Aave Models $124M to $230M in Bad Debt From Kelp Exploit

Aave service providers on Monday published an incident report quantifying the protocol’s exposure to the April 18 Kelp DAO rsETH bridge exploit, outlining two bad-debt scenarios ranging from $123.7 million to $230.1 million, and recommending an immediate pause of the protocol’s Umbrella safety module.

According to the report, posted to the Aave governance forum, 89,567 of the 116,500 rsETH stolen from Kelp’s LayerZero bridge were deposited across seven attacker-controlled wallets on Aave. Those positions borrowed 82,650 WETH ($190.86 million) and 821 wstETH ($2.33 million).

The single largest position, on Aave’s Ethereum Core market, supplied 53,000 rsETH and borrowed 52,460 WETH, or $121 million, from one wallet. The remaining positions were distributed across Aave’s Arbitrum deployment. All attacker positions currently sit at health factors between 1.01 and 1.03.

Kelp subsequently recovered 40,373 rsETH by freezing a second attempted drain. That balance is the only confirmed backing for 152,577 rsETH of claims across every L2, a pro-rata backing ratio of 26.46%. Ethereum mainnet rsETH is backed separately by Kelp’s underlying ETH staking deposits.

Two bad debt scenarios

The report declined to commit to a single bad-debt figure, stating that the outcome depends on decisions outside Aave’s control — primarily how Kelp accounts for the loss and whether it updates its LRTOracle exchange rate.

Under Scenario 1, a uniform socialization across all rsETH holders on all chains, each token takes a 15.12% haircut. Total bad debt reaches $123.7 million, with the Ethereum Core WETH reserve absorbing $91.8 million, or a 1.54% shortfall. Mantle absorbs $10.4 million, or 9.54% of its WETH reserve, the most proportionally acute.

Under Scenario 2, losses are isolated to rsETH on L2s. Remote-chain rsETH is repriced to its 26.46% backing ratio, or a 73.54% haircut, while Ethereum mainnet rsETH is unaffected. Total bad debt rises to $230.1 million, all concentrated on L2s.

In this scenario, Mantle faces a 71.45% shortfall ($77.7 million), Arbitrum 26.67% ($88.4 million), Base 23.28% ($47.5 million), and Ink 18% ($13.9 million). Ethereum Core is untouched.

Umbrella covers only Ethereum Core reserves. Under Scenario 2, it would not activate.

Balance sheet disclosure

The report disclosed the Aave DAO’s financial position. As of April 20, the treasury holds $181 million — $62 million in Ethereum-correlated holdings, $54 million in AAVE tokens, and $52 million in stablecoins. The DAO generated $145 million in revenue in 2025 and $38 million year-to-date in 2026, with operating cash flow of $149 million in 2025 and $40 million year-to-date.

Aave DAO service providers are “leading an effort with ecosystem participants to address a potential bad-debt scenario,” the report said, and the effort has received “indicative commitments from various parties.” It did not identify the parties or quantify the commitments.

The report also recommended the DAO immediately pause the WETH Umbrella module. As of writing, 18,922 of the 23,507 aWETH staked in Umbrella — approximately 80% — have already entered the 20-day unstaking cooldown. A pause would block further deposits, withdrawals, transfers, and slashing. Coverage under a paused module would need to be handled manually through governance rather than automatically.

A second-order liquidation risk

The report also quantified the risk of further bad debt if ETH falls in price while Aave’s WETH reserves remain at 100% utilization. Because idle WETH balances are below $20 on every affected chain, liquidators cannot receive WETH as underlying and instead receive aWETH receipts, which keeps their capital inside the reserve and slows liquidation throughput.

At a 50% ETH price drop, Aave modeled $100.8 million of residual bad debt on Ethereum alone, with smaller amounts on Arbitrum, Base, Linea, and Mantle. Arbitrum and Base were flagged as particularly vulnerable because wstETH looping positions on those chains run at health factors around 1.03 — meaning first liquidations would trigger at ETH price drops of just 0.77% and 1.77%, respectively.

LayerZero and Kelp continue to trade blame

The Aave report did not assign blame for the underlying bridge exploit. LayerZero and Kelp DAO have continued to publicly attribute the incident to each other.

In a Sunday post-mortem, LayerZero Labs attributed the attack to the DPRK-linked Lazarus Group. The company said attackers compromised two downstream Remote Procedure Call (RPC) nodes used by its LayerZero-operated Decentralized Verifier Network (DVN), and introduced malicious software that returned forged data only to the DVN, then launched a DDoS attack to force failover to the poisoned RPC nodes.

LayerZero said the protocol itself was not exploited and attributed the attack’s success to Kelp’s use of a 1-of-1 DVN configuration.

In a rebuttal reported by CoinDesk on Monday, a source familiar with Kelp’s position said a communications channel between the two teams had been open since July 2024 and that LayerZero had not issued a specific recommendation to change the rsETH DVN configuration. The source said the compromised DVN was LayerZero’s own infrastructure and that Kelp’s core restaking contracts were not affected.

Yearn Finance core developer known on X as @banteg, published a technical review showing LayerZero’s public V2 OApp Quickstart uses a 1-of-1 DVN setup in its reference configuration across Ethereum, BSC, Polygon, Arbitrum, and Optimism. CoinDesk reported approximately 40% of applications on LayerZero currently run 1-of-1 configurations.

LayerZero has said it will no longer sign messages for any application using a 1-of-1 DVN configuration.

“DeFi has spent years auditing smart contracts. Kelp is the moment the industry realises the threat doesn’t end at the code. Most protocols are completely exposed at the infrastructure layer,” said Yair Cleper, Co-Founder and CEO of MagmaDevs and contributor to Lava Network, a decentralized marketplace for blockchain data providers.