Aave liquidates Kelp DAO attacker’s remaining rsETH positions

Aave's governance initiated an oracle price manipulation to liquidate remaining positions held by the Kelp DAO attacker. The protocol deliberately adjusted its rsETH (Kelp DAO's liquid restaking token) oracle to force liquidation of the bad debt accumulated from the exploit.

The attacker initially drained Kelp DAO through a sophisticated attack that created artificial collateral positions. After the initial damage, residual malicious positions lingered on Aave's lending protocol, creating ongoing risk. Rather than absorb the loss passively, Aave moved through formal governance to adjust how rsETH priced on the platform. This price shift generated a deficit on the attacker's borrowing position, triggering automatic liquidation mechanics.

This approach highlights the tension between protocol safety and oracle integrity. Aave essentially weaponized its governance mechanism to force a margin call on bad debt. The move succeeded in removing the attacker's leverage from the system but required explicit governance intervention to reprrice an asset. Oracle manipulation typically represents a primary attack vector in DeFi. Here, Aave deployed it defensively, though using governance as a check on unilateral action.

The liquidation clears toxic debt from Aave's balance sheet and removes the attacker's remaining ability to extract value. However, it establishes precedent for governance-level intervention on oracles when positions threaten protocol solvency. Other protocols facing similar post-exploit cleanup may now consider comparable strategies, though the regulatory and market implications remain unclear.

Kelp DAO itself suffered substantially from the initial attack. The incident exposed risks in liquid restaking protocols and multi-protocol collateral arrangements. Aave's decision to resolve the aftermath through governance demonstrates how DAOs address legacy damage when normal liquidation mechanisms fail, though it raises questions about oracle credibility when governance votes to reprice assets in response to specific debt positions.

THE BOTTOM LINE: Aave used governance-level oracle adjustment to liquidate an attacker's remaining positions, prioritizing protocol solvency over traditional oracle neutrality.