DeFi United Secures $160M as Industry Moves to Cover Aave Bad Debt Crisis

A coordinated decentralized finance ( DeFi) relief effort has reportedly raised $160 million to cover bad debt created when attackers exploited KelpDAO’s bridge and deposited unbacked collateral into Aave V3 markets on April 18, 2026.

Key Takeaways:

The exploit began at 17:35 UTC, at Ethereum block 24,908,285. Attackers targeted Kelp DAO’s Layerzero V2 bridge on the Unichain-to-Ethereum rsETH route, which was configured as a 1-of-1 DVN with no additional verifiers. They submitted a forged inbound packet that minted 116,500 unbacked rsETH tokens, valued at roughly $292 million at the time, without a corresponding lock or burn on the source chain.

The attacker moved quickly. About 89,567 rsETH, worth approximately $221 million, was deposited as collateral across Aave V3 markets on Ethereum and Arbitrum. The attacker then borrowed around 82,650 WETH, worth roughly $191 million, plus smaller amounts of wstETH.

Positions were left with health factors between 1.01 and 1.03, making full repayment unlikely. Aave‘s smart contracts were not exploited. The bad debt originated entirely from the unbacked external collateral.