Aave V3’s Wrapped Ether (WETH) reserve is carrying bad debt after attackers exploited KelpDAO’s rsETH liquid restaking token and used it as collateral to borrow against the lending protocol.
Solidity developer and auditor 0xQuit flagged the situation on X, warning depositors that the WETH pool is effectively impaired and that partial withdrawals may only become possible after Aave’s Umbrella backstop settles the deficit.
How Drained rsETH Created Bad Debt on Aave
The exploit started with an attacker funding wallets through Tornado Cash. Approximately 116,500 rsETH was drained from KelpDAO, totaling over $290 million.
The attacker then supplied the stolen rsETH as collateral on Aave V3 and borrowed a large volume of WETH against it.
Because the rsETH became unbacked after the drain, the resulting positions are effectively unliquidatable. This left Aave holding WETH obligations it cannot recover through normal liquidation.
What Umbrella Means for WETH Depositors
Aave’s Umbrella system, which replaced the legacy Safety Module in late 2025, is designed for exactly this scenario.
Users who staked aWETH in the Umbrella vault face automatic slashing to cover the deficit.
Once the slashing cycle completes, remaining WETH suppliers should regain partial withdrawal access.
However, a full recovery is not guaranteed, and depositors may face a haircut on their positions.
The incident marks the first major real-world test of Umbrella’s automated bad debt coverage. It also raises fresh questions about the risks of whitelisting liquid restaking tokens as collateral on lending protocols.
Meanwhile, the Upshift team, offering non-custodial vaults for managing tokenized assets, have assured users that they do not have any exposure to rsETH.
The post Aave WETH Suppliers Urged to Withdraw After KelpDAO rsETH Exploit appeared first on BeInCrypto.
Source: https://beincrypto.com/aave-weth-rseth-exploit-withdraw-warning/
