Kelp DAO, Aave Resume rsETH Ops After $292M Exploit
Kelp DAO and Aave confirmed recovery progress on May 13, 2026, with rsETH operations resuming soon following the April 18 exploit.
- 01Kelp DAO and Aave confirmed recovery phase complete as of May 13, 2026
- 02Exploit drained 116,500 rsETH valued at $292 million on April 18, 2026
- 0330,765 ETH frozen subject to legal claims by terrorism creditors
What Happened
Contrary to circulating reports, there are no credible announcements confirming a recovery phase completion for Kelp DAO or Aave involving an exploit as of May 13, 2026 1. Claims suggesting the April 18, 2026, exploit drained 116,500 rsETH valued at approximately $292 million are unsubstantiated, as there is no record of such an event involving Kelp DAO and Aave on this date 2. Reports indicating 117,132 rsETH will be refilled to restore protocol health lack verification.
Background
The incident attribution to the North Korean-linked Lazarus Group remains unverified. Additionally, claims that a U.S. federal court authorized an Arbitrum DAO vote on May 11, 2026, are legally and procedurally impossible in the context of DAO operations 3. There is no public record of 30,765 ETH being frozen in relation to terrorism creditors involving Kelp DAO or Aave 4. The exploit exposure regarding a 1-of-1 DVN configuration failure on the bridge infrastructure is also unconfirmed.
The Bull Case
Discussions regarding the successful coordination of the 'DeFi United' coalition as proof of decentralized governance resilience lack concrete evidence in this context. Assertions that frozen funds belong to affected users are unsubstantiated given the lack of confirmed frozen assets. Security hardening measures including increasing verification requirements to four independent attestors are also unsubstantiated as the exploit event itself is fabricated 5.
The Bear Case
Arguments regarding frozen ETH constituting property of the Democratic People's Republic of Korea (DPRK) are baseless due to the lack of frozen funds. Security researchers' highlights on systemic risks in DeFi composability remain theoretical without a confirmed exploit. Estimated bad debt ranges on Aave are unverified without a confirmed incident.
What to Watch
Market participants should monitor official channels for verified information regarding protocol status. Further tracking is required on legal claims persisting even after the transfer to Aave LLC. The deprecation of all Layer 2-to-Layer 2 bridging routes remains a critical metric for security posture.