Aave Nears Full Recovery Funding After KelpDAO Exploit

Aave, one of the largest decentralized lending protocols, is closing in on its goal to recapitalize after the devastating KelpDAO vulnerability that left the platform with roughly $200 million in bad debt. According to blockchain analytics firm Arkham, Aave has already raised around $160 million, putting it within 20% of the total required to fully repair the damage.

AAVE HAVE RAISED $160M TO COVER THE HOLE

AAVE have so far raised $160M to cover the bad debt from the Kelp DAO Exploit, at defiunited.eth. The largest contributors are Mantle and AAVE DAO, who together raised 55,000 ETH or $127M.

Will AAVE be able to cover the exploit? pic.twitter.com/3klwk5kgsj
— Arkham (@arkham) April 25, 2026

The exploit — now recognized as 2026’s largest DeFi security incident — stemmed from a vulnerability in KelpDAO’s LayerZero integration. Attackers minted 116,500 unbacked rsETH tokens, then used them as collateral on Aave to borrow real assets, leaving the protocol with massive unbacked liabilities.

How the Recovery Effort Is Being Funded

The recapitalization effort is being coordinated under an initiative called DeFi United, led by Aave service providers and major ecosystem partners. The largest contributors so far include:

Mantle + Aave DAO, jointly providing 55,000 ETH (worth about $127 million)
Aave founder Stani Kulechov, personally contributing 5,000 ETH (≈ $11.7 million)

These contributions form the bulk of the $160 million raised to date, demonstrating strong community and institutional support for stabilizing Aave’s ecosystem.

Impact of the Exploit on DeFi

The KelpDAO attack triggered a shockwave across decentralized finance:

$292–$293 million was drained from KelpDAO’s bridge.
Aave was left with $195–$200 million in bad debt.
DeFi’s total value locked (TVL) fell by over $13 billion in 48 hours.
Aave’s own TVL dropped sharply as users rushed to withdraw funds.

Despite the scale of the incident, the broader Ethereum market remained relatively stable, suggesting traders view the damage as isolated to Aave rather than systemic.

What Comes Next

Aave’s governance is now focused on:

Fully closing the remaining $40 million funding gap
Restoring confidence in rsETH, the yield-bearing token at the center of the exploit
Rebalancing liquidity in its USDT and USDC pools, which hit 100% utilization during the crisis

The near-complete funding signals that Aave is on track to stabilize its protocol and mitigate long-term fallout — but the exploit has already cemented itself as a defining moment for DeFi security in 2026.

Coin Gazette

Coin Gazette