Aave Proposes Two Paths to Handle $230M Bad Debt From Kelp DAO Hack
Alvin Lang Apr 21, 2026 04:27
LlamaRisk outlines scenarios for allocating losses from the $293M Kelp DAO exploit, with Aave facing up to $230M in bad debt depending on Kelp's decision.
Aave's risk management arm has laid out two scenarios for absorbing the fallout from Saturday's $293 million Kelp DAO exploit—and the difference between them is stark. One path leaves Aave with $123.7 million in bad debt. The other? A $230.1 million hole.
LlamaRisk published its analysis Monday, three days after hackers drained 116,500 rsETH tokens from Kelp DAO's LayerZero-powered bridge and immediately used them as collateral on Aave V3 to borrow wrapped Ether. The move created a cascading problem: stolen tokens backing real loans that borrowers have no intention of repaying.
The Numbers That Matter
Scenario one spreads losses across all rsETH holders on Ethereum mainnet and layer 2s. Bad debt: $123.7 million. The tradeoff? A roughly 15% depeg in rsETH relative to ETH. LlamaRisk notes that wETH reserves would "absorb the bulk in absolute terms but barely notice it relative to reserve depth."
Scenario two concentrates the entire shortfall on layer 2 networks like Arbitrum and Mantle. Bad debt jumps to $230.1 million—nearly double.
The final call rests with Kelp DAO, not Aave. That's cold comfort for Aave depositors watching the protocol hemorrhage capital. Since the exploit, nearly $10 billion in total value has exited Aave.
What Aave Has to Work With
The protocol isn't defenseless. LlamaRisk flagged that 18,922 aWETH tokens worth approximately $43.7 million have already entered the unstaking cooldown phase under Aave's Umbrella security model—funds that could cover partial losses under the first scenario.
Aave's treasury holds around $181 million, theoretically enough to address a shortfall under either scenario. Whether governance would approve such a deployment is another question entirely.
How the Exploit Happened
Kelp DAO provided additional details Monday. Attackers compromised two validator nodes tied to LayerZero's bridge infrastructure while hitting a third with a DDoS attack. This allowed them to forge a transfer message that the system approved as legitimate, minting 116,500 rsETH on the bridge.
The root cause, according to earlier reports citing LayerZero: a 1-of-1 Decentralized Verifier Network configuration. One compromised node was all it took.
Kelp's team moved quickly after detection, pausing contracts across Ethereum and layer 2s and blacklisting exploiter wallets. That intervention reportedly prevented another 40,000 rsETH ($95 million) from being stolen.
What Happens Next
Kelp DAO says it's still assessing the financial impact and working with Aave, LayerZero, and other stakeholders on a recovery path. No timeline for unpausing the protocol has been announced.
For traders, the immediate concern is rsETH pricing. A 15% depeg under scenario one would create arbitrage opportunities—but also trap anyone holding rsETH as collateral elsewhere in DeFi. The contagion risk that made this exploit so damaging isn't over; it's just waiting on a governance decision.
Image source: Shutterstock.jpg)