When $292 million got stolen from Kelp DAO on April 18 and the damage spread to Aave, most people expected the usual DeFi response: finger-pointing, governance debates, and affected users eating the loss. Instead, something different happened. Over 14 protocols and individuals pooled more than $300 million in ETH to fix the problem together.
DeFi United, the coalition leading the rescue, published its full technical implementation plan on Monday. It is the most detailed operational blueprint ever released for a DeFi recovery. If it works, no rsETH holder loses a penny. If it fails, the bad debt stays and Aave carries the scar for years.
This is either DeFi’s finest hour or its most expensive experiment. Here is how the rescue actually works.
What Happened and Why Does It Need $300 Million to Fix?
Quick recap. On April 18, an attacker exploited Kelp DAO’s bridge to mint 116,500 rsETH tokens that had no real backing. Those fake tokens looked legitimate on-chain. The attacker deposited roughly 89,567 rsETH into Aave as collateral and borrowed approximately $190 million in real wrapped ETH against them. Then they vanished with the borrowed funds.
Aave was left holding collateral worth nothing. Users panicked. Over $15 billion left the protocol in four days. All core markets hit 100% utilisation. Billions in stablecoins got trapped with no way to withdraw.
The problem is not just the $292 million that was stolen. It is the 107,000 rsETH tokens still sitting inside Aave and Compound as collateral for active loans. Those tokens are unbacked. If rsETH’s backing is not restored, Aave absorbs somewhere between $123 million and $230 million in bad debt. That is the gap DeFi United is trying to close.
Who Is Putting Up the Money?
The contributor list reads like a directory of Ethereum’s most important projects. Consensys and founder Joe Lubin committed up to 30,000 ETH. The Aave DAO advanced a separate 25,000 ETH treasury proposal. Mantle is lending 30,000 ETH at Lido’s staking yield plus 1% with a three-year term. Aave founder Stani Kulechov personally contributed 5,000 ETH, roughly $11.6 million from his own funds.
Lido proposed 2,500 stETH. EtherFi is discussing a 5,000 ETH plan. LayerZero, Ethena, and others have also pledged capital. Total disclosed commitments now exceed $300 million, making this the largest coordinated bailout in DeFi history.
“The Ethereum ecosystem has always been at its best when it moves together,” Lubin said. “DeFi United is exactly that: a broad, coordinated response to protect users and strengthen the infrastructure we’ve all helped build.”
Separately, Arbitrum’s Security Council froze 30,766 ETH (roughly $71 million) linked to the exploiter that was still sitting on Arbitrum. A governance proposal is now underway to release those frozen funds into the recovery effort.
How Does the Two-Track Rescue Plan Work?
The plan runs two parallel operations. Both need to succeed for the recovery to be complete.
Track one: restore rsETH’s backing. The committed ETH gets converted into rsETH in staged tranches and deposited back into Kelp DAO’s bridge lockbox contract. Each tranche is a deliberate risk management step. If something goes wrong with the bridge restart, only one tranche is exposed rather than the entire pool. Once enough ETH flows in, rsETH is fully backed again at its intended exchange ratio of 1.07 ETH per rsETH.
Track two: unwind the attacker’s positions. Seven addresses linked to the exploiter still hold active rsETH-backed loans across Aave and Compound. Normal liquidation cannot work because the rsETH collateral is worthless. DeFi United’s solution is a temporary oracle adjustment on Aave’s Ethereum and Arbitrum deployments, executed through governance proposals, that enables the bad positions to be liquidated in a controlled way. This track is expected to recover approximately 13,000 ETH from Aave and 16,776 ETH from Compound.
All configuration changes are temporary and get fully reverted when the recovery is done. No permanent changes to Aave’s protocol.
What Are the Risks?
The plan is not risk-free and the coalition is upfront about that.
First, much of the committed capital still depends on governance votes. Proposals need to pass on Aave, Arbitrum, and multiple other protocols. If any major vote fails, the funding falls short.
Second, the attacker still holds active positions on both Ethereum and Arbitrum. Deliberate interference could complicate the liquidation sequence. The exploiter could repay part of a loan, shift collateral, or front-run the governance execution to create complications.
Third, the bridge restart carries residual security risk. LayerZero and Kelp have both implemented additional security measures, but those measures have not been tested in production. The tranche-based approach limits exposure, but risk remains until the new configuration is proven under real conditions.
The coalition designed the plan to avoid passing losses to rsETH holders. That is a deliberate break from how DeFi hacks have been handled in the past. Previous exploits typically ended with holders absorbing the loss through depegged tokens or diluted collateral. DeFi United is trying to make everyone whole without socialising the damage. Whether they pull it off depends on clean execution across dozens of governance votes, liquidations, and bridge operations.
Why Does This Matter Beyond Aave?
This is bigger than one protocol fixing one hack. DeFi United is the first time multiple competing protocols have pooled hundreds of millions of dollars across organisational boundaries to absorb damage from an exploit that did not even happen to most of them. Kelp got hacked. Aave got stuck with the fallout. And Consensys, Lido, Mantle, EtherFi, and others are spending their own money to fix it.
That kind of coordination did not exist in 2022 or 2023. When Terra collapsed, everyone scattered. When FTX fell, protocols froze and hoped for the best. This time, the response came within 48 hours. Commitments crossed $300 million within a week. The technical plan was published within 10 days.
If DeFi United succeeds, it sets a precedent that the ecosystem can self-correct after a major exploit without centralised intervention. If it fails, it proves that DeFi’s interconnectedness is a liability that no amount of pooled capital can fix when the damage is deep enough.
Finalization is expected this week. The DeFi community is watching.
