- Aave publishes rsETH restoration plan.
- Impacted users should get their funds back in full.
- The plan comes with some risks.
Aave and Compound are moving closer to plugging the $246 million hole left by the Kelp DAO hack.
On Tuesday, DeFi United, a coalition of several protocols that includes the top decentralised finance lenders, published a technical implementation for restoring the backing for rsETH, the token stolen in the attack.
“DeFi United has secured sufficient ETH commitments to restore full backing,” Aave said in the outline, adding that the plan is to restore rsETH backing without socialising losses among the protocol’s users.
On April 18, North Korean hackers stole $293 million from Kelp DAO by tricking the protocol into releasing unbacked rsETH tokens.
The attackers deposited some of these tokens as collateral on Aave and Compound, then borrowed large amounts of Ether, leaving the pair with a combined $246 million in bad debt.
If DeFi United’s plan is successful, Aave and Compound users whose assets were withdrawn by the hackers using the dummy rsETH collateral will get them back in full.
The Kelp DAO hack is one of several major crypto thefts in recent months.
The spree has sparked a crisis of confidence within the DeFi community, with many industry insiders questioning if the trade-offs inherent in decentralised technology are worth the trouble.
Restoring the backing
DeFi United will start restoring rsETH’s backing by converting committed Ether into the asset in multiple tranches.
This will replenish rsETH’s backing so that every token in circulation will once again be fully collateralised by real Ether.
At the same time, the $246 million worth of rsETH still sitting in the hacker’s positions on Aave and Compound will be cleared via controlled liquidations, Aave said. To do this, the protocols will temporarily lower the oracle price of rsETH via governance votes to enable the liquidations.
Oracles are trusted data feeds that publish the prices of crypto assets on blockchains. DeFi protocols like Aave rely on them to know how healthy lending positions are.
Potential risks
While the plan is fairly straightforward, there are some potential risks, Aave said.
Liquidating the hacker’s positions requires governance proposals to pass and execute correctly on both Ethereum and Arbitrum, the layer 2 blockchain where the hacker sent some of the stolen funds. This, and other parts of the plan, are subject to governance votes among the respective protocols’ DAOs.
There’s also a chance the hacker could try and sabotage the recovery.
“Deliberate interference by the attacker could result in incomplete deficit accrual, requiring additional liquidation steps to fully resolve the positions,” Aave said.
Aave and DeFi United plan to start executing the rsETH recovery in the coming days, Aave Labs CEO Stani Kulechov said on X.
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.
