Arbitrum DAO Votes to Unfreeze 30,766 ETH for DeFi United After Kelp DAO Exploit

The Kelp DAO exploit that destabilized rsETH began on April 18, when an attacker used a forged message to mint approximately 116,500 tokens rsETH without a corresponding burn, then routed the unbacked tokens into DeFi lending.

“Arbitrum DAO has opened a governance vote to release 30,766 ETH toDeFi United, a recovery fund created after the recent Kelp DAO exploit”

BanklessTimes

CoinDesk describes the bridge as “LayerZero-powered” and says the attacker drained “116,500 rsETH (restaked ether) from Kelp DAO,” with the LayerZero bridge drained “at 17:35 UTC over the weekend,” worth about “$292 million at current prices.”

BanklessTimes

The same CoinDesk report says the drained bridge contained the rsETH reserve backing wrapped versions of the token deployed on “more than 20 other blockchains,” and that the attacker “duped LayerZero’s cross-chain messaging layer into believing that a valid instruction came from another network.”

In the aftermath, CoinDesk reports that Kelp’s emergency pause multisig froze the protocol’s main contracts “46 minutes after the successful attempt,” at “18:21 UTC,” while follow-up attempts at “18:26 UTC and 18:28 UTC” were “both aborted.”

FinanceFeeds frames the mismatch as a backing shortfall: “The exploit on April 18 resulted in the release of 116,500 restaked Ether without a corresponding burn,” leaving “a significant gap in rsETH’s backing.”

Criptoinforme similarly ties the crisis to the exploit “ocurrido el 18 de abril, dirigido contra el puente de rsETH operado por Kelp DAO,” and adds that “Cerca de 107.000 rsETH terminaron como colateral en posiciones de préstamo dentro de Aave.”

Across these accounts, the core mechanism is consistent: forged cross-chain messaging enabled the release of large quantities of rsETH without the underlying collateral being properly burned, and the resulting tokens were then used as collateral in major lending venues.

The exploit’s cross-chain design turned a single bridge failure into a broader lending crisis, according to multiple reports describing how rsETH was rehypothecated.

Criptoinforme says the attacker “utilizó un mensaje falsificado para acuñar aproximadamente 116.500 tokens rsETH sin respaldo en ETH,” and that the operation “permitió introducir estos activos en distintos protocolos DeFi, generando un efecto dominó.”

bloomingbit

It adds that “Cerca de 107.000 rsETH terminaron como colateral en posiciones de préstamo dentro de Aave,” which “derivó en una acumulación significativa de deuda incobrable (bad debt) en el sistema.”

CoinDesk provides a more specific mechanics description, stating that “An attacker exploited this setup by forging a transfer message that appeared valid,” and that “The system approved the transfer even though the tokens were never withdrawn from the sending chain.”

CoinDesk then explains the collateralization step: “Rather than selling the assets on the open market, the attacker deposited 89,567 rsETH as collateral on Aave as collateral and borrowed about $190 million in ETH and related assets on Ethereum and Arbitrum.”

FinanceFeeds quantifies the adapter-side mismatch at the time of publication, reporting that “only 40,373 rsETH were held in the adapter contract, compared with confirmed backing for 152,577 rsETH,” implying “a shortfall of about 76,127 rsETH.”

Cointelegraph similarly ties the deficit to the same contract-level numbers, stating “there were only 40,373 rsETH in the adapter contract versus the confirmed backing for 152,577 rsETH,” and calling the gap “about 76,127 rsETH, currently worth about $174.5 million.”

Together, these accounts show that the bridge exploit released unbacked rsETH, and the DeFi lending layer accepted it as collateral, creating bad debt risk and a backing shortfall that required coordinated recovery.

As the rsETH backing deficit rippled through lending markets, the recovery effort shifted from technical containment to governance-controlled fund release.

“Forecast Trend Report by Period Arbitrum governance has opened a vote to release about $71 million worth of Ether as the DeFi industry works to help Kelp DAO recover from a hack in April”

bloomingbit

Criptoinforme says the coalition DeFi United presented “un plan técnico detallado” to restore rsETH’s parity, involving “múltiples protocolos y más de $300 millones en compromisos de capital,” and it describes a staged process to convert compromised ETH into rsETH “en múltiples tramos (tranches)” before transferring tokens to a “lockbox” and “reactivar el puente con respaldo completo.”

FinanceFeeds and Cointelegraph both focus on Arbitrum’s role in freezing and then voting on releasing ETH tied to the exploit.

FinanceFeeds reports that a proposal moved to governance vote to release “30,765 ETH that was frozen by Arbitrum’s Security Council on April 21,” and that the council said “a governance decision is required before any release.”

Cointelegraph similarly describes the governance mechanics, stating the funds would be released in a designated recovery address “0xf22” in a “3-of-4 Gnosis Safe” with signers from “Aave Labs, Kelp DAO, Certora and Etherfi.”

Unchained Podcast adds a timeline detail and the emergency action structure, saying the Arbitrum Security Council froze the ETH “on April 20 after the Kelp attacker moved stolen funds to an Arbitrum One address,” and that “Nine of the council’s 12 members voted to execute the emergency action.”

It also states that “The funds were moved to a DAO-controlled address and can only be released through a formal DAO vote,” turning the stolen ETH into a “test case” for emergency governance.

Across these accounts, the recovery plan depends on governance approvals to move frozen ETH into DeFi United, and the Arbitrum vote becomes the gatekeeper for whether the recovery can proceed.

The governance vote to unfreeze ETH for DeFi United has been framed as a multi-stage process with explicit voting thresholds and early support metrics.

FinanceFeeds says “As of publication, 100% of votes cast supported the proposal, representing 34.2 million ARB tokens,” and it adds that “The voting window is set to close next Thursday,” after which additional governance stages would follow if approved.

CoinDesk

Unchained Podcast reports that “In the first hour, 16.9 million ARB tokens were cast in favor with zero opposing votes,” and it states that “Voting ends on May 7.”

Cointelegraph describes the proposal as calling for a first round “temperature check” via Snapshot, then submission “onchain via Tally as a Constitutional Arbitrum Improvement Proposal (AIP),” and it notes that the proposal called the 30,765 ETH frozen on Arbitrum a “material contribution toward restoring that backing.”

The Crypto Times adds more procedural detail, stating that “The temperature check runs until May 7, 2026,” and that after that “if it passes, the proposal advances to an on-chain vote on Tally.”

It also specifies the Constitutional AIP filing and authorship, saying the Snapshot proposal is “a Constitutional AIP filed on April 25 by Aave Labs as lead author, with Kelp DAO, LayerZero, Etherfi, and Compound as co-authors.”

The Crypto Times further details the safe and indemnification terms, stating the transfer is to “a new 2-of-3 Gnosis Safe” and that “Aave Labs commits to indemnify the Arbitrum Foundation, Offchain Labs, and each individual member of the Arbitrum Security Council.”

Meanwhile, the Crypto Times quotes the council’s rationale for freezing, saying the council acted “with input from law enforcement as to the exploiter’s identity” and “weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications.”

Across these sources, the vote is not just about releasing funds; it is also about how Arbitrum’s emergency powers transition into tokenholder-controlled governance, with explicit numbers for ARB support and detailed multi-signature custody.

The stakes of the Kelp DAO incident are tied to how rsETH’s backing is restored and how bad debt is contained across lending protocols, with multiple reports describing both the scale of the shortfall and the recovery steps.

“The Protocol: Kelp DAO Exploited for $292 Million Also: the DPRK hacks crypto, contagion to Aave and Coinbase via quantum computing”

CoinDesk

Criptoinforme says DeFi United’s plan includes “limpieza de posiciones en Aave” by resolving “ocho posiciones afectadas dentro de Aave, tanto en Ethereum como en Arbitrum,” using “ajuste temporal del precio del oráculo de rsETH,” “ejecución de liquidaciones controladas,” and “redención de rsETH por ETH a través de Kelp DAO,” with the process designed to recover “aproximadamente 13.000 ETH dentro del ecosistema de Aave.”

Cointelegraph

It adds that Compound plans a similar process to liquidate the attacker’s position and “podría recuperar alrededor de 16.776 ETH adicionales,” while the final phase would “normalización del sistema” by “Se reactivarán (unpause) los mercados afectados,” “Se descongelarán activos rsETH y ETH,” and “Se restaurarán los ratios Loan-to-Value (LTV).”

FinanceFeeds and Cointelegraph quantify the backing gap and the partial nature of the Arbitrum contribution, with FinanceFeeds stating the 30,765 ETH frozen on Arbitrum is a “material contribution” but “does not fully close the gap,” and Cointelegraph describing the deficit as “about 76,127 rsETH, currently worth about $174.5 million.”

CoinDesk’s recap adds a broader lending exposure estimate, stating “Aave could suffer up to $230 million in losses after a Kelp DAO bridge exploit triggered chaos in DeFi,” and it reports that the attacker borrowed “about $190 million” in ETH and related assets after depositing “89,567 rsETH” as collateral.

The Crypto Times frames the governance timeline and execution risk, stating the temperature check runs until “May 7, 2026” and that “Under standard timelines, the proposal could reach execution roughly 49 days from forum publication,” while also noting that the proposal is “intended solely to receive recovered ETH and apply it toward restoring rsETH’s economic backing.”

Finally, Criptoinforme emphasizes that execution depends on governance approvals and warns of “Posible interferencia del atacante,” including the possibility that the attacker could “Generar nuevas distorsiones en el mercado,” and it says LayerZero and Kelp DAO have implemented “nuevas medidas de seguridad” that “aún no han sido completamente probadas en condiciones reales.”

Taken together, the next step is Arbitrum tokenholder approval to release the frozen ETH into DeFi United, followed by staged conversions, liquidations, and unpausing of markets to restore rsETH backing and reduce bad debt across Aave and Compound.