Major decentralised finance protocols Aave and Compound, operating under the banner of DeFi United, on Monday released a technical recovery plan aimed at eliminating bad debt and restoring full backing for rsETH tokens following a $293 million exploit of the Kelp DAO protocol.
Decentralised finance protocols Aave and Compound have jointly outlined steps to address the financial fallout from one of the largest DeFi exploits in recent memory, after Kelp DAO — a liquid restaking protocol — was drained of approximately $293 million.
DeFi United, an Aave-linked entity, published the technical plan on Monday, detailing measures to restore backing for rsETH, the liquid restaking token at the centre of the exploit. The plan also addresses how attacker-linked DeFi positions — which had been used to extract funds — will be unwound.
According to reports from Cointelegraph and Decrypt, the recovery framework focuses on two primary objectives: eliminating the bad debt that accrued across lending markets as a result of the hack, and returning rsETH to full collateral backing so that affected users can eventually redeem their holdings at fair value.
The precise mechanics of the recovery — including whether a treasury injection, governance vote, or protocol-level debt socialisation will be used — were not fully detailed in available reporting at the time of publication. DeFi United's plan is understood to involve coordination across multiple protocols that held rsETH as collateral.
The Kelp DAO exploit, the scale of which places it among the largest DeFi hacks on record, has raised fresh concerns about the risks inherent in liquid restaking tokens, which allow users to simultaneously earn staking rewards and deploy assets as collateral across DeFi platforms. Critics have long warned that this layering of financial exposure can amplify losses when a vulnerability is discovered.
Neither Kelp DAO nor the exploiting party has publicly confirmed whether any funds have been recovered or whether a white-hat negotiation is underway — a common feature of large DeFi exploits where attackers are offered a bounty in exchange for returning stolen assets.
The broader DeFi market, which has experienced significant growth in liquid restaking over the past 18 months, is likely to face increased scrutiny from both users and regulators following this incident. Similar large-scale exploits — including the 2022 Ronin Bridge hack and the Euler Finance exploit in 2023 — have previously led to temporary market-wide reductions in DeFi activity before recoveries took hold.
Analysis
Why This Matters
- A $293 million exploit directly threatens user funds across multiple DeFi protocols simultaneously, demonstrating how interconnected liquidity risks can cascade through the ecosystem.
- Aave and Compound are among the largest DeFi lending platforms by total value locked; their coordinated response sets a precedent for how major protocols handle systemic shocks going forward.
- The incident could accelerate regulatory scrutiny of liquid restaking tokens, which have grown rapidly but remain largely unregulated in most jurisdictions.
Background
Liquid restaking tokens (LRTs) emerged as a significant DeFi trend through 2024 and 2025, allowing users to stake Ethereum, receive a liquid token representing that stake, and then deposit that token as collateral elsewhere — effectively multiplying yield while multiplying exposure. Kelp DAO's rsETH was one of the leading LRT products in this space.
The practice of using LRTs as collateral on lending platforms like Aave and Compound meant that a critical vulnerability in any one LRT protocol could simultaneously create bad debt across multiple unrelated platforms — a risk that DeFi risk researchers had flagged but that governance bodies had been slow to fully address.
Large DeFi exploits have a mixed track record when it comes to user recovery. The Euler Finance hack in March 2023, which involved approximately $197 million, saw nearly all funds returned after on-chain negotiations with the attacker. The Ronin Bridge hack of 2022, by contrast, resulted in permanent losses of over $600 million, with funds later linked to North Korean state actors.
Key Perspectives
DeFi United / Aave / Compound: Protocol teams are presenting a coordinated, technical recovery path, signalling confidence that bad debt can be eliminated without catastrophic losses to liquidity providers. Their swift public response is also aimed at stabilising market confidence.
rsETH Holders and Affected Users: Those holding rsETH or who had it deployed as collateral face uncertainty about the timeline and completeness of any recovery. The key question for users is whether they will be made whole, and over what timeframe.
Critics and Risk Analysts: Security researchers and DeFi sceptics argue this exploit illustrates the systemic danger of composability — the practice of stacking financial products on top of one another — and that governance bodies at major protocols approved rsETH as collateral without adequately pricing in tail risk.
What to Watch
- Whether DeFi United's recovery plan receives governance approval from Aave and Compound token holders, and on what timeline.
- Any on-chain communications between the exploiting address and protocol teams that could indicate a white-hat return negotiation is underway.
- The total value locked (TVL) in liquid restaking protocols in the weeks following the incident, as a signal of whether user confidence in the sector has been durably damaged.