Aave models Kelp DAO exploit rsETH bad debt scenarios and L2 risk
Aave’s risk team (LlamaRisk) modeled two “bad debt” outcomes tied to the Kelp DAO exploit over the weekend. Hackers stole 116,500 rsETH (~$293M) from Kelp DAO’s LayerZero bridge and used it as collateral on Aave V3 to borrow WETH.
If losses are shared between Ethereum mainnet and Ethereum L2 rsETH holders (Scenario 1), Aave’s estimated bad debt is about $123.7M, with an estimated ~15% rsETH depeg risk versus ETH. Aave can also use its Umbrella security model, with about $43.7M in aWETH currently in the unstaking cooldown phase.
If the shortfall is concentrated on Ethereum L2s (Scenario 2, including Arbitrum and Mantle), bad debt rises to about $230.1M. In that case, Aave still has roughly $181M in its treasury available to absorb part of the loss.
Kelp DAO said it is assessing the financial impact and coordinating with Aave and LayerZero before safely unpausing. It reported two LayerZero-related nodes were compromised and a third was hit by a DDoS attack. Kelp DAO paused affected contracts on Ethereum and multiple L2s and blacklisted attacker-linked wallets, including an additional ~$95M worth of rsETH.
Bearish
This is not a direct spot hit to ETH, but it raises tail risk for DeFi lending via rsETH collateral. The model shows Aave’s bad debt could jump from ~$123.7M to ~$230.1M depending on where losses land, and scenario 1 also flags ~15% rsETH depeg risk versus ETH. Traders may price in higher probability of liquidity stress on L2 markets (Arbitrum/Mantle) and increased risk-premium for any exposure to rsETH/Aave collateral flows. In the short term, the paused markets and uncertainty around unpausing can pressure sentiment; in the long term, recovery and any depeg/wider contagion risk around rsETH could keep leverage appetite restrained.