What Happened in the rsETH Exploit?
DeFi United, a coalition of decentralized finance participants, has published a technical plan to restore full backing for Kelp DAO’s rsETH following a $292 million exploit earlier this month. The April 18 attack targeted the rsETH bridge using a forged message, allowing the attacker to mint 116,500 unbacked rsETH tokens. Around 107,000 of those tokens were deployed into lending positions on Aave, creating significant bad debt exposure across the protocol. The exploit has been widely attributed to North Korea’s Lazarus Group and triggered a coordinated response across the DeFi ecosystem, with multiple protocols stepping in to limit systemic fallout.How Will the Restoration Process Work?
The recovery plan centers on rebuilding rsETH backing using fresh capital. More than $300 million in ETH has been committed by DeFi United participants, led by Aave and supported by dozens of protocols. “The restoration process involves converting the committed ETH into rsETH in tranches, which will then be transferred to the affected lockbox contract, allowing the bridge to securely resume full operation,” the coalition said. The phased approach is designed to reduce execution risk, with ETH converted into rsETH in multiple stages before being deposited into the compromised contract. The process remains subject to governance approvals, execution timelines, and final agreements between participating entities. In parallel, the plan includes resolving eight affected lending positions across Aave’s Ethereum and Arbitrum markets. This step is required to recover roughly 13,000 ETH currently locked within those positions.Investor Takeaway
The recovery plan relies on coordinated capital deployment rather than loss socialization. This approach protects users but introduces execution complexity tied to governance and timing.
How Will DeFi Protocols Handle the Bad Debt?
The recovery process includes a controlled liquidation sequence to unwind the attacker’s positions. This involves temporarily adjusting the rsETH oracle price to enable efficient liquidation of the affected accounts. Liquidated rsETH collateral will be transferred to a multisignature wallet controlled by DeFi United, redeemed for ETH through Kelp DAO, and then used to repay deficits created within Aave’s markets. Compound, which was also impacted by the exploit, is expected to follow a similar process to clear the attacker’s position. This could recover an estimated 16,776 ETH in funds. The final phase includes unpausing rsETH and ETH markets, restoring normal loan-to-value ratios, and reactivating affected protocol configurations once balances are stabilized.Investor Takeaway
DeFi protocols are using coordinated liquidations and capital injections to contain systemic risk. The outcome will test whether large-scale incidents can be resolved without cascading losses.
