DeFi’s Biggest Hack Draws Industry-Wide Response as Relief Effort Hits $300M Target
The crypto industry has mobilised to contain fallout from one of decentralised finance’s most severe exploits. As first reported by Decrypt, DeFi United—a coordinated relief effort backed by Aave founder Stani Kulechov—has raised approximately $303 million in contributions aimed at restoring the rsETH token stolen in Kelp DAO’s $290 million hack this month.
The relief effort marks a rare show of unity across competing DeFi protocols, with major players including Consensys and the Avalanche Foundation committing significant sums. Yet the operation remains fragile, hinging on a series of governance approvals that could take weeks to finalise.
How the Exploit Unravelled Aave’s Liquidity
On April 18, attackers linked to North Korea exploited Kelp DAO’s system, stealing rsETH and using it to borrow massive amounts from Aave. The unbacked borrowings created an immediate liquidity crisis: as depositors rushed to withdraw funds, stablecoin utilisation rates on Aave spiked to near 100%, threatening the platform’s operational stability.
The breach exposed a structural vulnerability in DeFi’s interconnected architecture. When large amounts of collateral evaporate, smaller protocols can face cascading withdrawals and potential insolvency. Aave’s prominence in the ecosystem meant the contagion risk spread across the entire sector.
By Monday, DeFi United had accumulated 132,650 ETH—valued around $303 million at prevailing prices—enough to theoretically cover the stolen rsETH. Consensys alone contributed 30,000 ETH, while Tron founder Justin Sun pledged $20 million in USDT stablecoin to ease Aave’s immediate liquidity strain.
The Governance Hurdle: Weeks Away from Resolution
The relief effort’s success hinges on token holders at multiple protocols approving fund contributions. Arbitrum’s security council has frozen 30,765 ETH that attackers left exposed, but moving those funds requires a governance vote expected to take approximately 49 days. Other protocols including Mantle, Ether.Fi, and Lido must also vote to release their committed funds.
This dependency on decentralised governance introduces significant execution risk. DeFi United’s own website acknowledges the effort is “not guaranteed to be successful,” a tacit admission that even with $300 million pledged, protocol DAOs could still vote against participation.
The stablecoin situation offers a measure of relief. By Monday, USDT and USDC utilisation rates on Aave had eased to around 92%—down from the 100% ceiling that characterised the previous week—suggesting the immediate liquidity crisis has stabilised, though pressure remains.
What the Hack Reveals About DeFi Risk Management
The Kelp DAO exploit has forced the industry to reckon with systemic fragility. When a single protocol can drain hundreds of millions from major lending platforms, the fundamental assumptions underlying DeFi’s decentralised model face serious questions.
Regulators monitoring DeFi’s growth will likely scrutinise how such losses accumulate across platforms and whether disclosure requirements should change. The SEC and other authorities have watched similar cascades in traditional finance—and the parallels are uncomfortable for an industry built on avoiding centralised oversight.
The relief effort itself demonstrates both DeFi’s resilience and its limitations. Major players can coordinate quickly to prevent total collapse, but they cannot do so without governance delays and execution risks that a traditional financial backstop would eliminate. Whether DeFi United succeeds in fully restoring rsETH will determine whether this model of mutual aid scales to future crises.