Kelp DAO and Aave have closed out the recovery process for the rsETH exploit, Cointelegraph confirmed on May 13, 2026. The attacker's rsETH tokens have been burned, and the protocols will progressively refill 117,132 rsETH into the affected pool over the next two weeks.
The post follows weeks of coordination between Kelp DAO, Aave governance, and external security advisors after the exploit drained a significant chunk of restaked ETH from rsETH markets earlier in the spring.
The Burn Is the Punchline
Burning the exploiter's tokens is the cleanest possible outcome for users still holding rsETH. It means the attacker cannot redeem any portion of the stolen value, and the protocol does not have to socialize losses across remaining holders.
The mechanic relies on the fact that rsETH is a wrapped, governable token. Once the attacker's address was identified and the tokens isolated, Kelp's contracts and Aave governance had the authority to retire those tokens permanently. That option does not exist with most native assets, which is one reason restaked tokens have a tighter recovery toolkit than, say, a stolen ETH balance.
The Refill Schedule
The 117,132 rsETH figure refers to the amount being put back into the pool, not a one-shot mint. Kelp DAO is staggering the refill over two weeks, which limits the immediate market impact on rsETH supply and gives liquidity providers time to rebalance.
Progressive refills also reduce the risk of a second exploit. A single large mint into a contract that has just gone through emergency patches is a higher-risk action than smaller incremental top-ups across multiple transactions.
For depositors who were sitting on a partially backed rsETH balance, the schedule means recovery to full backing happens in tranches rather than overnight. The price of rsETH against ETH should converge as each tranche lands.
Aave's Role in the Recovery
Aave was the largest external venue for rsETH at the time of the exploit, with substantial sums supplied as collateral and borrowed against. That meant Aave depositors carried direct exposure to any haircut on the rsETH-to-ETH peg.
Aave's role in the recovery was twofold. The DAO froze rsETH markets during the incident to prevent cascading liquidations, and its risk teams coordinated with Kelp on the parameters of the refill so that loans collateralized by rsETH did not get force-liquidated as the peg recovered. Without that pause, the exploit could have triggered a wave of liquidations completely unrelated to the original attack.
This kind of cross-protocol coordination is something DeFi has gotten better at over the past two years. A 2023-era incident on this scale would likely have left depositors with a permanent loss. The willingness of Aave governance to act quickly here is a meaningful signal for any liquid restaking token that uses the protocol as its primary borrowing market.
Restaking Risk Did Not Get Easier
The cleanup does not erase the underlying lesson. Liquid restaking tokens stack contract risk on top of validator risk on top of underlying asset risk. Every additional layer is another surface where an attacker can find a flaw.
For users, that means the convenience of earning restaking yield through a single token comes with smart contract exposure that goes beyond the base layer. Kelp's recovery shows the system can heal from a major incident, but it does not eliminate the risk that the next incident might not have a clean burn-and-refill solution.
The broader restaking and security context remains tense. April 2026 saw $635M in exploit losses across 28 incidents, with restaking and bridge contracts disproportionately represented.
Overview
Kelp DAO and Aave have wrapped up the recovery for the rsETH exploit by burning the attacker's tokens and committing to refill 117,132 rsETH over the next two weeks. Aave's earlier decision to freeze the affected markets prevented liquidation cascades, and the progressive refill schedule should let the rsETH peg converge cleanly. For depositors, this is about as good an outcome as a major restaking exploit allows. The risk model around liquid restaking, however, has not changed.
