rsETH Incident Report (April 20, 2026)

Proposal Discussion: Bridge ETH Loan from Aave DAO Treasury to Fully Protect WETH Lenders (Net of Umbrella) – Prioritizing User Protection and Long-Term Confidence

The rsETH incident has created bad debt in Aave’s WETH markets (estimates ~$123–230M total, with L1 Core exposure partially covered by Umbrella). While Umbrella (~$50M) provides an automated first line of defense, any remaining shortfall risks a haircut on honest ETH lenders.

Core Principle:
The Aave DAO owes its users — especially lenders who supply liquidity in good faith, relying on the protocol’s risk management and safety modules — the highest level of duty of care. In DeFi, where there are no central intermediaries or traditional legal safeguards, this duty is paramount and fiduciary-like in nature. Protecting users and making them whole must be the absolute top priority of every governance decision. It is not optional or secondary to treasury optimization; it is the foundational responsibility that underpins trust in the protocol. Failing to uphold this duty would undermine the very reason users choose Aave over centralized or less resilient alternatives.

A haircut would be a lose-lose outcome:

• It erodes user confidence in Aave and DeFi as a whole.

• TVL is already flooding out (significant drops reported in recent days), and many large lenders are actively considering alternatives like Morpho.

• Morpho would gain the most from this flight, while Aave risks losing its position as the most trusted DeFi lending platform.

Recommended Solution (Scenario 1 – Uniform Socialization):
Use a bridge ETH loan (or direct coverage) from the Aave DAO treasury / ecosystem partners to cover the remaining shortfall net of Umbrella slashing.

• Aave DAO generated $140 million in protocol revenue in 2025 alone (tracking similarly in 2026). The net shortfall after Umbrella (~$37–50M on L1 Core) is easily absorbable — less than 6 months of recent revenue. The DAO treasury is well-capitalized with over $100M in non-AAVE assets (including substantial stablecoins and ~$38M ETH-correlated holdings).

• In contrast, while Morpho saw borrowers pay ~$170M in interest over the past year, its DAO-level revenue is estimated at only ~$17M (at a typical 10% take rate). Morpho’s treasury and revenue scale are materially smaller, limiting its ability to offer comparable user protection in a crisis.

• This is a low-cost, high-impact move for Aave that demonstrates the DAO puts user funds and interests first.

• Long-term, establish a dedicated insurance/backstop fund (similar to Binance SAFU or Bybit’s post-hack actions) to signal strong leadership and resilience.

Why this is a Win-Win:

• Lenders are made whole → restores confidence and halts TVL bleed.

• Aave strengthens its reputation as the safest, most user-centric DeFi lending protocol, backed by superior revenue ($140M vs. Morpho’s ~$17M DAO revenue) and treasury depth.

• Morpho and other competitors lack the same financial firepower to protect users at this scale.

This event can be turned into a strategic strength for Aave. Quick governance action to explore and fund a bridge solution (or external commitments) would show decisive leadership at a critical moment and reaffirm the DAO’s unwavering commitment to its highest duty of care.

Looking forward to community and team feedback.

Written as a long term AAVE holder since LEND days and also Aave heavy user.

Aave has already published their analysis where

According to our analysis, rsETH on Ethereum mainnet is fully backed.

Therefore, I don’t see how Scenario 1 could still be considered.

Pausing or manually triggering Umbrella would be severe violations of their published terms.

Other than that all the main players should take their responsibility for this hack on this order:

• Layer Zero for allowing and running a unsafe 1-1 setup and being the entity that was actually compromised;
• Kelp DAO for selecting an unsafe bridge configuration;
• Aave for accepting rsETH as collateral without considering the bridge risks and also defining unsafe parameters;
• Auditors. Anyone who audited the rsETH risk without mentioning the bridge configuration should be shamed and return values received;

Only after those players have heavily absorbed the losses should Aave users be impacted.

All those entities are saying their protocol worked as intended. I wish they would reflect by a second and recognize (instead of being forced by courts) that they were part of the problem and lead to a huge amount of funds lost.

Lastly, remember Umbrella is not a third-party big insurance co. It is an Aave product with Aave users. Hitting those users with a 100% slash means Aave failed and there will never be another Umbrella as all those users will never touch Aave or even DeFi again.

A third path: Tiered LTV by derivative depth + productivity constraints

Both Scenario 1 and Scenario 2 address loss allocation after the fact. Neither addresses why this loss was structurally inevitable — and will happen again unless the underlying parameter framework changes.

The root failure: In January 2026, Proposal 434 raised rsETH’s LTV to 93% in E-Mode. A 7% safety buffer on a depth-3 derivative asset (ETH → stETH → EigenLayer → rsETH → bridge) could not absorb ANY of its failure modes: staking slashing (2-5% depeg), AVS failure (10-30%), or bridge exploit (as we saw: 73.54% shortfall). The buffer was calibrated for normal market volatility, not for structural failure of the derivative chain.

On Scenario 1 vs 2: Scenario 2 is structurally closer to correct. The bridge adapter contained 40,373 rsETH backing 152,577 claims — mainnet rsETH IS fully backed. Socializing bridge-specific failure to mainnet holders creates moral hazard: no price signal discouraging risky bridge configurations. However, L2 WETH depositors who never interacted with rsETH became collateral risk through Aave’s listing decision — they deserve a DAO treasury backstop.

My proposal — tiered LTV by derivative depth:

Additionally — productivity constraints for depth 3+:

Bridged restaking tokens should not be depositable as collateral at all. They should be holdable, transferable, redeemable — but not leverageable. Each additional leverage cycle on a depth-3 asset amplifies contagion without adding economic value. The math: depth × LTV^n produces the leverage multiplication that created the 45:1 contagion ratio we observed ($292M exploit → $13B TVL loss).

On the Umbrella Module: Do not pause it. The explicit promise to stkAAVE holders was automatic slashing under defined conditions. A discretionary governance override sets a precedent that every future parameter is subject to retroactive change — destroying the credibility that makes the Safety Module attractive to stakers in the first place.

On accountability sequencing: KelpDAO + LayerZero bear primary liability (1-of-1 DVN is negligent infrastructure). Remaining L2 losses should be backstopped by DAO treasury for WETH depositors who never chose rsETH exposure. The Umbrella Module activates per its design for any remaining shortfall.

I’ve published a full analysis with framework evidence supporting this position: The rsETH Incident Proves: Rehypothecated Assets Need Higher Collateral Ratios

The underlying methodology — including the Collateral Derivative Concentration formula, Redemption Mismatch computation (7,000x ratio for bridged LSTs), and Bridge Infrastructure scoring — is open source at docs/frameworks/24-systemic-dependency-mapping.md.

-– @RobTG4 | Tokédex

Why is the WETH pool not frozen to disable withdrawals? Borrowers keep repaying their WETH debt, and depositors keep withdrawing from the WETH pool as funds are becoming available. As a result, the effective percentage bad debt keeps increasing for the remaining depositors. In the WETH pool you must disable withdrawals immediately until a solution is found.

The $292M Kelp DAO disaster just proved what Ethereum maxis have known for months: the Layer 2 ecosystem is a fragmented, hyper-vulnerable liability. Attacks are getting too sophisticated, and the risk of bridging is no longer worth the reward.
Here is why capital is rotating back to Mainnet:

• Bridges are Death Traps: To use an L2, you rely on multi-sigs, RPC nodes, and third-party oracles. When advanced hackers hit these centralized honeypots, your bridged tokens become unbacked paper instantly.

• Mainnet Gas is Cheap: The entire excuse for L2s was high L1 fees. But with recent upgrades, Ethereum gas fees have plummeted. Why risk 100% of your portfolio on an insecure rollup just to save 50 cents?

• Liquidity is Fractured: Capital is spread thin across 50+ different rollups, causing terrible slippage and a miserable user experience. Institutional money refuses to deal with it.

The Bottom Line
We are about to see a massive capital flight back to the battle-tested safety of L1. As volume returns “back to the roots,” network usage will accelerate the $ETH burn rate.
Abandon the insecure bridging experiment. Ring-fence Mainnet. Come home to L1 and watch the price of $ETH profit.

The ARB just froze 30,766 ETH belonging to a hacker, and the users on main chain could only watch helplessly. Therefore, decentralization is a chaotic world, and this world still needs police.

There is no reasonable way to socialize any bad debt now. I assume this means they know they need to make users whole. I also assumed they wouldn’t add a layerzero bridged LST with essentially no supply cap though.

As an Arbitrum WETH depositor, I’m extremely concerned about any outcome that effectively treats L2 users as second‑class citizens compared to Ethereum mainnet. If L2 WETH depositors end up eating materially larger haircuts than L1 depositors, the message to the market is clear: “DeFi on L2 is where you go when things go wrong on L1.” That would be reputationally devastating for Aave’s multichain strategy and L2 DeFi more broadly.

There is, however, a way to handle this incident without killing trust in L2:

1. On the Kelp side (rsETH):
   Losses from the bridge exploit should be socialized across all rsETH holders on all chains, not concentrated only on L2. A global rsETH haircut makes Aave’s rsETH‑backed positions just one part of a protocol‑wide socialization, instead of turning Aave L2 markets into the sole shock absorber.

2. On the Aave side (coverage structure):

   • The DAO Treasury and Umbrella/Safety modules should commit to covering a clearly defined tranche of the remaining bad debt (e.g. “up to X million USD”), signalling that Aave as a protocol is sharing the burden rather than offloading it entirely onto depositors.
   • Any residual bad debt that still needs to be socialized should be spread proportionally and transparently across all affected WETH reserves, rather than concentrating it on specific L2 pools. The worst possible optics would be “L1 is protected, L2 users are cannon fodder.”

3. On communication:
   Aave should communicate clearly that this was a bridge risk and an external exploit, that both Kelp and Aave are sharing the cost, and that some bounded level of risk has always been part of the WETH depositor design. That is a very different narrative from “L2 users are left with 20–30% haircuts while others are made whole.”

Even a small haircut hurts, but a bounded, protocol‑wide, well‑explained socialization across chains is surviveable for Aave’s reputation. In contrast, visibly sacrificing L2 depositors with 20–30% losses while mainnet is protected would be the point at which many serious users simply decide: no more Aave on L2, ever.

Thanks for the update Aave team. As an Umbrella holder, we should not be on the hook for this rseth disaster per your docs. Mainnet aWETH umbrella signed up for chain-local risk on backed collateral, not wrapped rsETH minted against drained escrow and L2 risk. Umbrella’s T&C (https://aave.com/docs/aave-v3/umbrella…), bad debt coverage only applies to Ethereum’s V3 Core Market. That means that an aWETH Umbrella staker on Ethereum mainnet shouldn’t be punished for an unbacked LRT on other chains.

As you mentioned, Aave V3 on mainnet is fully collateralized because rsETH on mainnet is fully collateralized.

Umbrella stakers on mainnet by definition did not sign up to cover losses from another chain.

As a retail user of Aave on the Base network, I am deeply concerned by the discussions regarding ‘Scenario 2’ (L2 isolation). I deposited 1.57 ETH in good faith, trusting Aave’s risk management when listing rsETH on Base.

​Proposing a 73% haircut for L2 users while protecting Mainnet is unacceptable and destroys the ‘multichain’ promise of Aave. This wasn’t a Base failure, but a bridge/asset failure that the DAO approved globally.

​The Aave DAO Treasury ($180M+) and the Umbrella safety module exist precisely for systemic risks like this. I urge the DAO to prioritize a uniform socialization or, ideally, use the Treasury to cover the deficit. Do not sacrifice the trust of Base users to save the Treasury balance. We are real people, not just numbers on a spreadsheet

As Arbitrum WETH depositor, you actually at least don’t need to worry about you position any more since the Arbitrum security council already confiscated all hacker’s WETH on Arbitrum which almost cover all Arbitrum’s bad debt in any case.

Centralized enough to add random nonsense as collateral but decentralized enough to take zero responsibility for those decisions. Aave is a joke like most of defi.

I only stake eth. Never took a loan. When can we withdraw??

Arbitrum Seizes ~37% Ilicit ETH​

Assuming Arbitrum Uses this to settle the bad debt on AAVE-Arbitrum
By resupplying the ETH
& Subsequently retrieving & burning the 36,167 unbacked rsETH supplied there.

This just leaves
~53.4 unbacked rsETH
~52.9k bad debt ETH on Ethereum

Who knows what this says about Decentralization principles on Arbitrum though…

I don’t believe that was an AAVE proposal for the haircut. The Ball is (unfortunately) in Kelp’s Court.

Arbitrum frozen ETH and bad debt allocation — a consistency check

I’m an Arbitrum WETH depositor (ETH collateral, USDT debt, no rsETH exposure). Not here to make demands — just want to walk through the logic of what’s on the table.

The numbers speak for themselves: The attacker borrowed ~30,600 WETH on Arbitrum. The Security Council froze 30,766 ETH from the same attacker address on Arbitrum. The causal link between the bad debt and the recovered funds is direct, on-chain, and verifiable. Notably, the frozen amount almost exactly matches the Arbitrum-specific bad debt — meaning the Arbitrum WETH shortfall could be fully covered by these funds alone, without requiring any Treasury, Umbrella, or cross-chain subsidy.

The consistency problem: Under Scenario 2, losses are isolated to L2 — Arbitrum WETH faces a 26.67% shortfall. If that framing is adopted but the frozen ETH are redirected to cover other chains, L2 depositors would carry the concentrated loss while their chain-specific recovery goes elsewhere. That’s localizing the pain and socializing the cure. It’s hard to see how that holds up politically or logically.

Under Scenario 1, losses are spread globally — and the frozen ETH reduce the total shortfall for everyone regardless of where they’re applied. Local-first allocation is consistent with both scenarios.

The asymmetry worth noting: Ethereum Core has the Umbrella WETH module (~$54M), a $181M DAO Treasury, and disclosed external commitments. Arbitrum has none of those backstops. The frozen 30,766 ETH are the only Arbitrum-specific recovery asset that exists. Reserving them fully for Arbitrum depositors would not only be the cleanest causal resolution — it would also leave all other recovery mechanisms (Treasury, Umbrella, partner commitments) available to address the remaining shortfall on other chains. Everyone is better served.

What this means for Aave’s multichain credibility: If the outcome is that L2 depositors absorb disproportionate losses while L2-recovered funds flow elsewhere, the signal to the market is clear: same risk, worse recovery, just because you’re on an L2. That’s a hard message to walk back when you’re trying to grow multichain TVL.

None of this is about blame. Aave’s contracts worked. The Guardian acted fast. But how the recovery is allocated will say more about Aave’s commitment to L2 depositors than any marketing ever could.

Utilization is currently at 100% which is temporarily limiting withdrawals and borrows.

I taken a risk to supply my WETH on arbitrum, I never touched any rsETH but in worst case I will take a 27% loss of my position, for more my HF will drop significantly and then i will lose my whole position on AAVE, if you would accept it i promise I will never again touch AAVE.
I am not responsible in any of this shit so why should i pay for it.

Appreciate the optimism, and the Arbitrum Security Council’s action is genuinely reassuring. But I’d caution against treating it as a done deal. The 30,766 ETH are frozen — they’re not yet allocated. How they’ll be distributed is still an open governance question. They could go fully to Arbitrum WETH depositors, be split across affected protocols, or be returned to Kelp for global rsETH recovery. Until there’s a formal decision, residual risk remains for Arbitrum depositors. Significantly reduced, yes, but not zero.

Updates

Aave Protocol Guardian has executed two transactions on Aave v3 over the past hours:

• Unfreeze the WETH reserve on Aave Core instance (tx)
• Unfreeze the WETH reserve on Aave Prime instance (tx)

WETH LTV currently remains at 0.

We will continue to provide updates as the situation evolves.