rsETH Incident Report (April 20, 2026)

Governance
62

I understand your arguments, though you misconstrued one of mine.

All rsETH is minted on mainnet, so L2 rsETH is not a separate class of asset

That is the opposite of what I said:

As all rsETH is minted off mainnet, there is no argument that L2 rsETH is a separate class of asset.

And while we’re at it, loss/profit policy/terms does not in itself act as an asset class distinction, as distinct asset classes can absolutely have different policies for claims vs loss.

Silence is not evidence for subordination — it’s evidence the TOS didn’t contemplate this case. When a contract is silent, the default is not “whichever reading favors the larger holder group.” The default is equal treatment of instruments sold as fungible.

Agree the TOS cuts both ways, but it’s a big reach to say that they are “instruments sold as fungible” when that doesn’t exist in any of Kelp’s formal marketing. Unified backing or universal fungibility are characterizations made by the media and users, not by KelpDAO themselves AFAIK. Instead, the ToS disclaims hacks and bridging risks. Simply tweeting a relationship with L0 and referencing them on your site doesn’t override this.

USDC depegged globally when SVB failed, not selectively on one chain.

Irrelevant. USDC depeg was a liquidity crisis, not a theft. See Ripple vs SEC where court ruled fungibility alone was not enough to establish asset class. Also, USDC is explicitly backed by commingled banking reserves.

The correct analogy is a commodity ETF: if the vault is robbed, every shareholder’s NAV drops proportionally, regardless of which brokerage holds their shares.

rsETH and rsETH-via-adapter-claims are not the same commingled pool, but I suppose you could try to debate that but fact is, they have separate redemption mechanism aka separate smart contracts. IMO not the same class. rsETH is clearly canonical vs L2 escrow-fulfilled rsETH.

AAVE says rsETH is fully backed. From their POV, rsETH is fully redeemable for ETH. That the claim was corrupted at the adapter by the exploit isn’t something they HAVE to respect. Indeed, I saw Kelp built in explicit whitelisting of AAVE in the SC, so doubt they could block 1:1 redemption if they wanted. I’m sure AAVE is leveraging all their power to find the best solution first.

Really hope for everyone to work together (looking at you LayerZero cough) to make all users good for the sake of defi, but if not, AAVE should not be left holding the bag. Their big mistake was allowing such high collateral from rsETH, but end of the day AAVE (and its users) don’t own 3rd party bridge security.

2 Likes
63

To be fair a lot of people deposited very low risk collateral into Aave before they started the LST expansion

64

This is not true, as an Umbrella holder, we should not be on the hook per the docs. Mainnet aWETH umbrella signed up for chain-local risk on backed collateral, not wrapped rsETH minted against drained escrow and L2 risk. Umbrella’s T&C (https://aave.com/docs/aave-v3/umbrella…), bad debt coverage only applies to Ethereum’s V3 Core Market. That means that an aWETH Umbrella staker on Ethereum mainnet shouldn’t be punished for an unbacked LRT on other chains.

As they mentioned, Aave V3 on mainnet is fully collateralized because rsETH on mainnet is fully collateralized.

Umbrella stakers on mainnet by definition did not sign up to cover losses from another chain.

4 Likes
65

Summary

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in one of the rsETH hacker’s address on Arbitrum One. As of April 21 03:35:08 AM UTC the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

Assuming the same scenarios as in the original post and that the seized funds are returned to Kelp’s rsETH backing (to the total backing under Scenario 1 or to the L2 backing under Scenario 2), we present an estimation of the updated bad debt figures across Aave V3 markets.

Bad debt by debt asset

Under the new assumptions:

  • Scenario 1 (uniform socialization) now produces an estimated $62.4M in bad debt vs. the previously estimated figure of $123.7M.
  • Scenario 2 (Layer 2 isolated) now produces an estimated $162.5M in bad debt vs. the previously estimated figure of $230.1M.
Debt asset S1 bad debt (tokens) S1 bad debt (USD) S2 bad debt (tokens) S2 bad debt (USD)
WETH 26,043.41 $60,377,758 69,680.47 $161,266,741
wstETH 717.10 $2,049,381 424.79 $1,210,515
USDC 0.00 $0 744.13 $744
WETH.e (Avalanche) 0.002 $4 0.010 $24
Total - $62,427,143 - $162,478,024

Bad debt by chain

Chain Scenario 1 bad debt Scenario 2 bad debt
Ethereum Core $46,677,898 $0
Arbitrum $5,531,152 $61,740,363
Base $3,368,067 $34,147,805
Linea $26,146 $624,625
Mantle $5,911,064 $55,977,819
Avalanche $4 $24
Ink Whitelabel $912,812 $9,987,388
Total $62,427,143 $162,478,024

Scenario 1 per-reserve shortfall

With the new estimations under the loss socialization scenario, Mantle aWETH holders still absorb the largest relative shortfall at 5.44%. Ethereum takes the largest absolute loss ($44.8M), but the WETH reserve is large enough that the shortfall is only 0.75%. Ink comes in at 1.18%.

Chain Reserve Bad debt (USD) Bad debt (tokens) aToken supply (USD) aToken supply (tokens) Shortfall
Ethereum WETH $44,780,772 19,304.59 $5,979,515,263 2,577,715.68 0.75%
Mantle WETH $5,911,064 2,551.56 $108,757,540 46,946.15 5.44%
Arbitrum WETH $5,378,898 2,325.97 $331,510,045 143,353.39 1.62%
Base WETH $3,368,067 1,455.52 $204,044,391 88,178.62 1.65%
Ethereum wstETH $1,897,127 663.67 $3,103,212,462 1,085,599.46 0.06%
Ink WETH $912,812 394.48 $77,368,235 33,435.23 1.18%
Arbitrum wstETH $152,254 53.43 $55,470,617 19,465.40 0.27%
Linea WETH $26,146 11.28 $32,987,373 14,237.60 0.08%
Avalanche WETH.e $4 0.002 $32,853,108 14,192.62 0.00%
Base wstETH $0 0.00 $37,049,883 12,993.15 0.00%

Scenario 2 per-reserve shortfall

Under the scenario which penalizes L2s only, the ranking is preserved between the old and new estimations, but every L2 shortfall drops materially. Mantle aWETH falls from 71.45% to 51.47%; Arbitrum moves from 26.67% to 18.26%; Base from 23.28% to 16.74%; Ink from 18.00% to 12.91%. Ethereum remains untouched because Scenario 2 does not haircut mainnet rsETH.

Chain Reserve Bad debt (USD) Bad debt (tokens) aToken supply (USD) aToken supply (tokens) Shortfall
Mantle WETH $55,977,819 24,163.32 $108,757,540 46,946.15 51.47%
Arbitrum WETH $60,529,851 26,174.65 $331,510,045 143,353.39 18.26%
Base WETH $34,147,059 14,756.79 $204,044,391 88,178.62 16.74%
Ink WETH $9,987,388 4,316.12 $77,368,235 33,435.23 12.91%
Arbitrum wstETH $1,210,512 424.79 $55,470,617 19,465.40 2.18%
Linea WETH $624,625 269.59 $32,987,373 14,237.60 1.89%
Base USDC $744 744.13 $197,709,602 197,740,692.27 0.00%
Avalanche WETH.e $24 0.010 $32,853,108 14,192.62 0.00%
Base wstETH $2 0.001 $37,049,883 12,993.15 0.00%

We will continue to update the community as the situation evolves.

Disclaimer

This report has been prepared using publicly available information and on-chain data at the time of writing, which may be incomplete or subject to change. The analyses, scenarios, and figures presented are based on assumptions and modeling choices that may not reflect actual outcomes. Differences between assumed and realized conditions, including market behavior, protocol actions, and third-party decisions, may result in materially different results.

This report is provided for informational purposes only and does not constitute financial, legal, or investment advice. It should not be relied upon as the sole basis for any decision or action. References to third parties are illustrative and do not imply any commitment, participation, or responsibility by such parties.

No representation or warranty, express or implied, is made as to the accuracy or completeness of the information contained herein, and no liability is accepted for any loss arising from its use.

2 Likes
[ARFC] Pause AAVE Buybacks
66

What about a third scenario where arbitrum uses the recovered funds to bail out weth lenders in arbitrum?

They recovered it and may want to favor the users in their L2, which actually makes total sense.

1 Like
67

Thanks for the update. Regardless of the situation, if you’re an honest Aave user who used WETH on Aave V3 in good faith on L2 - you get penalized for it. Wonderful!

What a shame. Personally, Aave has been a solid product for me - good philosophy, strong guarantees. But after this loss I’m about to take, a loss that has absolutely nothing to do with my intentions or choices - not even 0.0001% - I can say with full confidence that I will not be recommending or using Aave in any shape or form going forward.

Good luck Aave and thank you!

2 Likes
68

Locking funds of unleveraged ETH suppliers on Linea due to external collateral failure creates significant reputational risk for Aave.

Users with no borrow exposure are effectively forced into socialized losses.

IMMEDIATE PATH TO WITHDRAW ETH OR GUARANTEE FULL REDEMPTION FOR PURE SUPPLIERS .

Clarity and fairness here are critical for protocol trust.

69

what’s the socialized % you took into account ? i took ~ 11%
i’ve run the numbers through all RSETH loopers positions, with a conversion rate of 89% * 1,0696 rseth/eth redemption rate and i find and actual bad debt of only ~ 20 millions after liquidations. The initial 5% buffer and the HF factors of each of these position (~1.03) plays a huge role in limiting bad debt.
Where am i wrong ? i would love to see the maths behind

70

What 11% are you talking about? Pure ETH suppliers should not and WILL NOT be held responsible for the rest. Otherwise, this will kill AAVE once and for all.

3 Likes
71

Kelp and LZ must add coverage from their treasuries/funds/revenue or whatever resources they have. Not only AAVE

4 Likes
72

Can we get an ETA of when WETH market on Base would be unblocked?

We have users’ funds frozen due to it, and we are still waiting for clarity.

2 Likes
73

11% socialized loss for rseth holders. they’re the first in line.

3 Likes
74

what is this guys !!! why pure WETH users must take haircut for something they never touched or used !! this insane guys, only rsETH users must take the haircut.

4 Likes
75

(I realise that this idea will likely get no love but I’m getting it off my chest & putting it out there regardless :zany_face:. Given the preceeding sentence, I won’t waste my time with accurate figures but rather use broad brushstrokes. You’ll get the idea!)

I propose:

  • the dilution of AAVE by the issuance of ~10% new tokens.
  • tokens to be sold to (self) interested parties including affected chains such as Arbitrum & Base (while pointing to Scenario 2’s table to sharpen their minds)
  • tokens locked for at least 1 year
  • smallish discount over current price
  • raised funds to be used to make all users whole

Pros:

  • complete restoration of Aave’s reputation from perspective of all users facing loss
  • Umbrella is left intact (ready for an overhaul when the dust here has settled!)
  • draws protocols into long-ish term desire for Aave to recover & flourish. (Hopefully they’d hold onto the tokens post-unlock.)

Cons:

  • breaks the covenant around ‘fixed supplies’. Don’t worry, these are exceptional circumstances and it won’t matter in the long run
  • leveraged mega-loopers let off the hook when they should more reasonably be expected to face a leveraged loss (versus ‘regular’ lenders)
  • obviously depends on (self) interested parties having & being willing to part with funds! Again, shove Scenario 2’s table under their nose
  • AAVE holders would effectively be ‘slashed’… but we’ve already been ‘slashed’ by the token price action post-exploit, and I’d guess the market would actually respond very favourably to a solution that hurts no users & no chains
  • could be seen to set a precedent for any future problem, so would want to see such ideas as timelocked deposits/withdrawals (to prevent such huge exploits in the future) given serious thought & preferably implemented. This can’t happen again.

I’m sure there are lots of arguments against the above - can think of plenty more myself! - but folk are currently hoping L2s bail them out, and L2s might more usefully burn their treasuries buying AAVE rather than giving ‘refunds’.

Disclosure:I hold a small amount of AAVE / hold non-ETH funds with Aave/Tydro / not particularly affected by the current situation I don’t think.

4 Likes
76

Ok so core squad is pointing fingers at L2 users. L2 users are as innocent as core squad. Especially lenders that did not interact with rsETH in any way, did not use looping strategies, did not even borrow. It is just retail that is using aave with less fees. And why are they discussing only 2 scenarios that both end up with users paying the bill? Umbrella is not being considered, treasuries are not being considered as well? Why? People cannot withdraw, cannot control positions and don’t even receive updates about it. I understand that they have to get along among themselves who is going to pay the bill. I get that, but my view here is that they cannot let retail that were liquidity providers pay for everything. If that happens I am never touching DeFi again for sure. And it won’t be because of the amount that would be lost. It would be because of the fact that since couple of entities cannot take responsibility for it - then innocent retail has to pay for that. Hope that makes sense. GG

P.S. and having a governance vote would obviously favor scenario 1 since it’s asking 2 groups of people how should they pay the bill, but only 1 group can vote?!

2 Likes
77

AAVE has big pressure right now, there are 2 options from my pov:

  1. To play this had right and to protect aave users as the aave core philosophy stands for

  2. To play the hand bad with the 2 scenarios and let aave DIE forever, bad reputation sticks around for years to come also on the AAVE product also on the team members regardless if they go in to new projects people will be skeptical all the time and will not trust them, the product or each member of the team.

AAVE is not guilty of the situation but is the first line and the first line always takes the fire and the heat, this is sad reality.

1 Like
78

Hi. Great follow up, but there is one main issue I have that doesn’t add up.

If scenario 2 is the case, does anyone really expects for Arbitrum to act as a charity and spread the funds across all L2 networks? Never. That’s essentially telling Arbitrum users to donate their money away to save other networks. Arbitrum’s own vote won’t pass if this is the case because no one in their right mind would ever do that. If scenario 2 happens, everyone’s on their own. Arbitrum caught what it caught and will most likely keep it for Arbitrum users only. That’s the only realistic and expectable pathway.

Not to mention that the funds frozen by Arbitrum’s security team cover almost the entirety of Arbitrum’s debt.

Regardless of what happens, we have to understand that this was an external attack that simply happened, you can’t reverse it and the funds are gone. Aave will suffer irreversible damage anyways and a significant portion of its users will leave ANYWAYS.

Until a final decision, I am personally in favour of scenario 1 since splitting the damage by so large margins makes it almost invisible.

4 Likes
79

FOR THE LOVE OF GOD

I am going to try to be as nice and respectful as I can.

Can you guys, PLEASE, learn to read?

AAVE IS NOT DECIDING BETWEEN SCENARIO 1 AND SCENARIO 2. KELP IS.

Filling up this message board begging and pleading and whining and cussing at AAVE about your L2 bags is a waste of your breath and our time.

*If you had learned to read before you lent your money out to these liquidity pools which contained these risky assets, you might have used that skill to know beforehand that you very much actually DID take this risk when you supplied your WETH to these pools. (This is particularly true for these L2 chains where people were looping the hell out of their staked and restaked assets.) YOU DID TAKE THE RISK.

Thank you for your attention to this matter.

1 Like
80

I deposited ETH on

@aave

V3 Linea → got aLinWETH at a modest ~1% APY → zero rsETH, zero looping, zero restaking. Now my funds are frozen because Aave Governance approved rsETH as 93% LTV collateral.
I didn’t make that decision. I shouldn’t pay for it!

1 Like
81

Exactly my point, pretending Arbitrum will return the ETH to ONLY cover L1’s lost is delusional at best, so scenario 1 is pretty much out of the question.