Aave intensified efforts to recover funds linked to April’s rsETH exploit after liquidating the attacker’s collateral positions on Ethereum and Arbitrum. The decentralized lending protocol said the seized assets have now been transferred to a designated Recovery Guardian as part of a governance-approved recovery plan.
“The attacker’s rsETH positions on Aave have been liquidated on Ethereum and Arbitrum,” the protocol said in a post on X. Aave added that regular users were not affected during the process and that its Umbrella protection system continued operating normally throughout the recovery effort.
Recovery plan moves into execution phase
The exploit began on April 18 when attackers targeted the rsETH bridge connecting Unichain and Ethereum. By using a forged transaction message, they managed to release about 116,500 rsETH without locking the equivalent assets on the other side of the bridge. The breach effectively weakened the token’s backing and allowed the stolen funds to spread across multiple decentralized finance platforms.
A significant portion of the assets was later deposited into lending protocols including Aave and Compound, where the attacker used the rsETH as collateral to borrow additional crypto assets on Ethereum and Arbitrum. Recovery teams have since focused on removing those positions from the market while working to restore the token’s backing.
Aave stated the liquidation was executed in line with the technical plan. The protocol temporarily adjusted rsETH price feeds to trigger controlled liquidations, allowing recovery teams to seize excess collateral and convert it back into ETH through KelpDAO’s redemption system.
The recovered assets are now being transferred to a multisignature wallet overseen by members of DeFi United, a group that includes contributors from Aave Labs, KelpDAO, LayerZero, EtherFi, and Compound. The coalition says its main objective is to fully restore rsETH backing while preventing losses from spreading to unaffected users.
Governance vote becomes critical
Governance votes have now become central to the recovery effort. Delegates within Arbitrum recently backed a proposal to release more than 30,765 ETH that had been frozen following the exploit. Aave thanked more than 1,600 wallet addresses representing roughly 190 million ARB tokens who supported the measure, signaling broad community backing for the plan.
Some members of the DeFi community have raised concerns about how long the recovery process is expected to take. Nicksta, a delegate involved in the discussions, warned that the estimated 49-day timeline could increase pressure on users with active lending positions tied to the affected assets.
Others also called for faster action. Griff Green urged recovery teams to move more quickly and provide clearer details on how affected users would be compensated and how potential losses would be handled.
Despite this skepticism, the movement behind the recovery campaign is receiving growing support. This unfortunate event has also brought into focus various security issues associated with blockchain bridges, risk management in lending pools, among others.
Also Read: Crypto Scam Losses in India Surpassed ₹3 Cr in the 1st Week of May 2026
