Aave, the industry’s leading lending protocol, has officially completed the forced liquidation of the remaining positions held by the Kelp hacker. The rsETH assets were liquidated as part of a finalized recovery plan aimed at restoring protocol solvency and compensating affected users.
The Mechanics of Liquidation: A DAO-Driven Solution
The attacker’s positions were spread across Aave deployments on both Ethereum and Arbitrum. Neutralizing these holdings required direct intervention from the protocol’s governance:
- Governance Vote: Over 90% of token holders supported the recovery proposal.
- Oracle Adjustment: To force the liquidation, the DAO temporarily modified the rsETH price oracle parameters to create an artificial collateral deficit in the hacker’s accounts. Once the procedure was complete, the parameters were restored to their original market values.
- Fund Management: The recovered assets have been transferred to a dedicated multi-signature wallet managed by the DeFi United fund. These funds are earmarked for re-collateralizing rsETH and compensating victims.
The Battle for 30,000 ETH: US Court Intervention
While the liquidation on Aave was successful, the broader DeFi United initiative has hit a significant legal snag. To date, the fund has attracted over $320 million, a massive portion of which consists of assets frozen by the Arbitrum network (30,766 ETH).
Although the Arbitrum community voted overwhelmingly (90.5%) to transfer these funds to the recovery pool, a New York court has intervened.
The Court Injunction: The court prohibited Arbitrum from moving the coins. The assets are being claimed by victims of North Korean state-sponsored terrorism, stemming from incidents dating back to 2015.
The Conflict of Interest:
- Aave’s Stance: The project representatives have labeled the court’s logic as “legally unsound” and are demanding the restrictions be lifted.
- Plaintiffs’ Stance: Attorneys for the North Korean victims have questioned the legal standing of a DeFi project to contest the freezing of these assets.
A Turbulent Context: The May Exploit Wave
The fallout from the Kelp exploit is unfolding against a backdrop of heightened security risks in the DeFi sector. On May 7, the market maker TrustedVolumes was exploited for $6 million.
This heist marks the fifth major hack since the start of the month, highlighting the ongoing vulnerability of the ecosystem even as communities coordinate more effectively to recover stolen funds.
