DeFi United Announces $293 Million Recovery Plan for Kelp Exploit: Restoring rsETH Collateral and Normalizing the Ecosystem

On April 28, 2026, ten days after $293 million was drained from Kelp DAO due to unconfigured bridge parameters on April 18, 'DeFi United,' a coalition of major industry players, announced a definitive roadmap to restore rsETH collateral. This proposal has already secured commitments to cover more than half of the total shortfall of 163,183 ETH, marking it as one of the largest and most organized joint bailouts in decentralized finance history, led by Aave DAO and Consensys.

The core of the technical plan revealed by DeFi United is to replenish collateral by exchanging secured ETH assets for rsETH and clearing bad debt incurred across several protocols, including Aave. Formally announced on April 28, 2026, this roadmap focuses on resolving the uncertainty that spread through the market following the April 18 exploit and restoring the stability of the lending markets that use rsETH as collateral.

This recovery plan prioritizes restoring the collateral value of rsETH and stabilizing the market, and is the result of unprecedented cooperation to restore trust in the DeFi ecosystem.

The coalition is focused on minimizing damage to rsETH holders and blocking cascading risks between protocols through the cooperation of more than 14 ecosystem participants. Notably, this plan goes beyond simply injecting funds; it includes technical procedures to systematically clear DeFi positions linked to the attacker to prevent further market shocks.

Technical Analysis: The Full Story of the DVN Configuration Error

According to post-mortem analysis by security experts, this incident was caused by a configuration error during deployment rather than a logical flaw in the smart contract code itself. The attacker stole 116,500 rsETH from a LayerZero-based cross-chain bridge, which was worth approximately $293 million at the time. Vulnerabilities in deployment parameters, which are difficult to detect with standard auditing tools, became the conduit for the massive asset outflow.

• Standard Recommendation: Recommends a 2-of-3 or 3-of-5 multisig configuration for high-value deployments.
• Actual Configuration: Kelp's adapter was set to approve messages with only a single (1-of-1) proof.
• Attack Method: The attacker used forged cross-chain messages to bypass the single-proof system and drain assets.

The assets leaked in this incident accounted for approximately 18% of the total rsETH supply at the time, causing a significant shock to the market. In particular, the lending market utilizing rsETH as collateral faced bad debt issues due to the decline in collateral value, and a sharp drop in Aave's Total Value Locked (TVL) was observed as users moved funds to alternative protocols to avoid uncertainty.

Major industry players showed responsibility by participating heavily in the recovery funding. Aave DAO proposed a contribution of 25,000 ETH, and Joe Lubin, a key stakeholder in Consensys and Ethereum, pledged support of up to 30,000 ETH. Partners such as Lido, EtherFi, and Mantle also joined in, promising a combined contribution of over 33,000 ETH.

It is understood that approximately 54% of the total shortfall of 163,183 ETH has been covered through the contribution pledges secured so far. However, for these contributions to be finalized and funds to be executed, they must undergo governance approval processes in each of the more than 14 affected protocols, and the coalition is coordinating to process these quickly.

While the immediate market reaction was negative, with Aave's TVL falling right after the exploit, expectations for recovery have grown following DeFi United's announcement. In particular, the attempt to resolve 'cross-protocol contagion' risks—arising from shared liquidity and composability—through a joint response is being received as a positive signal by market participants.

Experts are using this incident to warn about the risks of protocol teams relying on default configurations. Future security standards must go beyond auditing code logic to encompass the safety of deployment parameters and cross-chain configurations; there are strong calls for the mandatory introduction of multi-signature proof systems, especially for bridges handling high-value assets.

DeFi United's activities are expected to serve as an industrial response model for potential large-scale security incidents in the future. If this recovery plan is successfully completed, it will be an important milestone proving how quickly and efficiently decentralized governance can mobilize resources in a crisis to prevent systemic collapse.