The same architectural openness that turned a forged cross-chain message at Kelp DAO’s bridge into hundreds of millions of bad debt at Aave has in 48 hours produced its own antidote: A coalition of DeFi protocols has launched an emergency exit route.
Fluid, a DeFi DEX and lending protocol, has joined with other DeFi protocols to build a way for $ETH depositors and loopers on Aave to swap their positions out of WETH, either exiting the protocol altogether or switching to a different collateral type, at a time when direct withdrawals are unavailable after the $290 million Kelp DAO exploit.
The aWETH Redemption Protocol has processed 58,510 aWETH, or approximately $136 million, out of Aave’s frozen WETH pool in its first 48 hours, according to the live Dune dashboard Fluid is publishing.
The protocol was built in under 24 hours in response to Aave’s $ETH utilization hitting 100% after the April 18 exploit of Kelp DAO’s rsETH bridge adapter.
How it works
The infrastructure allows Aave $ETH lenders to swap aWETH into wstETH or weETH collateral in a single transaction, at a discount of roughly 2.21% for a 1,000 aWETH swap, per 1inch co-founder Sergej Kunz. Early exits via secondary markets had been clearing near 23% below par.
Two user scenarios are supported: For lenders, aWETH converts to wstETH and weETH collateral. Users can then withdraw their assets. For borrowers, collateral switches from $ETH to wstETH or weETH collateral. Debt remains unchanged and users can exit a previously stuck position or remain on Aave with yield-bearing collateral.
Lenders hand aWETH into Fluid’s Lite $ETH Vault in exchange for wstETH or weETH. The vault then uses the incoming aWETH to repay part of its own WETH debt at Aave, extinguishing a liability without requiring WETH to leave Aave’s pool. The netting works because Fluid is the single largest user of the Aave WETH market, carrying approximately $1.5 billion in $ETH debt against its looped Lite Vault positions.
Because Fluid already owes the debt being retired, the protocol is not taking on new directional risk. It is exchanging one claim on LST collateral for another, with the exiting lender absorbing a modest haircut and the vault reducing its borrowed exposure in a market where supply is otherwise trapped.
Lido Finance, Ether.fi, 0x Protocol, 1inch, and KyberNetwork are leveraging the protocol. Lido and Ether.fi contribute LST liquidity, 1inch shipped the front-end, and 0x and Kyber are routing orders. Aave’s DAO-recommended withdrawal guidance now directs trapped WETH suppliers toward the Fluid route.
“$ETH utilization on Aave hit 100% and lenders had no exit. Fluid built the infrastructure in hours — with significant capacity to support $ETH lenders at scale,” Fluid Founder and CTO Samyak Jain said in an announcement.
Kelp DAO exploit context
On April 18, an attacker exploited Kelp DAO’s LayerZero-based rsETH bridge adapter and minted 116,500 rsETH, approximately $293 million, or 18% of circulating supply, without a corresponding amount locked on the Ethereum side. The attacker supplied the unbacked rsETH as collateral on Aave V3 and V4 and borrowed approximately $236 million in WETH before markets were frozen.
Aave’s WETH utilization reached 100% within hours as lenders attempted to withdraw ahead of the bad-debt recognition, breaking the lending invariant that allows passive withdrawals. Variable borrow rates spiked into triple digits and aWETH began trading at a discount on secondary markets.
Aave’s risk team, in its April 20 incident report, modeled bad debt at between $123.7 million and $230.1 million depending on how claims on the under-collateralized rsETH L2 adapter are allocated.
Kelp DAO and LayerZero have continued to dispute responsibility. Kelp’s April 19 statement argued that the 1-of-1 DVN configuration used on the bridge was LayerZero’s documented default in its quickstart guide and was re-confirmed as appropriate by the LayerZero team during Kelp’s L2 expansion. LayerZero has attributed the exploit to the North Korea-linked Lazarus Group’s TraderTraitor subgroup and said it will no longer allow new OFT deployments to ship with 1-of-1 DVN configurations.
The composability dimension
The architectural property that allowed the exploit to cascade across Aave, Compound, Fluid and other venues is what allowed the redemption protocol to be assembled in under a day. aWETH is a standardized receipt token, wstETH and weETH are standardized LSTs, Aave’s “repaywithAtokens” function is public and permissionless, and aggregators can source liquidity from any venue. The Fluid flow combines those primitives without a governance vote, a treasury drawdown, or a new counterparty relationship.
The protocol does not reduce Aave’s modeled bad debt, reverse the attacker’s borrowing, or affect the LayerZero-Kelp dispute. It provides an individual exit for lenders who would otherwise wait for a socialization outcome or accept a steeper market discount.
Fluid said capacity is significant and additional partners are being engaged.