GLOBAL, April 29, 2026 – On April 28, 2026, a group of decentralized finance protocols operating as DeFi United posted a technical recovery plan aimed at fully restoring backing for rsETH issued through Kelp DAO. The document lands ten days after a serious bridge incident that news outlets have sized in the hundreds of millions of dollars.
April 18 saw a vulnerability exploited in Kelp DAO's cross-chain bridge. Coverage from Unchained Crypto and The Block describes forged system messages that let the attacker mint about 116,500 unbacked rsETH tokens. Press accounts often attribute the activity to North Korea's Lazarus Group; treat that attribution as reporting consensus, not a courtroom finding. The same outlets reported an overall exploit scale on the order of $292 million.
After the mint, the attacker is said to have moved roughly 107,000 of the unbacked tokens into large lending pools, with Aave and Compound named most often. Using those positions as collateral, the borrower pulled other assets out of the system, which left a trail of impaired positions across the ecosystem. DL News characterized the lending-side damage as on the order of a $246 million hole; that number is an outlet's framing, not a unified on-chain total every reader will agree on.
DeFi United formed around the idea of repairing the damage without dumping losses on ordinary users through a blanket haircut. The coalition says it lined up more than $300 million in Ethereum commitments from industry participants. Unchained Crypto pointed to a 30,000 ETH figure tied to Consensys and Joe Lubin. RootData separately highlighted a pledge above 10,000 ETH from LayerZero Labs. Different stories emphasize different names; the coalition's own communications are the place to reconcile who signed what.
The published plan runs on two parallel tracks. First, committed ETH would convert into rsETH in timed tranches rather than in one block, then flow into Kelp DAO's bridge lockbox contract. The coalition frames the pacing as a way to stress-test new controls in production rather than pretend a single transaction fixes everything.
Second, the same blueprint assumes a governed liquidation sequence against the attacker's borrowing positions on Aave and Compound. Those steps need explicit approval through each protocol's governance, which is hardly a rubber stamp when positions are politically and technically messy. The coalition floated rough recovery estimates of about 13,000 ETH from Aave and about 16,776 ETH from Compound. Treat those figures as directional; execution and market conditions will move them.
After liquidations (if governance votes allow them), recovered rsETH collateral would move to a DeFi United multisignature wallet, then follow Kelp DAO's ordinary redemption mechanics. The organizers say proceeds would mop up leftover shortfalls across the affected lending markets.
Through the repairs, backing tied to rsETH reportedly stays frozen. DeFi United also warned plainly that governance delays could stall liquidations entirely, and that the original attacker might still interfere while the playbook is running. None of this reads like an overnight tidy wrap-up; it reads like a high-stakes repair job with procedural landmines baked in.
Sources
Unchained Crypto: Technical plan after Kelp DAO exploit (April 28, 2026, 06:31 EST)
The Block: DeFi United detailed plan (April 28, 2026)
RootData (April 28, 2026, 20:38)
DL News: Aave-related repair coverage (April 28, 2026)
