- Kelp and AAVE have announced that they have completed burning the attacker’s rsETH on Arbitrum and are working on a plan to refill 117,132 rsETH from recovery funds into the mainnet.
- Kelp is also preparing to resume withdrawals within 24 hours after the first refill part, along with all operations.
- Kelp has also announced that it has fixed existing vulnerabilities with new upgrades, including LayerZero bridging with 4 attestors.
Kelp DAO and AAVE have shared a major update regarding the bizarre hack incident, where they revealed the plans for restoring full backing for rsETH after last month’s hack.
Kelp and Aave have successfully completed a series of steps for rsETH backing, including burning the exploiter’s rsETH on Arbitrum.
117,132 rsETH will be progressively refilled from Aave Recovery Guardian and Kelp Recovery Safe into the LayerZero OFT adapter on mainnet over the…
— Kelp (@KelpDAO) May 12, 2026
Kelp and Aave Burn Exploiter’s ETH
According to the official post shared on X (formerly Twitter), in the joint efforts, they have burned the exploiter’s rsETH on Arbitrum, and now they are adding the missing supply. AAVE revealed that rsETH on mainnet and all other layer 2s are currently fully backed during the process.
Kelp is also planning to resume withdrawals tentatively within 24 hours after the first round of refilling is complete. According to the official post, Kelp DAO will resume all operations, which include deposits, redemptions, and token claims.
The recovery plan of stolen rsETH tokens involves a plan of moving 117,132 rsETH from the Aave Recovery Guardian and the Kelp Recovery Safe into the LayerZero OFT adapter on Ethereum’s main blockchain network. This transfer will happen in different ways over the next two weeks, according to Aave’s official governance document.
On the Arbitrum network, Aave has already liquidated and burned the exploiter rsETH tokens. The purpose behind this step is to remove the unbacked supply that was created after the cyber attack. This joint effort with Kelp DAO is helping the DeFi sector to clean up the inflated supply and once again restore the token 1:1 backing with the underlying assets.
Kelp Integrates Major Upgrades to Fix Vulnerabilities
According to the latest post, Kelp has also implemented many important upgrades on its ecosystem and on chains. After exploitation on the bridge, LayerZero will now require verification from 4 different attestors.
“we completed a security hardening pass across all LayerZero bridging configurations: verification now requires 4 independent attestors, block confirmations have been raised from 42 to 64, and all L2-to-L2 routes have been deprecated. These changes have been audited by BailSec. We are in the process of migrating to CCIP for further strengthened cross-chain bridging,” stated in the official post on X. Block confirmations have also been increased from 42 to 64.
These new upgrades are expected to provide strong and more decentralized cross-chain security for the DeFi platform. After the vulnerabilities came into the light after the hack incident, these fixes will reduce the chances of cyber attacks in the future.
On April 18, attackers who were linked by some reports to North Korea’s Lazarus Group exploited the Kelp DAO bridge, which was developed on LayerZero. By using forged cross-chain messages, which passed after a single verifier setup, hackers have managed to mint 116,500 rsETH on the Ethereum blockchain network without any real burning event on the source chain. The stolen fund was worth approximately at around $292 million, and it was around 18% of the total supply of rsETH at the time.
After stealing tokens, the hackers have used these unbacked rsETH as collateral on the Aave lending platform to borrow large amounts of Wrapped Ethereum and other cryptocurrencies. This has created bad debt and sparked the liquidity crisis in the entire DeFi sector. After this attack, Kelp DAO has quickly stopped withdrawals on its contracts to avoid any further damage.
Aave is playing a very important role in the recovery through the DeFi United program. They are actively tracking the stolen funds and freezing the exploiter’s funds on both Ethereum and Arbitrum. This allowed them to recover a major portion of the rsETH tokens. These recovered funds were then transferred to the Aave Recovery Guardian for safety purposes.
Aave is also jointly working with Kelp, LayerZero, EtherFi, and other entities on governance proposals to release frozen funds to provide compensation to victims and restore the full backing of the token.
Also Read: Institutions Ready for Crypto, But Structure Matters Most, Says 21Shares Research Head
