DeFi protocols roll out emergency exit for Aave ETH lenders after Kelp DAO bridge exploit

A forged cross-chain message on the Kelp DAO bridge saddled Aave with hundreds of millions of dollars in potential bad debt. Within 48 hours, a group of DeFi projects responded by shipping an emergency exit route designed to help Aave ETH suppliers unwind positions while WETH withdrawals remain constrained. Fluid, a DeFi DEX and lending protocol, teamed up with Lido Finance, Ether.fi, 0x Protocol, 1inch and KyberNetwork to provide routing that lets Aave users swap aWETH into liquid staking collateral such as wstETH or weETH when direct exits are unavailable. Users can either fully leave or shift to alternative collateral types. The Kelp DAO vulnerability has been cited as leading to about $290 million in losses. On-chain data show that in the first 48 hours after the tool went live, Aave processed 58,510 aWETH, valued at roughly $136 million, out of its frozen WETH pool. A Dune dashboard for Fluid is being released. Fluid says the infrastructure was built in under 24 hours after Aave's ETH utilization hit 100% following the April 18 attack on Kelp DAO's rsETH bridge adapter. The setup enables Aave ETH lenders to swap aWETH for wstETH or weETH in a single transaction, with an implied discount of about 2.21% per 1,000 aWETH. Sergej Kunz, co-founder of 1inch, noted that trading aWETH on secondary markets before maturity has seen pricing nearly 23% below face value. Two primary use cases are supported. For lenders, aWETH can be converted into wstETH or weETH collateral and then withdrawn. For borrowers, collateral can be rotated from ETH into wstETH or weETH while keeping the debt unchanged, allowing users to exit previously locked positions or continue holding yield-bearing collateral on Aave. Mechanically, lenders deposit aWETH into Fluid's Lite ETH vault and receive wstETH or weETH. The vault uses the incoming aWETH to repay part of its WETH debt on Aave, netting out the liability without pulling WETH out of Aave's liquidity pool. Fluid says this is possible because it is the largest single participant in the Aave WETH market. Its Lite vault circular position represents roughly $1.5 billion in ETH debt. By taking on that outstanding debt, the protocol says it is not adding new directional risk, but rather swapping one LST claim for another, aiming to reduce losses for exiting lenders while lowering treasury exposure to borrowing risk in a supply-constrained market. In the consortium, Lido and Ether.fi provide LST liquidity, 1inch supplies the front end, and 0x and Kyber handle order routing. The withdrawal guide recommended by the Aave DAO now points affected WETH providers to Fluid routing. "ETH utilization on Aave has reached 100%, leaving lenders with no recourse," said Fluid founder and CTO Samyak Jain. "Fluid built the infrastructure and is ready to scale support for ETH lenders within hours." Attack details On April 18, an attacker exploited a vulnerability in Kelp DAO's LayerZero-based rsETH bridge adapter and illegitimately minted 116,500 rsETH worth about $293 million, roughly 18% of circulating supply, without an equivalent amount being locked on Ethereum. The attacker then used the unlocked rsETH as collateral to borrow about $236 million in WETH on Aave V3 and V4, after which the market was frozen. As lenders rushed to withdraw before any default was confirmed, Aave's WETH utilization rate hit 100% within hours, disrupting the passive withdrawal mechanism. Variable borrowing rates spiked into triple digits and WETH began trading at a discount on secondary venues. Aave's risk team estimated in its April 20 Incident Report that the bad-debt outcome could range from $123.7 million to $230.1 million depending on how claims against the undercollateralized rsETH L2 adapter are allocated. Kelp DAO and LayerZero continue to dispute responsibility. In an April 19 statement, Kelp said the 1:1 DVN configuration on the bridge was the documented default in LayerZero's Quickstart guide and was reaffirmed as appropriate by LayerZero during Kelp's L2 expansion. LayerZero attributed the vulnerability to the TraderTraitor subgroup of the Lazarus Group, linked to North Korea, and said it will no longer allow new OFT deployments to use the 1:1 DVN configuration. Composability at work The same composable architecture that allowed the exploit's effects to propagate across Aave, Compound, Fluid and other venues also enabled the emergency redemption route to be assembled in less than a day. aWETH functions as a standardized receipt token, while wstETH and weETH are standardized liquid staking tokens. Aave's public, permissionless repayWithATokens function allows aggregators to source liquidity from any exchange. Fluid's approach combines these building blocks without governance votes, treasury spending or new counterparty arrangements. It does not reduce Aave's modeled bad debt, reverse the attacker's borrowing, or resolve the LayerZero-Kelp dispute. It offers an alternative exit path for lenders who would otherwise wait for socialized outcomes or accept deeper market discounts. Fluid said it has enough capacity in production and is in talks with additional partners.