO Bryan Pellegrino pushed back, saying Kelp had moved away from LayerZero’s default multi-verifier configuration on its own.
Market impact
While the incident prompted large outflows from Aave’s markets initially, DefiLlama data shows outflows have slowed in recent days. Aave’s total value locked has rebounded above $15 billion after dipping to nearly $14.2 billion in the wake of the exploit.
Bottom line
The liquidation marks a meaningful recovery milestone, but rsETH’s full recapitalisation still depends on external commitments and a court outcome over frozen funds. Governance votes, legal proceedings and negotiations with counterparties will determine whether DeFi United can fully close the gap and restore confidence in rsETH.
Read more AI-generated news on: undefined/news
