Aave liquidates remaining rsETH positions tied to Kelp DAO exploit
Automated liquidators repaid undercollateralized loans on Aave, seizing the attacker’s rsETH collateral tied to the Kelp DAO exploit and removing protocol exposure.
Aave’s lending protocol liquidated the remaining rsETH-backed positions tied to the attacker who exploited Kelp DAO, removing the protocol’s outstanding exposure to those collateralized loans. The transactions were executed on-chain after the positions became undercollateralized.
On Aave, loans are monitored by automated risk parameters. When a borrower’s health factor falls below the required threshold, third-party liquidators can repay part of the debt and claim discounted collateral. In this episode, liquidators repaid portions of the attacker’s borrows and seized the associated rsETH tokens.
Blockchain records show the attacker moved funds through several addresses and protocols after the Kelp DAO exploit, then opened borrow positions using rsETH as collateral on Aave. When the value of the collateral fell relative to the outstanding debt or breached protocol limits, automated liquidators executed the repayments and claimed the collateral. The seized rsETH tokens left the attacker’s control as part of those transactions.
rsETH represents restaked or wrapped forms of staked ether used by staking and restaking services. These tokens can be accepted as collateral on lending markets, but price swings and liquidity shifts can change loan health and trigger liquidations when collateral values diverge from borrowed amounts.
The Kelp DAO exploit originated from a vulnerability in the DAO’s contracts that allowed an attacker to move funds from the protocol. The stolen assets were routed across multiple protocols in a short timeframe; some were later used as collateral on Aave, where the liquidation events occurred.
The liquidations removed Aave’s immediate exposure to the specific rsETH-collateralized loans. Recovering funds for Kelp DAO depends on separate on-chain tracing, legal actions or agreements among affected parties and is not achieved by the Aave liquidations alone.
Security researchers and on-chain analysts continue to monitor addresses linked to the exploit and the resulting flows through lending and decentralized finance infrastructure. It remains unclear whether the seized rsETH will be auctioned, retained by liquidators, or deployed in any recovery process.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
