The recovery effort around Kelp DAO is moving faster than many expected. Almost one month after the major $292 million theft, Kelp DAO and Aave announce that their rsETH operations will resume normal functions.
Kelp DAO confirmed that the 117,132 rsETH stolen during the April 18 attack will be progressively restored over the next two weeks. The funds will move from the Aave Recovery Guardian and the Kelp Recovery Safe into the LayerZero OFT adapter on the Ethereum mainnet.
The protocol also said withdrawals could reopen within 24 hours after the first tranche is completed. The system will resume its operations for deposits and redemptions, bridging, and claims after the smart contracts reach full unpaused status.
Also Read: Arbitrum Moves Toward $71M ETH Unlock Following Kelp DAO Attack
Kelp DAO Strengthens Security After Exploit
After the exploit laid bare the vulnerabilities in cross-chain verification, the overarching security architecture of Kelp DAO is now undergoing modifications.
The protocol said all LayerZero bridge configurations have been upgraded. The new system needs four different attestors to complete verification instead of using a single validator. The system raised block confirmation requirements from 42 to 64 while it eliminated all L2-to-L2 routes.
The KelpDAO is also making the move into the Chainlink CCIP infrastructure, a step aimed at reducing reliance on older bridge mechanisms.
Aave declared that they had burned all exploiter rsETH tokens that were present on Arbitrum during the initial recovery operation. The protocol announced that they would start refilling their LayerZero OFT adapter while resuming rsETH operations throughout the next several days.
Kelp DAO Recovery Faces Legal and Industry Challenges
The attack in April was the most severe DeFi hack of 2026. Most believe that it was done by someone belonging to the Lazarus Group.
The attacker used rsETH, which he had stolen as collateral, to borrow funds on Aave, which resulted in the creation of $190 million in bad debt. The industry-led restitution program DeFi United emerged as a response to the situation, which collected over $300 million in ETH to prevent damage throughout decentralized finance.
The Arbitrum Security Council suspended $72 million, which was associated with the security breach. The legal battles that followed the plaintiffs from previous North Korean terrorism cases wanted to claim the assets, which caused delays in transferring those funds.
Despite the legal problems, a federal court allowed the transfer of ETH for Arbitrum-Aave, even though the funds still cannot be sold or moved without further approval.
LayerZero publicly accepted responsibility for its dangerous 1-of-1 DVN configuration, which enabled risky operations. The company admitted the setup created major security vulnerabilities for high-value transactions.
Also Read: Arbitrum Freezes $71M ETH After Kelp DAO Bridge Hack
