최종 수정 방안 공개, Aave 부실채권 사태 드디어 마무리 단계

Author | Azuma (@azuma_eth)

The Aave bad debt saga, which has been unfolding for over a week, is essentially coming to an end.

With DeFi United having raised sufficient funds to resolve the issue (132,704 ETH worth approximately $302 million as of press time), Aave officially released a technical implementation plan on the afternoon of April 28th to repair the rsETH collateral situation and restore normal market operations.

• Odaily Note: For context, refer to "DeFi Hacked Again for $292 Million; Is Even Aave No Longer Safe?"; "The Three-Way Game Under a $290 Million Hole: Who Pays - Aave, L0, or Kelp?"; "Aave is Forfeiting the DeFi Lending Throne Through Its Own Folly".

Background Recap

Details of how Kelp DAO had 116,500 rsETH stolen are no longer necessary. The key is where the stolen funds went after the breach.

After succeeding, the hacker first distributed the 116,500 rsETH across multiple addresses. A portion was deposited as collateral into Aave V3 on Ethereum mainnet to borrow WETH. Another portion was bridged to Arbitrum and similarly used as collateral on Aave there to borrow WETH. The remaining smaller portion was transferred via other channels.

Currently, seven hacker-linked addresses still hold active rsETH collateral positions on Aave and Compound, accounting for approximately 107,000 of the originally stolen 116,500 tokens.

Solution

To achieve the remediation goal, Aave set two targets in its proposed implementation plan. The first is to restore the collateral backing for rsETH. The second is to clean up affected positions in lending markets like Aave and Compound to recover the approximately 107,000 rsETH over-collateralized assets, thereby repairing the damaged market.

Let's first discuss the first objective – restoring the collateral backing for rsETH.

Essentially, rsETH is currently in an 'insolvent' state. While the underlying staked ETH remains intact, the hacker has exited via borrowing against it. This shortfall has caused the redemption price of rsETH against ETH to 'de-peg'.

Therefore, Aave stated that to restore rsETH's collateral backing, the conversion ratio between rsETH and ETH needs to be brought back to 1:1.07. This will be facilitated by DeFi United, which has now secured sufficient ETH commitments to restore the system's full operation. Final execution, however, depends on governance approval, timing, and the signing of relevant agreements.

If the plan proceeds smoothly, DeFi United will deposit ETH into rsETH's bridge lock contract (RSETH_OFTAdapter 0x85d456b2…98ef3) to fully restore the collateral backing for rsETH. The specific process is as follows:

• Convert DeFi United's ETH into rsETH in batches;
• Transfer these rsETH into the relevant lock contract;
• Enable the bridge system to safely resume and operate fully;
• LayerZero and Kelp DAO will implement additional security measures to ensure the bridge's safety post-restoration.

Now, onto the second objective – cleaning up affected positions in the lending market.

Once rsETH's collateral backing is restored, theoretically, there should be no bad debt in Aave's lending markets (as collateral value would exceed borrowed value). However, several abnormal collateral positions linked to the hacker still need to be cleaned up (estimated to recover 13,000 ETH) to restore normal market operations.

For this, Aave stated it will initiate governance proposals on Ethereum and Arbitrum sequentially to clean up abnormal positions through a 'controlled liquidation process'. The specific resolution process is:

• Temporarily adjust the rsETH oracle price to trigger efficient liquidations;
• Temporary deficits may occur during liquidation (to be covered in subsequent steps);
• Recovered rsETH collateral will be transferred to a multi-sig address managed by DeFi United.

Aave emphasizes that the above parameter adjustments are temporary measures solely for restoration execution. All adjustments will be reverted upon completion and will not have long-term impacts on the Aave protocol. During the resolution period, WETH and rsETH deposits on Ethereum mainnet, Arbitrum, Base, Mantle, and Linea will remain frozen.

The ideal state after liquidation completion is: The rsETH price oracle will be restored; recovered rsETH will be redeemed for ETH via the standard Kelp DAO redemption process; this ETH will be used to fill the deficits in Aave's Ethereum and Arbitrum markets.

As for Compound, a similar clean-up approach will be taken. With liquidity support from DeFi United, it is expected to recover an additional approximately 16,776 ETH.

Once both main objectives are effectively completed, Aave will lift the pause and freeze statuses for rsETH and ETH in all affected markets, followed by restoring Loan-to-Value (LTV) ratio parameters for ETH and other assets.

Pending Issues

Aave added that while the above plan aims for remediation without socialized losses, several uncertainties remain.

First, although sufficient ETH commitments have been secured, fund deployment still depends on final agreements and governance approval. Second, the cleanup of affected positions relies on the smooth passage and execution of governance proposals. Third, deliberate interference by the attacker could prevent the full formation of deficits, requiring additional liquidation steps. Fourth, while LayerZero and Kelp have deployed additional security measures, residual risks persist until verified in a production environment.

Regardless, the "Kelp DAO hack, Aave bad debt" incident that has troubled the DeFi market for a while seems to be reaching its conclusion. The next step is to observe whether the plan proceeds as expected in a real-world environment.

As Andy, founder of The Rollup, commented: "The next few days are crucial for DeFi. The task is immense and must be executed both quickly and safely. It is not just a technical challenge, but a test of social coordination. It feels surreal to witness this unfolding in real-time."

Hopefully, luck is on DeFi's side.