Following the security breach on KelpDAO’s rsETH bridge, Aave has released a comprehensive status update. The protocol details the technical background of the incident, its impact on Aave, and potential damage scenarios in the new report.
According to the statement, service providers connected to the Aave DAO are currently evaluating potential “bad debt” scenarios that may arise in the protocol and are working in coordination with ecosystem participants to close this gap.
According to the report, the attack occurred on April 18, 2026, on Kelp’s LayerZero V2-based Unichain-Ethereum rsETH route. The attacker allegedly withdrew 116,500 rsETH from the Ethereum adapter using a forged verification packet, then distributed these assets to multiple addresses, collateralizing a portion on Aave V3 and borrowing WETH and wstETH. According to Aave data, the attacker used a total of 89,567 rsETH as collateral on Aave, while borrowing approximately 82,650 WETH and 821 wstETH. A significant portion of these positions were opened on the Ethereum and Arbitrum networks.
Aave specifically stated that the incident did not originate from its own smart contracts. According to the protocol, the security vulnerability stemmed entirely from the external infrastructure to which the rsETH asset was linked, and Aave’s contracts, oracle system, and liquidation mechanisms operated as designed throughout the process. Following the detection of the incident, rsETH and wrsETH reserves were frozen across all Aave V3 distributions, the loan-to-value ratio in the relevant markets was reduced to zero, and new issuance or borrowing transactions were halted. Additionally, the WETH interest rate model across different chains was updated, and further freezing measures were implemented in WETH markets to prevent the spread of new borrowings.
Aave Presented Two Scenarios for Compensation for Damages Incurred
The report examined two main scenarios for potential losses. In the first scenario, if losses were spread evenly across the entire rsETH supply, the total bad debt on Aave could reach approximately $123.7 million. In this case, the largest absolute loss would be seen on Ethereum Core, while the heaviest proportional impact would occur on the Mantle chain. The second scenario assumes that losses are reflected only on rsETH assets on L2. In this case, the total bad debt estimate rises to $230.1 million. According to the report, in this scenario, the greatest pressure would be on WETH reserves on Mantle, Arbitrum, and Base.
According to data shared by Aave, the DAO treasury held a total of $181 million in assets as of April 20, 2026. Of these assets, $62 million consisted of Ethereum-related products, $54 million of AAVE tokens, and $52 million of stablecoins. Furthermore, the protocol reported generating $145 million in revenue throughout 2025, and achieving $38 million in revenue and $16 million in net profit since the beginning of 2026. Aave stated that it relies not only on treasury resources but also on commitments of support from ecosystem representatives.
Another notable point in the report was the liquidity crunch in WETH markets. It was stated that WETH reserves on Ethereum, Arbitrum, Base, Linea, and Mantle have currently reached 100% utilization. This makes it more difficult for liquidity providers to access free WETH during liquidation processes, increasing pressure on the system. Aave said that while the system generally continues to function, external decisions, particularly regarding how the rsETH losses will be distributed, will determine the final outcome.
What to Expect from the Umbrella Mechanism?
In the report published by Aave, the “Umbrella” (also known as the security/insurance module) stands out as one of the critical topics in the context of the rsETH crisis. This mechanism functions as a security layer aimed at protecting certain reserves by activating in cases of “bad debt” that may occur in the protocol.
According to details shared by Aave, the Umbrella module acts as a buffer, specifically for WETH reserves on the Ethereum mainnet (Core). Normally, this module operates through a pool created by staking certain assets, and when the protocol suffers losses, the assets in this pool can be used to cover part of the deficit through “slashing” (deduction).
However, in the context of the current rsETH crisis, Aave has made a notable suggestion regarding the Umbrella module: temporarily suspending it. The main reason behind this is to prevent the module from being activated prematurely and uncontrollably in a potential worst-case scenario (especially if losses spread throughout the entire system), thus preventing the rapid depletion of staked assets.
According to the report, a significant portion of the approximately 23,500 WETH currently staked under Umbrella is in the “unstaking pending” phase. This indicates that investors are preparing to withdraw their funds, raising a potential risk of a bank run.
On the other hand, it is stated that in the second scenario (where losses are limited only to rsETH on L2 networks), the Umbrella module may not need to be activated. This is because this module only covers reserves on the Ethereum mainnet, and losses from L2 networks are outside the scope of this security mechanism.
In conclusion, while Umbrella is seen as an important “last line of defense” that Aave can resort to in times of crisis, in the current situation, keeping it on standby in a controlled manner is considered a safer strategy rather than deploying it directly.
*This is not investment advice.