Back

Lending giant broadens token listing standards to include cybersecurity and architecture

Aave states the KelpDAO attacker’s rsETH positions were fully liquidated and recovery funds exceed $320 million, while Aave Labs expands risk reviews to cover interoperability, cybersecurity, and asset architecture after the incident.

ETH
LINK
ARB

Fact Check
All three components of the claim are confirmed by primary sources. The CoinDesk article (May 5, 2026) explicitly states Kelp migrated rsETH from LayerZero's OFT standard to Chainlink's CCIP. The LayerZero official postmortem confirms the exploit amount (~$290M, consistent with the $292M figure cited) and attributes it to DPRK's Lazarus Group (North Korean hackers). The official KelpDAO X post and the ChainLinkGod post (a known Chainlink community liaison) both corroborate the CCIP migration. The minor discrepancy between $290M and $292M across sources is immaterial and likely reflects rounding or timing of asset valuation. No conflicting evidence was found on any of the three core claims.
Summary

Aave said it completed liquidation of the KelpDAO attacker’s rsETH-backed positions on Ethereum and Arbitrum following the April exploit that stole about 116,500 rsETH, initially reported at roughly $292 million and later cited as about $293 million. Aave said recovery funds now exceed $320 million, with collateral moved to the Recovery Guardian multisig managed by DeFi United to support rsETH reserve restoration and compensation for affected users. In response to the incident, Aave Labs said it will broaden its asset listing and collateral risk framework to assess cross-chain interoperability, cybersecurity flaws, and asset architecture, with Linda Jeng outlining the changes at Consensus Miami 2026. Related recovery efforts include a DeFi United rescue plan involving Lido Finance, EtherFi, and Ethena, Lido’s statement that EarnETH users will be fully covered after Snapshot quorum approved first-loss protection, and Kelp DAO’s migration of rsETH from a LayerZero-based setup to Chainlink CCIP.

Terms & Concepts
  • rsETH: Kelp DAO’s restaked Ether token, central to the exploit, subsequent Aave liquidations, reserve restoration efforts, and post-incident risk reviews.
  • Collateral risk: The risk that assets posted to secure borrowing may lose value, become impaired, or fail structurally in ways that threaten protocol solvency or user protection.
  • Interoperability: The ability of different blockchain systems, protocols, or bridges to work together, which can also introduce cross-chain security and operational risks.