rsETH Incident Report (April 20, 2026)

Thank you for the thorough analysis and quick action.

One question on the decision to unfreeze mainnet WETH reserves: what is the reasoning?

Since the incident, suppliers have been withdrawing at pace and bad debt as a share of liquidity has been rising. Unfreezing WETH accelerates that dynamic rather than containing it - operational withdrawals reduce the liquidity pool, which increases each remaining supplier’s pro-rata exposure to the bad debt, which prompts further withdrawals. It also widens the loss socialisation impact: the fewer WETH LPs remain when losses are settled, the larger the haircut each bears.

Furthermore, sophisticated users running bots can monitor the queue and exit on the next available repayment. Retail suppliers cannot. Unfreezing WETH doesn’t distribute the risk - it concentrates it on whoever is slowest to the exit.

What is the a rationale for this tradeoff?

If you have chosen to go down option 2, that is outright unlawful. You are flat-out robbing L2 users and obliterating any remaining trust in your platform. Your platform accepted contaminated rsETH as collateral, yet we as L2 users never touched those assets — and now you are effectively treating us like second-class participants.

I hold an $800,000 WETH deposit on Arbitrum solely for use on Hyperliquid, and I came through Arbitrum’s official bridge. And now you want to butcher my position simply because someone on your team made the reckless decision to whitelist a toxic asset as collateral???

That seems to be the standard here. Check how AAVE on harmony exploit got handled: freeze and forget. Users lost all.

Good luck!

I’ll be blunt - yes you did. You might have been ignorant of that choice, but you did make that choice. Aave is a big pool, anything you put in is exposed to everything else that people can use as collateral. This has benefits in that your yield is pretty stable and steady because you have a much broader universe of borrowers. But it also means exposure to a much broader variety of stuff you may or may not like. If you want to be selective about what you are exposed to, there are other lending platforms that let you manage that risk a lot more carefully.

Aave nowhere states that risk on L2 is higher than on the core network because of these tokens. In fact, they recommend Arbitrum’s official bridge, which is exactly what I used.

I keep seeing this point repeated — that we were supposedly earning higher yield in exchange for taking higher risk on L2 — but in reality the borrowing rates were exactly the same on both networks. A lot of people used Arbitrum simply because it is faster and more convenient for trading on Hyperliquid. But now we are being treated like second-class users.

I believe the fair approach would be to place responsibility on those who chose to list such a toxic asset as collateral on the platform, as well as on those who actually used rsETH.

We will see how the frozen ETH from Arbitrum ends up being distributed. I hope it goes to the right network and that this does not turn into yet another act of discrimination.

But my trust in Aave has been permanently shattered, and I will never use the platform again.

Reading through both threads I think we’re losing the plot by arguing with each other about who should eat the loss. Umbrella stakers vs L2 depositors vs mainnet WETH suppliers. None of us created rsETH. None of us configured a bridge with a single point of failure. None of us are responsible for the exploit.

Every Aave user who didn’t voluntarily hold rsETH should come out of this whole. All chains. Umbrella stakers, WETH depositors on mainnet, WETH depositors on Arbitrum, Base, Mantle, all of us. We came to Aave to lend ETH or to backstop the protocol. We didn’t come to take on Kelp’s bridge risk. The only users who knowingly accepted rsETH counterparty risk are the ones who chose to hold it and use it as collateral. That was their decision and they understood they were interacting with Kelp’s product.

There is enough money to make this right. Kelp still has hundreds of thousands of ETH in their restaking contracts. LayerZero has significant backing. $71M has already been recovered on Arbitrum. Law enforcement knows who did this. The incident report mentions commitments from ecosystem participants. The resources exist to close this gap without sacrificing any group of Aave users who had nothing to do with rsETH.

What worries me is that while we argue among ourselves, Kelp and LayerZero are publicly blaming each other and not putting money on the table. Every day this drags on, more WETH depositors exit through the unfreeze, the remaining depositors’ exposure grows, and the pressure to slash or haircut innocent users increases. The delay itself is causing damage.

I have loved Aave since the very beginning (I have an Aave Ghost tattoo!) and it sucks that we got dragged in to this but we are a community and we should come out of this that way. The answer here isn’t choosing which group of innocent users to sacrifice. It’s making sure the people who broke this are the ones who fix it.

My entire business was tied to the aave platform. I had a specific strategy for my work. And now it’s all collapsed. I hope for a fair outcome. We’re not to blame for anything, except for choosing this place and trusting a large and smart team.

This is a trust question, not an allocation question

The bad debt is solvable. The resources exist - Kelp’s restaking reserves, LayerZero’s backing, $71M frozen on Arbitrum, Aave’s $181M Treasury, disclosed external commitments. The math works.

What doesn’t work is every protocol protecting its own garden while non-rsETH depositors are left in limbo. Kelp blaming LayerZero, LayerZero blaming the DVN config, chains looking out for themselves - that’s not a resolution, that’s fragmentation. And fragmentation is what actually kills long-term confidence in DeFi.

The goal should be simple: no haircut for users who never touched rsETH. Universal or nothing. Not because everyone deserves a bailout, but because the alternative - where innocent depositors pay for a bridge misconfiguration and aggressive LTV parameters they had no say in - permanently reprices the trust users place in lending protocols, in L2s, and in DeFi composability as a whole.

Yes, if coordinated resolution fails, each chain will have to fend for itself. Ethereum has Umbrella. Arbitrum has 30,766 frozen ETH that almost fully cover its local bad debt. Some chains will come out okay. But that outcome - where everyone just protects their own perimeter - sends the worst possible signal: that DeFi protocols cannot cooperate when it matters most. That is far more damaging to the ecosystem long-term than the cost of a coordinated recovery today.

This is the moment where Aave, Kelp, LayerZero, and chain governance bodies either prove that this ecosystem can handle a crisis together - or prove that it can’t. I genuinely hope it’s the former, because the second outcome doesn’t just hurt the affected depositors. It hurts every future user who has to decide whether DeFi is worth trusting at all.

Let’s hope those with the power to decide understand what’s at stake - and choose to act with logic, long-term vision, and collective responsibility, rather than just securing their own boat.

Hello. I supplied native ETH to the Aave V3 on mantle l2, moving them from inkchain tydro or aave, and received WETH in return. This was a pure, simple lending position - no borrowing, no collateral usage, no looping strategies, no restaking, and no involvement with rsETH or wsETH OR weETH. Just basic supply of ETH FOR THE $mnt reward program (which was 3.5%, so little compare to the risk) Like many other users on L2 chains, my position is currently frozen due to the rsETH incident.
Key principles I believe should guide the resolution: Pure ETH suppliers who did not participate in leveraged strategies or rsETH should not be forced to bear losses from a bridge exploit on another protocol.
Bad debt and haircuts should be allocated fairly, prioritizing protection of innocent lenders. i think the rsETH holders must take the haircut as kelp must be responsible on them, im not a whale also so i hope that aave team will consider the retail users which any hair cut will be massive hit for them

i completely agree with you, and it is very strange that aave team unfreezed only the funds on main net !! they want the l2 USERS TO SWALLOW THE lose !! it is the only way that i can read this action !! i hope they have a good plan upon doing this

The hacker increased the free circulation of rsETH by releasing funds that were required to remain locked in the LayerZero bridge, effectively doubling that portion of the supply.

At this point, Kelp’s ETH reserves became insufficient to redeem all outstanding rsETH at 1:1.

Using these funds, the hacker stole money from Aave WETH suppliers on the Ethereum network.

At the same time, holders of depreciating rsETH tokens across all networks began trying to use them to extract more valuable tokens from others, especially across Aave forks.

At this point, the losses fell not only on rsETH holders or L2 users, but on everyone who was providing liquidity at the time.

Both the attacker and previous rsETH holders took value from many people across many networks.

That’s why we shouldn’t assume this is only a problem for current rsETH holders, only for L2 holders, or only for Aave WETH suppliers.

Is rsETH fully backed on Ethereum?

All Kelp reserves back all rsETH tokens. rsETH on any given network is backed only by ETH on ethereum.

The increased free circulation of rsETH disrupts the proper functioning of rsETH. For Kelp to function properly, rsETH tokens must be backed 1:1 by ETH reserves.

Kelp has a choice:

1. Align rsETH supply with ETH reserves by reissuing rsETH tokens based on a snapshot taken at the block immediately before the excess rsETH was released from the LayerZero contract.

2. Socialize the loss pro-rata, so that every rsETH across every network is backed at the same reduced ratio.

There is no reasonable justification for Kelp to favor one network over another. The stolen tokens themselves sit on the Ethereum network. Illegally obtained and spent by the attacker.
But now this tokens already changed the owners and should be treated as any other rsETH. On any other chain.

Therefore, Aave’s assertion that rsETH on Ethereum is fully backed is incorrect.

ETH on the Ethereum network backs all rsETH on all networks.

image841×209 11.6 KB

I am only indirectly affected by the situation, as I had been supplying USDC liquidity and managed to withdraw it gradually. I am also an AAVE holder and intend to remain one.

Aave’s biggest asset is its reputation. Reputation is difficult to build and easy to lose. I understand the despair in many posts, even though I am also somewhat uncomfortable with the fact that many comments seem mainly focused on protecting individual bags.

In my view, the DAO should aim to make affected users whole. As an AAVE holder, I would rather see the DAO take short-term pain than see Aave lose its reputation as the safest DeFi money market.

At the same time, we should understand why an unconditional public commitment may not be possible at this stage. The bad debt first has to be assessed and allocated properly. The DAO should preserve its bargaining position and recover as much as possible from the attacker, Kelp, LayerZero, and the remaining rsETH collateral before finalizing any loss allocation. If the DAO committed funds immediately, Kelp and LayerZero might have less incentive to contribute meaningfully.

For me, another important lesson is that DeFi lending is still not suitable for the core part of my reserves. I would rather accept some inflation drag than chase a few additional percentage points of yield while taking hidden liquidity, governance, and bad-debt risk.

What surprises me most is that at a time like this, they raised the Debt rates on the borrowed USDC.
And with Trump’s news, Ethereum could go down significantly. So, people with low HF still can’t do anything.

Delays not only affect the platform’s reputation in the long term, but also result in the loss of a large number of loyal customers now, who are withdrawing funds they can still withdraw. This leaves us with a huge burden to share. Although they claimed to have full coverage for the stolen funds, why is it taking so long for functionality to be restored?

The frustration is justified. Raising debt rates while users with low HF are frozen and unable to act is adding insult to injury.

But the bigger problem is the silence. Days in, no concrete recovery proposal from any responsible party. Everyone is positioning, nobody wants to name a number first, and while they play chess with each other, real users are stuck - bleeding interest, unable to manage positions, losing trust by the hour.

Each protocol should at least be protecting their own users right now. Instead, everyone is waiting for someone else to move first. That is fatal. Not just for Aave or Kelp — for DeFi as a whole.

Sit down together. Agree on a solution that makes non-rsETH users whole. Communicate it clearly and proactively. Not in two weeks but now. Every day of silence does more reputational damage than whatever number they’re trying to negotiate down. The cost of a coordinated recovery is finite. The cost of permanently lost user trust is not.

Let’s be clear: if retail users take a haircut for a governance failure (93% LTV), Aave is finished. Trust is the only asset here. If you kill the trust of common users, you kill the protocol. Use the Treasury to cover the gap or watch the TVL go to zero

Between what ARB froze and taking 100% of umbrella funds to cover bad debt, we don’t have to socialize near as much as the worst case scenarios.

The most important action to take now is a manual slashing of 100% of umbrella stakers funds

Edit: actually the funds frozen by arbitrum are not going to be used to repay aave users, so we’re back to facing a wipe of both umbrella and the treasury and STILL having socialization

While I sympathize with L2 holders, Scenario 1 is horribly indefensible

1. Legally, socializing losses GREATLY expands the number of impacted users and thus potential litigants. Imagine if when an overseas branch of your bank was heisted and they responded by seizing 15% of all customer accounts. Ridiculous. They’d be sued to kingdom come.

2. The argument that L0 OFT standard = a pari passu redemption claim to mainnet rsETH is not supported in ANYWHERE in KelpDAO’s terms of service. As all rsETH is minted off mainnet, there is no argument that L2 rsETH is a separate class of asset. There is no explicit guarantees that a software standard adopted for the bridge equates to contractual liability here. Ultimately, L0 OFT standard is a marketing pillar, not an enforceable contract. L2 rsETH is a redemption claim on the adapter, not on backing mainnet ETH.

3. Additionally, you cannot socialize losses without invoking a vote, keeping in mind that >80% of rsETH holdings are mainnet.

If you disagree, simply pull up KelpDAO’s TOS and show where the L0 OFT standard passthrough claim is explicitly stated. It’s not even claimed in L0’s OFT standard, because it’s technology marketing, not contractual obligation. L0 would have been insane to assume passthrough accountability.

The best thing that can happen right now is for all parties involved to work on finding the funds to backfill L2 losses and/or freeze additional damage done by the exploited funds.

Subject: Accountability for rsETH Bad Debt: Kelp DAO Solvency and Investor Responsibility

Dear Aave Governance Community,

While the current discussions revolve around the activation of the Aave Umbrella Safety Module and potential slashing events for WETH stakers, we must urgently address the root cause and the legal reality of the situation: The failure of operational resilience at Kelp DAO.

1. Solvency vs. Liquid Liquidity

Kelp DAO currently manages over 533,000 ETH (approx. $1.3B TVL). The exploit, which resulted in a $293M loss, was a direct consequence of a grossly negligent “1-of-1” bridge configuration. It is unacceptable for Aave users or AAVE stakers to bear the burden of this failure while Kelp DAO remains fundamentally solvent.

2. Institutional Liability under MiCA & DORA

Kelp DAO is not an “experimental garage project.” It is backed by global financial heavyweights who, under the new EU regulatory framework (MiCA & DORA), are responsible for the digital operational resilience of the products they back and promote. In the EU of 2026, “Code is Law” is no longer a valid legal defense for infrastructure negligence.

We call upon Kelp DAO’s lead investors and backers to uphold their duty of due diligence and provide a recovery plan/bailout to cover the bad debt their protocol has introduced to the Aave ecosystem:

Laser Digital (Nomura Group)

SCB Limited

Bankless Ventures

Hypersphere Ventures

Draper Dragon

GSR & DWF Ventures

3. Proposal for Aave DAO Action

Before exhausting our own Safety Module or penalizing honest WETH providers, Aave Labs and the Governance should formally initiate negotiations with these entities. Users who staked with Kelp did so for high yields (approx. 18%) while accepting specific risks—this risk must be socialized within the Kelp ecosystem and its backers, not offloaded onto Aave’s liquidity providers.

Conclusion:

Aave is the creditor in this scenario. We must leverage the reputational and regulatory pressure on Kelp’s institutional backers to ensure that the $200M+ bad debt is covered by those responsible for the security failure, not by the Aave community.

The rationale is simple. They want to stop the contagion. If it’s not frozen, ETH lenders will try to borrow other assets to escape from being potentially socialized the loss from under collateralized $rsETH debt, which cause bad debt on other assets.

Yes, if you are ETH lender, you will be angey about that. While if you are other assets’ lender, you will support that. It’s a zero-sum game. To the system’s benefit, it’s better stop the contagion to make the debt within a simpler structure.

The TOS argument cuts both ways. It does not say L2 rsETH has a pari passu claim to mainnet ETH. It also does not say L2 rsETH is subordinated, that it’s a claim only on the adapter, or that mainnet holders have priority. Every hierarchy you’re asserting is just as absent from the TOS as the passthrough you’re rejecting. Silence is not evidence for subordination — it’s evidence the TOS didn’t contemplate this case. When a contract is silent, the default is not “whichever reading favors the larger holder group.” The default is equal treatment of instruments sold as fungible.

“L2 rsETH is a claim on the adapter, not on backing ETH” describes the mechanism, not the economics. The adapter holds rsETH. That rsETH was minted against ETH and LSTs in Kelp’s staking pool. Redeeming L2 rsETH pulls rsETH from the adapter, which has a claim on the same pool every mainnet rsETH has a claim on. The adapter is a lockbox, not a reserve. There is no separate ETH backing only the adapter.

“All rsETH is minted on mainnet, so L2 rsETH is not a separate class of asset” argues against Scenario 2, not for it. If it’s not a separate class, it cannot be singled out for a 73.54% haircut while mainnet rsETH takes nothing. Not a separate class for denying a claim, effectively a subordinated class for absorbing a loss - pick one.

The bank analogy inverts the structure. A bank deposit is a direct liability of the bank against the customer. rsETH is not a liability - it is a pro-rata share in a reserve. The correct analogy is a commodity ETF: if the vault is robbed, every shareholder’s NAV drops proportionally, regardless of which brokerage holds their shares. USDC depegged globally when SVB failed, not selectively on one chain. Shared-reserve instruments structurally cannot isolate losses by venue.

Both scenarios share a hidden assumption: the attacker’s 116,500 fraudulently released rsETH are treated as legitimate supply. They are the only genuinely unbacked rsETH in the system - never backed by any user deposit. Snapshot at the block before the release, reissue 1:1 to legitimate holders on all chains, and the loss lands on Aave, which accepted collateral minted through forged messages under parameters Aave itself set.