#加密市场行情震荡- DeFi United Coalition Rallies to Restore $292M KelpDAO Shortfall
Aave has spearheaded a massive recovery initiative dubbed "DeFi United" to address the $292 million rsETH shortfall created by the KelpDAO bridge exploit, bringing together major DeFi protocols in an unprecedented show of industry solidarity.
The Incident:
On April 18, 2026, Kelp DAO suffered a devastating $292 million bridge exploit that turned its widely-used rsETH (restaked ETH) token from a trusted collateral asset into a source of systemic protocol risk. The attack, attributed to North Korean hacking group TraderTraitor, targeted Kelp's cross-chain bridge infrastructure.
Attack Details:
- Total stolen: $292 million in cryptocurrency
- Additional blocked attack: 40,000 rsETH (-$95 million)
- Method: Exploitation of 1-of-1 verifier configuration
- Primary target: Cross-chain bridge validation process
The DeFi United Recovery Plan:
Rather than allowing the exploit to cascade through DeFi ecosystems, Aave launched "DeFi United" - a coordinated recovery effort involving major industry players committed to restoring rsETH backing and preventing systemic contagion.
Key Participants:
- Aave: Leading the recovery initiative
- Lido: Major liquid staking provider
- EtherFi: Restaking protocol
- Ethena: Synthetic dollar protocol
- Other major DeFi protocols: Contributing to relief fund
Aave's Commitment:
Aave founder and CEO Stani Kulechov has made a personal commitment of 5,000 ETH to the relief fund, demonstrating leadership accountability. The Aave DAO is also considering a substantial 25,000 ETH treasury contribution to help restore Kelp DAO's rsETH backing.
Immediate Protocol Response:
Following the exploit, Aave took decisive action to contain risk:
April 18, 2026:
- Froze rsETH markets across all instances
- Prevented new borrows against rsETH collateral
- Activated emergency protocols
April 19, 2026:
- Froze WETH markets on several instances
- Adjusted interest rates on non-Core markets
- Implemented WETH interest rate adjustments on Core markets
- Monitored fallout from rsETH incident
The Attacker's Aave Strategy:
In a surprising twist, rather than immediately dumping the stolen rsETH, the attacker deposited nearly 90,000 rsETH into Aave as collateral across Ethereum and Arbitrum networks. This allowed them to borrow approximately $190 million in ETH and other assets, creating complex liquidation scenarios.
Recovery Scenarios:
Aave governance has outlined multiple approaches to address the bad debt:
Scenario 1: Uniform Socialization of Losses
- Losses distributed across all WETH markets
- Ethereum Core WETH included in slash
- Broad-based impact but systemic stability maintained
Scenario 2: Losses Isolated to L2 rsETH
- Impact contained to Layer 2 markets
- Ethereum Core markets protected
- Concentrated losses for L2 participants
Technical Implementation:
Aave has reached agreement with KelpDAO and LayerZero on technical steps required for implementing the recovery plan. The collaboration focuses on:
- Bridge security improvements
- Verification mechanism upgrades
- Multi-DVN (Decentralized Verifier Network) configuration
- Enhanced monitoring systems
The Structural Problem:
The Kelp DAO exploit highlights a critical vulnerability in DeFi infrastructure: cross-chain bridges remain a single point of failure despite being marketed as decentralized infrastructure. Kelp's reliance on a '1-of-1 verifier configuration' allowed attackers to poison the verification process.
LayerZero's Position:
LayerZero, the underlying messaging protocol, noted that it had previously recommended Kelp DAO migrate from its single-DVN configuration. The company emphasized that "no single DVN should represent a unilateral point of trust or failure."
Kelp DAO's Response:
Kelp DAO has pointed to LayerZero's documentation, noting that the single-DVN setup was the configuration officially recommended. The protocol paused relevant contracts and blacklisted the attackers' wallet, successfully blocking a second attack attempt.
North Korean Connection:
The exploit has been attributed to North Korea's TraderTraitor hacking group, part of the regime's ongoing crypto theft operations. North Korean hackers stole over $2 billion in crypto in 2025 alone, with total stolen crypto since 2017 estimated at around $6 billion.
Industry Implications:
For DeFi Security:
- Cross-chain bridges require enhanced security models
- Multi-signature verification becomes essential
- Real-time monitoring systems needed
- Insurance mechanisms for bridge risks
For Protocol Governance:
- Emergency response procedures
- Treasury allocation for recovery
- Multi-protocol coordination
- Risk assessment frameworks
For Users:
- Diversification of collateral assets
- Understanding bridge risks
- Monitoring protocol health
- Insurance product utilization
Market Impact:
The AAVE token has become a sentiment indicator for the recovery effort's success. While price action alone cannot explain the full scale of risk, market reaction reflects confidence in the DeFi United initiative.
Accounting and Regulatory Questions:
The exploit raises complex questions about:
- DAO control and consolidation
- Revenue recognition for protocol fees
- Governance risk disclosures
- Insurance and recovery accounting
- Regulatory compliance for cross-chain assets
Lessons Learned:
Technical:
- Single points of failure must be eliminated
- Verification mechanisms need redundancy
- Real-time monitoring is essential
- Emergency pause functions save funds
Governance:
- Multi-protocol coordination is possible
- Industry solidarity matters in crises
- Treasury reserves provide stability
- Leadership commitment builds confidence
Risk Management:
- Bridge risks are systemic
- Collateral diversification is critical
- Insurance products need development
- User education is paramount
Looking Forward:
The DeFi United recovery plan represents a watershed moment for the industry. If successful, it will demonstrate that DeFi can self-organize to address systemic threats without centralized intervention.
The recovery effort is ongoing, with Aave and partners working "nonstop" according to Stani Kulechov. The outcome will likely influence DeFi architecture, governance models, and risk management practices for years to come.
Key Metrics to Watch:
- rsETH peg restoration
- Bad debt resolution progress
- AAVE token performance
- Cross-chain bridge upgrades
- Insurance product development
The KelpDAO exploit and subsequent recovery effort may ultimately strengthen DeFi by exposing vulnerabilities and demonstrating the industry's capacity for collective action in crisis.
#AaveLaunchesrsETHRecoveryPlan
Aave has spearheaded a massive recovery initiative dubbed "DeFi United" to address the $292 million rsETH shortfall created by the KelpDAO bridge exploit, bringing together major DeFi protocols in an unprecedented show of industry solidarity.
The Incident:
On April 18, 2026, Kelp DAO suffered a devastating $292 million bridge exploit that turned its widely-used rsETH (restaked ETH) token from a trusted collateral asset into a source of systemic protocol risk. The attack, attributed to North Korean hacking group TraderTraitor, targeted Kelp's cross-chain bridge infrastructure.
Attack Details:
- Total stolen: $292 million in cryptocurrency
- Additional blocked attack: 40,000 rsETH (-$95 million)
- Method: Exploitation of 1-of-1 verifier configuration
- Primary target: Cross-chain bridge validation process
The DeFi United Recovery Plan:
Rather than allowing the exploit to cascade through DeFi ecosystems, Aave launched "DeFi United" - a coordinated recovery effort involving major industry players committed to restoring rsETH backing and preventing systemic contagion.
Key Participants:
- Aave: Leading the recovery initiative
- Lido: Major liquid staking provider
- EtherFi: Restaking protocol
- Ethena: Synthetic dollar protocol
- Other major DeFi protocols: Contributing to relief fund
Aave's Commitment:
Aave founder and CEO Stani Kulechov has made a personal commitment of 5,000 ETH to the relief fund, demonstrating leadership accountability. The Aave DAO is also considering a substantial 25,000 ETH treasury contribution to help restore Kelp DAO's rsETH backing.
Immediate Protocol Response:
Following the exploit, Aave took decisive action to contain risk:
April 18, 2026:
- Froze rsETH markets across all instances
- Prevented new borrows against rsETH collateral
- Activated emergency protocols
April 19, 2026:
- Froze WETH markets on several instances
- Adjusted interest rates on non-Core markets
- Implemented WETH interest rate adjustments on Core markets
- Monitored fallout from rsETH incident
The Attacker's Aave Strategy:
In a surprising twist, rather than immediately dumping the stolen rsETH, the attacker deposited nearly 90,000 rsETH into Aave as collateral across Ethereum and Arbitrum networks. This allowed them to borrow approximately $190 million in ETH and other assets, creating complex liquidation scenarios.
Recovery Scenarios:
Aave governance has outlined multiple approaches to address the bad debt:
Scenario 1: Uniform Socialization of Losses
- Losses distributed across all WETH markets
- Ethereum Core WETH included in slash
- Broad-based impact but systemic stability maintained
Scenario 2: Losses Isolated to L2 rsETH
- Impact contained to Layer 2 markets
- Ethereum Core markets protected
- Concentrated losses for L2 participants
Technical Implementation:
Aave has reached agreement with KelpDAO and LayerZero on technical steps required for implementing the recovery plan. The collaboration focuses on:
- Bridge security improvements
- Verification mechanism upgrades
- Multi-DVN (Decentralized Verifier Network) configuration
- Enhanced monitoring systems
The Structural Problem:
The Kelp DAO exploit highlights a critical vulnerability in DeFi infrastructure: cross-chain bridges remain a single point of failure despite being marketed as decentralized infrastructure. Kelp's reliance on a '1-of-1 verifier configuration' allowed attackers to poison the verification process.
LayerZero's Position:
LayerZero, the underlying messaging protocol, noted that it had previously recommended Kelp DAO migrate from its single-DVN configuration. The company emphasized that "no single DVN should represent a unilateral point of trust or failure."
Kelp DAO's Response:
Kelp DAO has pointed to LayerZero's documentation, noting that the single-DVN setup was the configuration officially recommended. The protocol paused relevant contracts and blacklisted the attackers' wallet, successfully blocking a second attack attempt.
North Korean Connection:
The exploit has been attributed to North Korea's TraderTraitor hacking group, part of the regime's ongoing crypto theft operations. North Korean hackers stole over $2 billion in crypto in 2025 alone, with total stolen crypto since 2017 estimated at around $6 billion.
Industry Implications:
For DeFi Security:
- Cross-chain bridges require enhanced security models
- Multi-signature verification becomes essential
- Real-time monitoring systems needed
- Insurance mechanisms for bridge risks
For Protocol Governance:
- Emergency response procedures
- Treasury allocation for recovery
- Multi-protocol coordination
- Risk assessment frameworks
For Users:
- Diversification of collateral assets
- Understanding bridge risks
- Monitoring protocol health
- Insurance product utilization
Market Impact:
The AAVE token has become a sentiment indicator for the recovery effort's success. While price action alone cannot explain the full scale of risk, market reaction reflects confidence in the DeFi United initiative.
Accounting and Regulatory Questions:
The exploit raises complex questions about:
- DAO control and consolidation
- Revenue recognition for protocol fees
- Governance risk disclosures
- Insurance and recovery accounting
- Regulatory compliance for cross-chain assets
Lessons Learned:
Technical:
- Single points of failure must be eliminated
- Verification mechanisms need redundancy
- Real-time monitoring is essential
- Emergency pause functions save funds
Governance:
- Multi-protocol coordination is possible
- Industry solidarity matters in crises
- Treasury reserves provide stability
- Leadership commitment builds confidence
Risk Management:
- Bridge risks are systemic
- Collateral diversification is critical
- Insurance products need development
- User education is paramount
Looking Forward:
The DeFi United recovery plan represents a watershed moment for the industry. If successful, it will demonstrate that DeFi can self-organize to address systemic threats without centralized intervention.
The recovery effort is ongoing, with Aave and partners working "nonstop" according to Stani Kulechov. The outcome will likely influence DeFi architecture, governance models, and risk management practices for years to come.
Key Metrics to Watch:
- rsETH peg restoration
- Bad debt resolution progress
- AAVE token performance
- Cross-chain bridge upgrades
- Insurance product development
The KelpDAO exploit and subsequent recovery effort may ultimately strengthen DeFi by exposing vulnerabilities and demonstrating the industry's capacity for collective action in crisis.
#AaveLaunchesrsETHRecoveryPlan
