Decentralized finance platform Aave has raised approximately $160 million toward covering $200 million in awful debt resulting from a major exploit targeting Kelp DAO, according to blockchain analytics firm Arkham. The effort, led by the DeFi United recovery initiative, aims to stabilize the platform and broader DeFi markets following what has been described as the largest DeFi hack of the year.
The exploit, which occurred on April 18, 2026, involved attackers exploiting a cross-chain bridge vulnerability to steal 116,500 rsETH tokens valued at approximately $292 million. Of these, 89,567 rsETH were deposited as collateral into Aave, enabling the attackers to borrow roughly $190 million in Ethereum and related assets across Ethereum and Arbitrum networks.
Arkham reported on April 26, 2026, that Mantle and Aave DAO were the largest contributors to the recovery effort, collectively raising 55,000 ETH—equivalent to about $127 million. Aave founder Stani Kulechov also participated in the fundraising initiative, which has so far secured nearly 80% of the $200 million needed to cover the outstanding bad debt.
The DeFi United campaign focuses on recapitalizing support for rsETH, the Ether-based token at the center of the exploit, and restoring confidence in Aave’s lending infrastructure. By compensating for the bad debt, the initiative seeks to prevent cascading liquidations and maintain stability within interconnected DeFi protocols that rely on Aave as a core lending layer.
On-chain data from Arkham indicates that the attacker, identified by the address 0x5d3, has continued moving funds in the aftermath of the hack. Between April 21 and 22, 2026, over 106,466 ETH were transferred from this address to external wallets in what appears to be a money laundering effort. The funds were distributed across multiple wallets to obscure tracking, a tactic commonly used in illicit fund transfers.
These movements excluded frozen assets, suggesting the attacker is focusing on liquid, unfrozen holdings to avoid detection. The splitting of funds across numerous addresses aligns with known techniques used to hinder blockchain analysis and complicate recovery efforts by authorities or protocol developers.
Aave, which continues to operate its lending and borrowing services, has not suspended user funds or paused withdrawals as part of the recovery process. Instead, the platform is relying on external contributions through DeFi United to replenish reserves without disrupting ongoing operations.
The incident underscores persistent vulnerabilities in cross-chain bridges, which remain a frequent target for exploits due to their complex smart contract interactions and varying security standards across networks. Despite audits and upgrades, interoperability solutions continue to pose risks that can lead to significant losses when compromised.
As of the latest update, no official timeline has been provided for when the full $200 million will be secured. Yet, the current progress suggests strong community and institutional support for making affected users whole, a principle increasingly emphasized in DeFi governance discussions following major security events.
For ongoing updates on the recovery effort, users and investors can monitor the DeFi United initiative’s public blockchain transactions via Arkham’s explorer or follow official communications from Aave DAO and Mantle’s governance channels.
What are your thoughts on how DeFi protocols should respond to large-scale exploits? Share your perspective in the comments below and aid spread awareness by sharing this article with others interested in the future of decentralized finance.