Aave DAO is weighing a proposal to commit 25,000 ETH to an industry-backed rsETH recovery effort after the April 18, 2026 exploit tied to Kelp’s LayerZero-powered bridge triggered a broad DeFi loss event. The ask is large, but the more revealing number is the structure around it: Aave’s proposed contribution would cover roughly one-third of the remaining 75,081 ETH shortfall, while outside pledges have already crossed 43,500 ETH. That makes this more than a bailout debate. It is a live test of how DeFi socializes losses, protects depositors, and rewrites collateral standards after a cross-protocol failure.
Proposal centers on a 25,000 ETH treasury backstop
An Aave governance post published on April 24, 2026 says service providers and ecosystem participants are coordinating a recovery effort called “DeFi United” to close the remaining ETH backing shortfall tied to rsETH and wrsETH exposure on Aave V3. The proposal recommends that Aave DAO approve a 25,000 ETH treasury commitment as part of that plan. A separate governance response argues the math is workable but says disbursement should be conditioned on stricter collateral reform, including safety tiering, automated tier degradation, and mandatory dependency mapping for derivative collateral.
The numbers matter. Aave forum discussion pegs the original shortfall at 163,183 ETH, with 87,955 ETH already recovered or considered recoverable, leaving a residual gap of 75,081 ETH. On that basis, a 25,000 ETH commitment would cover about 33.3% of the remaining hole. That is meaningful, though not dominant. It also means the proposal is less about single-protocol rescue and more about anchoring a wider capital stack that includes donations, credit facilities, and potentially future revenue support.
The incident began on April 18 and Aave moved within minutes
Aave’s initial incident notice states that on April 18, 2026, the Guardian was alerted to a potential exploit involving rsETH and began freezing rsETH and wrsETH markets across all listed deployments starting at 18:52 UTC. A later incident report says the Protocol Guardian began freezing all rsETH and wrsETH reserves at approximately 19:00 UTC on April 18, setting loan-to-value to zero while allowing existing positions to remain repayable and liquidatable. Aave stressed that all pools remained operational and that the issue did not stem from a vulnerability in the Aave protocol itself.
That distinction is crucial. According to Aave’s April 20 incident report, Ethereum mainnet rsETH did not appear directly affected by the bridge backing gap because mainnet rsETH is backed by Kelp’s underlying ETH staking deposits rather than the bridge adapter used for L2 copies. Still, the report warned that any later loss socialization or recovery decisions by Kelp could affect mainnet rsETH backing indirectly. In plain English: the token design was segmented, but governance and balance-sheet decisions could still transmit damage across the stack.
Aave’s direct exposure shows why the recovery ask is so politically sensitive
The April 20 report lays out the attacker-linked positions in unusual detail. Of the 116,500 rsETH received by the attacker, 89,567 rsETH were deposited on Aave, or about 76.9% of the stolen amount. Those deposits backed 82,650 WETH borrowed and 821 wstETH borrowed across Ethereum Core, Ethereum Prime, and Arbitrum. The largest single line item was 53,000 rsETH supplied on Ethereum Core against 52,460.33 WETH borrowed, valued at $131.07 million and $121.29 million respectively in the report. Total attacker-linked Aave exposure reached 89,567 rsETH worth $221.39 million against 82,650 WETH worth $190.86 million and 821 wstETH worth $2.33 million.
That is the underappreciated angle in this story. Most coverage has focused on the headline exploit size or the recovery pledges. The harder question is what the position data says about collateral policy. The collateral-to-WETH value ratio in the incident report works out to about 1.16x, which looks conservative at first glance. It was not conservative enough once the collateral’s backing assumptions broke. This is exactly why some Aave delegates are pressing for a formal safety-tier framework before treasury funds are released.
Outside pledges have already changed the math
Cointelegraph reported on April 24, 2026 that DeFi protocols had pledged more than 43,500 ETH to restore rsETH backing, with participants including Mantle, EtherFi Foundation, Golem Foundation, Lido DAO, Ethena, LayerZero, Ink Foundation, and Tyrdo. The same report says Mantle submitted a proposal to lend up to 30,000 ETH to Aave DAO in return for yield, while EtherFi Foundation proposed 5,000 ETH and Golem entities offered 1,000 ETH. If the 43,500 ETH figure is used against the 75,081 ETH residual gap cited in Aave governance, those outside commitments cover about 57.9% of the remaining shortfall, leaving roughly 31,581 ETH still uncovered before any additional recoveries.
That is why Aave’s 25,000 ETH number looks calibrated rather than arbitrary. It is large enough to anchor confidence, but small enough to fit inside a broader waterfall. Governance commentary on the forum explicitly describes that waterfall as donations first, Mantle credit facility second, and DAO treasury third. Structurally, that reduces the chance that Aave becomes the first-loss absorber for the entire event. Politically, though, it still asks tokenholders to underwrite a failure that originated outside the core protocol.
Treasury capacity is not the same thing as governance comfort
Aave’s April 20 incident report says the DAO treasury held $181 million in assets as of that date, including $62 million in Ethereum-correlated holdings, $54 million in AAVE, and $52 million in stablecoins. The same report says Aave generated $145 million in total revenue during 2025 and had recorded $38 million in revenue, $16 million in net income, and $40 million in operating cash flow year-to-date in 2026. Those figures support the argument that Aave can participate in a recovery package without threatening protocol continuity.
But capacity is not consent. One forum post notes that the rsETH incident could cost the DAO 25,000 ETH, or about $57.5 million at the prices referenced there, plus exposure to credit facilities and future revenue pledges. Another governance thread from April 19 warned that ETH price appreciation could worsen the bad-debt dynamics over time, while also noting that the DAO treasury held about $83 million in that discussion’s framing and that $25 million had already been committed to Aave Labs. Different snapshots, different accounting scopes. Same takeaway: tokenholders are being asked to spend scarce strategic capital under pressure.
The real issue is collateral governance, not just emergency funding
I think that is where the debate lands. Aave’s emergency response was fast and fairly surgical. The Guardian froze rsETH and wrsETH on April 18, the Risk Steward adjusted WETH interest rate models on non-Core markets at approximately 14:30 UTC on April 19, WETH was frozen on key markets at approximately 02:00 UTC on April 20, and Core WETH rate parameters were adjusted again at approximately 05:00 UTC on April 20. Those are the actions of a mature risk operation.
What remains unresolved is whether the listing and parameter framework for derivative collateral was mature enough before the incident. The reform camp inside governance is not rejecting user protection. It is saying the sequence should be reversed: approve support, but bind it to systemic changes. If that condition sticks, the 25,000 ETH proposal could become more than a rescue package. It could mark the point where DeFi stopped treating collateral incidents as isolated accidents and started pricing infrastructure dependency as a first-class risk.
Frequently Asked Questions
What is Aave DAO being asked to do?
Aave DAO is being asked to commit 25,000 ETH from treasury resources to the DeFi United recovery effort tied to the rsETH incident. The proposal was published in Aave governance on April 24, 2026 and is framed as part of a broader ecosystem plan rather than a standalone bailout.
What caused the rsETH recovery effort?
The effort follows the April 18, 2026 exploit involving Kelp’s LayerZero-powered bridge. Cointelegraph reported that 116,500 rsETH were stolen and then used as collateral on Aave V3 to borrow wrapped Ether, contributing to about $195 million in bad debt on Aave. Aave’s own incident notices confirm the exploit timeline and emergency freezes.
How much of the shortfall would Aave’s 25,000 ETH cover?
Based on governance figures showing a residual gap of 75,081 ETH after 87,955 ETH was recovered or deemed recoverable from an original 163,183 ETH shortfall, Aave’s 25,000 ETH would cover about 33.3% of the remaining gap.
How much support has the wider DeFi ecosystem pledged?
Cointelegraph reported on April 24, 2026 that more than 43,500 ETH had been pledged by protocols and foundations including Mantle, EtherFi Foundation, Golem Foundation, Lido DAO, Ethena, LayerZero, Ink Foundation, and Tyrdo. That amount equals about 57.9% of the 75,081 ETH residual gap cited in Aave governance.
Was Aave itself hacked?
No. Aave’s April 18 incident notice says all Aave pools remained safe and fully operational and that the issue was scoped to rsETH rather than a vulnerability in the Aave protocol. The damage came from how exploited collateral interacted with lending markets, not from a direct exploit of Aave core contracts.
What is the biggest unresolved issue now?
The biggest unresolved issue is governance reform around collateral standards. Several Aave governance participants support the recovery but want binding changes first, including structured asset safety tiers, automated tier degradation, and recurring reviews of derivative collateral. That debate may matter more long term than the 25,000 ETH headline itself.
Leave a comment