The decentralized finance (DeFi) ecosystem is going through a crisis of trust after the Kelp DAO hack. However, protocols, issuers and communities have begun to implement measures to contain the impact, stabilize liquidity and limit the spread of risk.
The attack, which occurred on April 18, did not exploit a flaw in smart contracts, but rather the messaging infrastructure cross-chain (interchains) of LayerZero. By manipulating communication nodes (RPC), The attackers managed to validate malicious transactions and generate assets without backupwhich were later introduced into different ecosystem protocols.
The contagion reaches Aave and strains liquidity
The main collateral impact was recorded in Aave, where The attacker used nearly $292 million in rsETH as collateral to borrow about $236 million in WETH. As a result, the Ethereum pool reached 100% utilization, limiting user withdrawals.
rsETH is a liquid restaking token widely integrated into the ecosystem, used as collateral in multiple protocols and validated by oracleswhich amplified the scope of contagion by being present in leveraged strategies within different markets.
In parallel, HE they estimate outflows for approximately $5.4 billion in ETH of the protocol, in a context of growing concern about the quality of the collateral used and the risk of bad debt within the protocol.
The event also ha provoked a shift of capital within the DeFi ecosystemwith a redistribution towards protocols perceived as less exposed to systemic risk and with a lower level of interconnectivity.
Measures to contain the impact
Faced with this scenario, different actors in the ecosystem have implemented actions to stop the deterioration. Aave froze rsETH markets to reduce exposure to the compromised asset, while Arbitrum DAO intervened by updating bridge-linked contracts, aiming to protect funds and limit the spread of the attack.
In addition, other key figures in the ecosystem have begun to structure a coordinated rescue fundas reported by CriptoNoticias. Lido DAO proposed to contribute up to 2,500 stETH, conditional on covering the total deficit, while EtherFi committed 5,000 ETH. Adding to these efforts is Stani Kulechov, founder of Aave, who advertisement a personal contribution of 25,000 ETH.
Along these same lines, Golem Foundation and Golem Factory they joined with a joint contribution of 1,000 ETH from their treasuriesin coordination with Aave and other participants in the scheme. The shared goal is to strengthen rsETH support and facilitate an orderly resolution for affected users.
It should be noted that Aave too public a proposal to join the rsETH recovery effort. The strategy proposes a contribution of 25,000 ETH from the DAO treasury, along with another 14,570 ETH already committed by different actors. Added to this is an additional line of credit of up to 30,000 ETH proposed by Mantle, a layer 2 network on Ethereum, in a context where the remaining deficit is around 75,081 ETH.
The initiative, called “DeFi United”, jointly seeks cover a deficit that exceeds 75,000 ETH, with commitments already close to 43,500 ETH between direct contributions, lines of credit and treasury funds still under negotiation.
Controversies in DeFi paradise
The episode has reopened debates within the sector. The intervention of governance mechanisms, such as in the case of Arbitrum, has raised questions about the limits of decentralization in crisis situations. At the same time, Discussion persists over responsibility for the incidentbetween the configuration of the affected protocol and the design of the infrastructure used.
Likewise, the use of liquid restaking tokens (LRT), such as rsETH, has highlighted the risks associated with the high interconnectivity of the ecosystem, where A failure at one point can quickly be amplified across multiple protocols.
Beyond the measures implemented, the episode has tested DeFi’s ability to respond to systemic risk events. The actions taken so far reflect attempts to contain the immediate impact, while the sector evaluates long-term implications in terms of trust, risk management and interconnectivity between protocols.
The case reinforces a key reading: part of the risk is not only found in smart contracts, but in the underlying infrastructure – such as cross-chain messaging and verification systems – whose complexity makes it difficult to directly supervise.