Aave’s risk management provider LlamaRisk has outlined two competing frameworks for absorbing bad debt generated by the Kelp DAO bridge exploit, with estimated shortfalls ranging from $123.7 million to $230.1 million depending on where losses are concentrated. The supporting evidence appears in the cited X post.
The incident began over the weekend when attackers drained 116,500 Kelp DAO Restaked ETH (rsETH) tokens worth approximately $293 million from Kelp DAO’s LayerZero-powered bridge and used the stolen tokens as collateral on Aave V3 to borrow wrapped Ether (wETH).
The two scenarios, published Monday in an Aave governance post, leave the final allocation decision with Kelp DAO. The choice carries meaningful consequences for rsETH holders, Aave liquidity providers, and the broader network of Ethereum layer 2 ecosystems connected to both protocols.
Scenario One Risks an rsETH Depeg of 15%
Under the first scenario, losses would be distributed across all rsETH token holders on Ethereum mainnet and Ethereum layer 2 networks simultaneously.
LlamaRisk estimates this approach would generate roughly $123.7 million in bad debt on Aave, a lower absolute figure than the alternative but one that comes with a significant secondary risk: an estimated 15% depeg of rsETH relative to Ether.
LlamaRisk noted that wrapped Ether would be absorbing the bulk of the damage in absolute terms while barely registering the impact relative to its reserve depth.
The shallower exposure per chain makes this the cheaper option, but the depeg risk introduces price instability that could ripple into other DeFi protocols holding rsETH as collateral or reserve assets.
Aave’s Umbrella security model could be activated to cover wETH losses under this scenario. According to the governance post, 18,922 Aave Wrapped ETH tokens worth nearly $43.7 million had already entered the unstaking cooldown phase as of Monday, signaling early preparation for a potential payout under that framework.
Scenario Two Shifts the Full Shortfall to Layer 2 Networks
The second scenario concentrates the entire loss at the Ethereum layer 2 level, specifically targeting networks such as Arbitrum and Mantle.
While this approach better protects Ethereum mainnet liquidity and avoids a broad rsETH depeg, the bad debt figure climbs sharply to $230.1 million, representing a roughly $106 million increase over the first option.
LlamaRisk framed this as a trade-off between systemic risk on mainnet and concentrated damage at the layer 2 level.
Smaller layer 2 reserve pools absorb losses less efficiently than the deeper mainnet liquidity, which means lenders and liquidity providers on Arbitrum and Mantle would face proportionally larger haircuts under this structure.
Aave’s treasury holds approximately $181 million that could be deployed to address either shortfall, according to the risk manager’s assessment.
That figure is sufficient to cover the first scenario entirely but would fall short of the $230.1 million exposure created by the second, leaving a residual gap that would require additional governance action or protocol-level loss socialization.
The scale of market reaction has been stark. Nearly $10 billion in total value has left Aave since the exploit took place, underscoring how quickly confidence can erode across DeFi when a major collateral asset comes under suspicion.
The liquidity exit reflects the interconnected nature of decentralized lending: when collateral integrity is questioned, rational lenders withdraw exposure regardless of direct involvement in the compromised asset.
Kelp DAO said on Monday it is still assessing the full financial impact of the exploit and evaluating how to safely unpause its protocol. The project confirmed it is coordinating with Aave, LayerZero, and other stakeholders to map a path forward. Kelp also provided a more detailed technical account of the breach, disclosing that two nodes tied to the LayerZero bridge were directly compromised while a third was hit with a distributed denial-of-service attack.
The attacker exploited those compromised nodes to forge a transfer message that the bridge system accepted as valid, enabling the minting of 116,500 rsETH on one of LayerZero’s bridges without backing assets.
Kelp said it moved quickly once the attack was detected, pausing all relevant contracts across Ethereum and its layer 2 deployments and blacklisting wallets linked to the exploiter. Those actions prevented the theft of an additional 40,000 rsETH worth an estimated $95 million.
The episode adds to a growing list of bridge-related exploits that have exposed structural vulnerabilities in cross-chain infrastructure.
Bridges remain one of the highest-risk components in the DeFi stack, serving as concentrated targets precisely because they custody large asset volumes while depending on multi-node validation systems that, as this incident shows, can be compromised through a combination of targeted attacks and service disruption.
For Aave and its governance community, the more immediate question is which allocation framework minimizes systemic damage while keeping the protocol solvent and its treasury intact.
Not Financial Advice: This article is for informational purposes only. Crypto investments are highly volatile. Always do your own research.
