Aave founder Stani Kulechov has confirmed that multiple recovery plans are underway following a recent exploit linked to the KelpDAO rsETH incident, with approximately $70 million in ETH already recovered as part of what he described as an orderly process.
The statement came as the Aave protocol moved to contain fallout from the April 20 incident, which prompted emergency actions across multiple networks. An incident report posted to the Aave governance forum outlined the scope of the event and the protocol’s initial response.
What the Aave Founder Confirmed About Recovery
Kulechov’s use of the phrase “orderly recovery” signals a managed, multi-step process rather than a single emergency fix. The founder indicated that multiple plans are being coordinated, suggesting the recovery involves different parties and mechanisms working in parallel.
An orderly approach implies negotiation, governance coordination, and potentially structured timelines rather than a rushed attempt to recover funds all at once. For Aave users and liquidity providers, the language suggests protocol leadership is prioritizing methodical execution over speed.
What Remains Unconfirmed
The exact nature of these recovery plans has not been disclosed publicly. It is not yet clear whether the plans involve direct negotiation with the exploiter, cross-chain asset freezes, insurance mechanisms, or governance proposals for affected users.
The $70 Million in Recovered ETH Is the Only Hard Number
The $70 million figure represents the single most concrete data point in the recovery so far. It provides a measurable benchmark for progress, though it does not indicate what percentage of total affected funds this represents.
The Arbitrum Security Council played a role in the broader recovery effort, freezing $71.5 million in Ethereum linked to a $292 million KelpDAO exploit. That action suggests the total amount at risk was significantly larger than the $70 million recovered so far.
What the Recovered Amount Does and Does Not Prove
The recovery of $70 million in ETH confirms that at least a portion of exploited funds has been secured. It does not confirm that all affected users will be made whole, nor does it establish a timeline for distribution of recovered assets.
If the broader exploit involved $292 million as reported, the recovered amount represents roughly 24% of the total. That gap underscores why Kulechov emphasized that multiple plans are still underway.
Aave’s Immediate Protocol Response
In addition to the recovery efforts, Aave took protective measures across its deployments. The protocol froze WETH on its Prime instance and key Layer 2 networks to prevent further exposure while the situation was being assessed.
These freezes temporarily restrict deposits or borrows for a specific asset to limit contagion. For users with active WETH positions on affected deployments, the freeze means temporary restrictions on new activity involving that asset.
The incident highlights the growing complexity of cross-chain DeFi security. When an exploit touches liquid staking derivatives like rsETH, the ripple effects can reach lending protocols, Layer 2 networks, and governance structures simultaneously, a dynamic also relevant to protocols exploring new frontiers like tokenized real-world asset yield products.
Why Recovery Messaging Matters During DeFi Incidents
The way a protocol communicates during a crisis directly affects user confidence and market behavior. Kulechov’s public acknowledgment, combined with a specific dollar figure for recovered funds, follows a pattern where transparent communication has helped prevent panic withdrawals in DeFi.
The emphasis on “orderly” recovery also carries governance significance. It suggests that any fund distribution or compensation plan will likely go through Aave’s established governance process, potentially meaning formal proposals and community votes before affected users see resolution.
Transparent incident response is becoming increasingly important as the broader DeFi ecosystem faces scrutiny across multiple fronts, from embedded stablecoin payment infrastructure to regulatory enforcement actions targeting crypto trading venues.
Key Information Gaps in the Recovery Picture
Several critical details remain unavailable. The exact mechanisms being used for recovery have not been specified in public communications. Whether the recovery involves white-hat negotiation, law enforcement coordination, or purely technical fund retrieval is not yet clear.
The total scope of affected funds across all Aave deployments has not been formally confirmed by the protocol team. While external reporting references a $292 million KelpDAO exploit, the portion specifically affecting Aave positions versus other protocols using rsETH has not been broken out.
No timeline has been given for when the recovery effort might conclude or when frozen assets might be unfrozen. The phrase “multiple plans” suggests the process could extend over weeks or longer.
What Would Materially Advance This Story
The next meaningful updates would include a formal Aave governance proposal detailing how recovered funds will be distributed, an updated total for recovered assets, and a timeline for unfreezing WETH across affected networks.
Signals to Watch
Any new posts on the Aave governance forum incident thread would likely contain the most authoritative updates. Announcements from the Arbitrum Security Council regarding the status of frozen funds would also indicate whether additional ETH has been secured.
A formal completion announcement, distinguishing the recovery-in-progress from a recovery outcome, would be the clearest signal that the situation has reached resolution.
FAQ
How much ETH has been recovered so far?
Approximately $70 million in ETH has been recovered, according to the Aave founder’s statement. This figure represents a portion of the total funds affected by the incident.
Is the recovery complete?
No. The Aave founder stated that multiple plans are still underway, indicating the recovery process is ongoing and has not reached a final resolution.
Are Aave users’ funds safe?
Aave has frozen WETH on its Prime instance and key Layer 2 deployments as a precautionary measure. The full impact on individual user positions has not been detailed in public communications so far.
What caused the incident?
The incident is linked to the rsETH exploit involving KelpDAO on April 20, 2026. Technical details are available in the incident report on the Aave governance forum, but the full root cause analysis has not yet been published.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
Source: https://coincu.com/aave-founder-orderly-recovery-plans-70m-eth-recovered/