Aave Raises $160M After Kelp DAO Exploit

Image credit: Shutterstock

Aave has raised about $160 million toward covering bad debt tied to the Kelp DAO exploit, leaving the lending protocol roughly $40 million short of the estimated $200 million needed for a full recovery.

Blockchain analytics firm Arkham said the biggest contributors so far are Mantle and Aave DAO, which together accounted for about 55,000 ETH, worth roughly $127 million. The funds are being coordinated through DeFi United, an industry recovery effort set up after the exploit.

Exploit Created Unbacked rsETH

The bad debt traces back to an April 18 exploit involving Kelp DAO’s rsETH and its cross-chain infrastructure. Reports said an attacker minted 116,500 unbacked rsETH tokens, then used them as collateral in Aave markets to borrow real assets before the risk could be contained.

That left Aave with a large shortfall after the unbacked collateral lost its value. Estimates have varied depending on how the losses are measured, with some putting bad debt near $124 million and more severe cases above $230 million.

Aave moved to freeze rsETH reserves after the exploit, while ecosystem participants began working on a broader recovery plan to restore confidence in the affected markets.

Mantle and Aave Lead the Recovery Effort

Mantle proposed a loan facility of up to 30,000 ETH from its treasury to help Aave deal with the bad debt. The proposal included repayment terms, collateral protections and governance safeguards.

Aave DAO has also been asked to commit 25,000 ETH to the recovery effort. The proposal would direct funding toward restoring the backing of Kelp DAO’s rsETH as part of the DeFi United plan.

Other contributors have joined as well. Aave founder Stani Kulechov has pledged 5,000 ETH of his own funds, while more support has been discussed by DeFi participants including Ether.fi, Lido, Golem and others.

DeFi Risk is Back in Focus

The recovery push shows how large DeFi protocols are trying to contain losses before they spread through lending markets, liquid restaking tokens and layer 2 ecosystems.

It also highlights a deeper problem in DeFi risk management. Aave’s exposure did not come from a direct exploit of its own lending contracts. It came from collateral linked to another protocol’s bridge and restaking infrastructure.

That makes the incident a real test for how DeFi handles interconnected risk. If DeFi United closes the funding gap, Aave may be able to limit the direct damage to users and lenders. If the gap remains, the case could intensify scrutiny over how lending protocols list complex collateral tied to bridges, liquid restaking tokens and external oracle assumptions.