DeFi United, a recovery coordination group linked to Aave, published a technical implementation plan on April 28 to restore backing for rsETH following the April 18 Kelp bridge exploit that released 116,500 rsETH ($293 million) without corresponding token burn on Unichain. The plan addresses a critical backing deficit by converting committed ETH into rsETH across multiple tranches and liquidating seven attacker addresses holding 107,000 rsETH in leveraged positions across Aave and Compound protocols.
How the Exploit Created a Backing Shortfall
The April 18 exploit on Kelp’s bridge infrastructure allowed an attacker to withdraw 116,500 rsETH from the Unichain bridge without triggering a corresponding burn mechanism on the source chain. This created an asymmetric liability: rsETH circulating on Unichain had no backing on Ethereum mainnet. The attacker then deployed approximately 107,000 of the released tokens as collateral across Aave and Compound, establishing leveraged long positions that now represent both a recovery target and a liquidation risk. Kelp and LayerZero are implementing additional security measures before bridge resumption, but the immediate challenge is mathematical: restoring the 1:1 backing ratio for all circulating rsETH.
Recovery Mechanics and Capital Commitments
DeFi United’s plan converts committed capital into rsETH for bridge lockbox deposits, effectively collateralizing the unburned tokens. As of Tuesday, April 29, the recovery effort had secured $302.26 million in commitments, equivalent to 132,706.903 ETH. Consensys and Joe Lubin committed 30,000 ETH directly. The Arbitrum Security Council holds an additional 30,765 ETH frozen for recovery purposes, pending Aave Labs’ governance request for release. The liquidation strategy involves coordinated price oracle adjustments on Aave and Compound to enable orderly liquidation of the seven attacker addresses without triggering broader market cascades. Sharplink provided advisory structuring for the recovery framework.
Governance Dependencies and Execution Risk
Recovery execution depends entirely on DAO governance approvals and finalized agreements between all parties. Aave governance must authorize oracle adjustments and liquidation parameters. Arbitrum DAO must vote to release frozen ETH from the Security Council. LayerZero and Kelp require completion of security audits before bridge operations resume. The attacker retains operational control of their positions until liquidation begins, creating a window where they could attempt to disrupt the process by moving collateral, repaying debt, or exiting positions. No public timeline for plan execution has been disclosed.
What Remains Unresolved
The recovery plan addresses 116,500 rsETH in total supply but has not confirmed whether all tokens can be recovered or if some loss will be socialized across rsETH holders. Attacker identity and motivation remain undisclosed. LayerZero and Kelp have not released detailed post-mortem security findings. The plan’s success hinges on governance votes completing before the attacker adapts their strategy, making speed and coordination critical to final recovery.
