Aave has secured roughly $160 million of the $200 million it needs to cover bad debt stemming from the Kelp DAO exploit, the largest decentralized finance breach of 2026. Blockchain analytics platform Arkham posted the update on X, confirming the fundraise has now reached approximately 80% of its target.
Mantle and Aave DAO are the standout contributors, together pledging 55,000 ETH worth roughly $127 million at current prices.
The coordinated effort, operating under the name DeFi United and led by Aave service providers, is designed to restore stability to rsETH, the yield-bearing ether derivative token at the center of the attack.
How the Exploit Unfolded
The breach originated from a vulnerability in KelpDAO’s integration with the LayerZero cross-chain messaging protocol. An attacker exploited the flaw to mint 116,500 unbacked rsETH tokens, leaving Aave holding severely impaired collateral and triggering a wave of deposit withdrawals that totaled $10 billion.
The initial security breach was valued at $292 million, making it the single largest DeFi exploit recorded this year.
The collapse in confidence around rsETH created a cascading effect across Aave’s lending markets, forcing service providers to organize an emergency recapitalization rather than rely on liquidation mechanisms alone.
Key Contributors and the Path to Recovery
Aave founder Stani Kulchov confirmed his own personal contribution of 5,000 ETH to the DeFi United fund, equivalent to approximately $11.73 million at ether’s current price of around $2,346. His public commitment was framed as part of a broader industry push to protect the integrity of DeFi lending infrastructure.
The recovery strategy centers on recapitalizing rsETH to a level where borrowers and lenders can regain confidence in the collateral’s backing.
By pooling contributions from institutional players and individual stakeholders, the effort aims to absorb losses without triggering further market dislocations across protocols that rely on ether-based collateral.
The Kelp DAO incident is not the only major DeFi shock this year. In late March, an attacker drained at least $270 million from Drift Protocol on Solana by abusing a legitimate blockchain feature known as durable nonces, a method that bypassed traditional code vulnerability detection entirely.
Together, the two exploits have intensified calls across the sector for stricter cross-chain integration audits and improved collateral monitoring tools.
With $40 million still to raise, DeFi United continues to solicit contributions as Aave works to fully backstop the bad debt and prevent further contagion to markets that rely on rsETH as collateral.
Not Financial Advice: This article is for informational purposes only. Crypto investments are highly volatile. Always do your own research.
