Kelp DAO burned stolen rsETH tokens and announced a timeline to resume withdrawals following an exploit on Arbitrum. The protocol paused its liquid restaking token after attackers drained funds, creating a liquidity crisis that locked user withdrawals.
The DAO's recovery plan spans two weeks. Kelp will refill rsETH liquidity using Aave's Recovery Guardian multisig wallet, a protocol governance mechanism designed to handle emergency situations. This approach lets the protocol inject capital without requiring immediate governance votes, accelerating the recovery process.
Burning the attacker's tokens removes the stolen rsETH from circulation, reducing overall supply and preventing the exploiter from converting those tokens back into ETH or other assets. This step addresses the immediate threat but doesn't directly restore liquidity for trapped users.
The two-week refill period targets restaking pools across Ethereum and Arbitrum. Kelp must rebalance its liquid restaking reserves to meet withdrawal demand. rsETH holders currently face locked positions, creating pressure on the protocol to execute flawlessly during the recovery window.
Kelp's reliance on Aave's Recovery Guardian signals coordination between the two protocols. Aave's multisig holds emergency powers to safeguard the broader DeFi ecosystem, and its use here shows how top-tier protocols activate recovery mechanisms when smaller protocols face existential threats.
The exploit exposed vulnerabilities in Kelp's security model and contract architecture on Arbitrum. Withdrawals remain paused while the protocol executes its refill strategy. Kelp faces reputational damage and must prove it can restore full functionality within the stated timeline.
Success depends on execution speed and market conditions. If ETH prices move sharply or staking yields shift during the two-week window, Kelp's refill calculations may require adjustment. The protocol's ability to maintain user