Aave and Compound Publish DeFi United Rescue Blueprint for $246M Kelp Bad Debt
A coalition of DeFi protocols has published a technical plan to recover roughly 30,000 ETH from attackers who exploited Kelp DAO — using oracle-adjusted liquidations funded by $303M in industry pledges.
Eleven days after the $293 million Kelp DAO exploit, the lenders most exposed to the fallout have a plan. The DeFi United coalition — led by Aave, with Compound, LayerZero, and others backing it — published a technical recovery blueprint on Monday targeting the $246 million in bad debt the attack left scattered across two of DeFi's largest money markets.
Oracle-Adjusted Liquidations Take the Wheel
The mechanics are unusually surgical. The coalition will convert pledged ETH into rsETH in controlled tranches, temporarily adjust oracle prices to reflect the rsETH that has effectively been removed from circulation, then liquidate the attacker's borrowed positions at the corrected price. The targets: roughly 13,000 ETH from compromised positions on Aave's Ethereum and Arbitrum markets, and 16,776 ETH from Compound. Total commitments stand at $303 million — enough capital to execute, contingent on governance approvals and final agreements.
The Kelp Wound Was Bigger Than the Headline
The April 18 exploit didn't just drain Kelp. North Korean attackers — DPRK Lazarus Group, per on-chain forensics — stole 116,500 rsETH (18% of circulating supply), then deposited the unbacked tokens as collateral on Aave and Compound to borrow real ETH against fake tokens. The bad-debt cascade is what triggered Aave's $6B TVL drop last week. The recovery plan is essentially a coordinated unwind of those positions before the bad debt becomes unrecoverable through normal liquidation.
What to Watch
The plan is technically clever but governance-heavy. Aave and Compound DAOs both need to approve oracle adjustments and the unusual liquidation mechanics. Any delay risks the attacker rotating the borrowed ETH into harder-to-trace destinations. Industry response will also signal whether DeFi can self-organize a $300M rescue without a centralized backstop — something every major exploit since the DAO hack has implicitly required.
Sources
How we report: This article cites primary sources, regulatory filings, and on-chain data where available. BlockAI News uses AI tools to assist with research and first-draft generation; every article is reviewed and edited by a human editor before publication. Read our full How We Report page, Editorial Policy, AI Use Policy, and Corrections Policy.
