Jack Paul 
Lending platform Aave has raised approximately $160 million to cover roughly $200 million in bad debt left by the year’s largest decentralized finance exploit, according to a post by blockchain analytics firm Arkham on Saturday. The exploit stemmed from a vulnerability in Kelp DAO’s integration with LayerZero.
Arkham wrote on X that “$AAVE have so far raised $160M to cover the bad debt from the Kelp DAO Exploit, at defiunited.eth.” The largest contributors so far are Mantle and the Aave DAO itself, which together raised 55,000 ETH, worth about $127 million at current prices.
The coordinated recovery effort
Last week, Aave and several major crypto firms announced a coordinated recovery effort called DeFi United, aimed at stabilizing DeFi markets after a $292 million security breach left the crypto borrowing sector’s largest lender facing a significant financial crisis. The effort is led by Aave service providers, and its goal is to restore support for rsETH, the yield-bearing derivative token of ether at the core of the exploit.
Aave founder Stani Kulecho announced his personal contribution of 5,000 ETH to DeFi United, which at ether’s current price of roughly $2,346, is worth about $11.73 million. “I’m personally contributing 5,000 $ETH to DeFi United as we continue working together with partners,” Kulecho said.
How the exploit unfolded
The exploit can be traced back to a vulnerability within Kelp DAO’s integration with LayerZero. An attacker was able to mint 116,500 unbacked rsETH tokens, which effectively left Aave holding impaired collateral. This triggered a rapid run on deposits as lenders scrambled to exit, ultimately withdrawing around $10 billion from the platform. The sudden withdrawal created a liquidity crunch that Aave is now working to resolve.
What the bailout aims to fix
The effort to erase the bad debt is focused mostly on stabilizing the system with a coordinated bailout to recapitalize rsETH and mitigate further losses. It is not about recovering stolen funds directly, but rather about restoring confidence and solvency in the lending market.
For context, the second-largest exploit this year happened in late March, when an attacker drained at least $270 million from the Drift Protocol on Solana. That incident abused a legitimate feature called “durable nonces” rather than exploiting a code bug or stolen keys, showing how varied DeFi security risks can be.