Five weeks to rebuild trust after a nine-figure hack is either a triumph of DeFi resilience or proof that "trustless" systems still need someone to write the check when things break.
The Summary
- Kelp DAO restored rsETH operations after a $292-293 million exploit, with Aave and Kelp refilling approximately 116,000 rsETH to make users whole
- Mints, redemptions, and rewards operations are running smoothly since withdrawals reopened earlier in May
- Exchange inflows of rsETH spiked following the exploit, signaling either panic selling or strategic repositioning by holders
The Signal
The rsETH recovery is a case study in what happens when "code is law" meets "we actually need to fix this." Kelp DAO's liquid staking token lost nearly $300 million in an exploit, and the protocol didn't just fold. Instead, Aave and Kelp stepped in to refill the tank with 116,000 rsETH tokens. That's not a small gesture. At current ETH prices, that's real capital deployed to restore confidence.
This wasn't a bailout in the traditional sense. No government stepped in. No FDIC coverage. But it also wasn't pure code execution. Somewhere between those extremes sits the reality of DeFi in 2026: protocols are expected to have contingency plans, and major stakeholders are expected to honor them when catastrophic failures hit.
"Five weeks from exploit to full restoration is either remarkably fast or a warning sign that the underlying risks were never properly priced."
The mechanics matter here. Liquid staking derivatives like rsETH are supposed to give you staking yield while keeping your ETH liquid. You deposit ETH, you get rsETH, you can trade or use rsETH in DeFi while your underlying ETH earns validator rewards. When an exploit drains the backing, that entire model breaks. The token becomes unmoored from its peg. Exchange inflows spiked after the hack, which tells you exactly what holders thought about their odds of recovery.
Key recovery timeline and actions:
- $292-293M exploit hits Kelp DAO protocol
- Aave and Kelp commit to refilling 116,000 rsETH
- Withdrawals reopen in early May 2026
- Full operations restored within five weeks
That timeline is fast. Fast enough to suggest the protocol and its backers had skin in the game and resources ready. Mints, redemptions, and rewards are now running normally, which means users can treat rsETH like it's business as usual. But the spike in exchange inflows after the exploit tells a different story: trust, once broken, doesn't fully heal just because the books balance again.
The Implication
If you're building on liquid staking derivatives or holding them, this is your stress test. The question isn't whether exploits can happen. They will. The question is whether the protocol and its ecosystem partners have the capital and will to make users whole. Kelp and Aave did. Not every protocol will. Price that risk accordingly.
For the broader DeFi ecosystem, this recovery sets a precedent. Users now have evidence that a major LST can get exploited, get refilled, and get back online in five weeks. That's either bullish for DeFi resilience or a sign that the real backstop isn't code, it's the balance sheets of the entities running the show. Watch how other protocols respond to the next exploit. The playbook just got written.