It was this architectural openness that allowed a forged cross-chain message on the Kelp DAO bridge to cause hundreds of millions of dollars in bad debt on Aave, yet this same openness also produced its own antidote within 48 hours: a coalition of DeFi protocols launched an emergency exit route.
Fluid, a DeFi decentralized exchange and lending protocol, has joined forces with other DeFi protocols to build a solution for Aave ETH depositors and cycle participants, allowing them to exit their WETH positions when direct withdrawals are unavailable, with options to fully exit the protocol or switch to alternative collateral types. Kelp DAO vulnerability resulted in a $290 million loss.
According to real-time data, Aave has processed 58,510 aWETH, worth approximately $136 million, from its frozen WETH pool within the first 48 hours after launch. Dune dashboard Fluid is being released.
The protocol was built in less than 24 hours to address Aave's 100% ETH utilization following the attack on Kelp DAO's rsETH bridge adapter on April 18.
How it works
This infrastructure allows Aave ETH lenders to swap aWETH for wstETH or weETH collateral in a single transaction, with a discount of approximately 2.21% on 1,000 aWETH. per 1inch co-founder Sergej Kunz Trading on the secondary market before maturity results in prices nearly 23% below face value.
Supports two user scenarios: For lenders, aWETH is converted into wstETH and weETH as collateral. Users can then withdraw their assets. For borrowers, collateral is converted from ETH to wstETH or weETH. The debt remains unchanged, allowing users to either exit previously locked positions or continue holding yield-bearing collateral on Aave.
Lenders deposit aWETH into Fluid's Lite ETH vault in exchange for wstETH or weETH. The vault then uses the received aWETH to repay part of its WETH debt on Aave, eliminating the debt without requiring WETH to leave the Aave liquidity pool. This netting mechanism works because Fluid is the largest single user on the Aave WETH market, with its Lite vault's circular position representing approximately $1.5 billion in ETH debt.
Since Fluid has assumed this outstanding debt, the protocol has not taken on new directional risk. It has simply replaced a claim on LST collateral with another, allowing the exiting lender to incur a smaller loss while reducing the treasury’s exposure to borrowing risks in a supply-constrained market.
Lido Finance, Ether.fi, 0x Protocol, 1inch, and KyberNetwork are all leveraging this protocol. Lido and Ether.fi provide LST liquidity, 1inch handles the frontend, while 0x and Kyber manage order routing. The withdrawal guide recommended by the Aave DAO now directs trapped WETH providers to use Fluid routing.
Samyak Jain, founder and CTO of Fluid, stated in a statement: "ETH utilization on Aave has reached 100%, leaving lenders with no recourse. Fluid built the infrastructure and is ready to scale support for ETH lenders within hours."
Kelp DAO vulnerability exploitation context
On April 18, an attacker exploited a vulnerability in Kelp DAO’s LayerZero-based rsETH bridge adapter to illegitimately mint 116,500 rsETH, worth approximately $293 million—18% of the circulating supply—without a corresponding amount of rsETH being locked on the Ethereum side. The attacker then used these unlocked rsETH as collateral to borrow approximately $236 million in WETH on Aave V3 and V4, after which the market was frozen.
Due to lenders attempting to withdraw funds before default was confirmed, Aave's WETH utilization rate reached 100% within hours, breaking the loan mechanism that allowed passive withdrawals. Floating borrowing rates surged into triple digits, and WETH began trading at a discount on secondary markets.
Aave’s risk team estimated, in its April 20 report Incident Report, that the bad debt model ranges between $123.7 million and $230.1 million based on how claims on the undercollateralized rsETH L2 adapter are allocated.
Kelp DAO and LayerZero remain at odds over responsibility. In its April 19 statement, Kelp argued that the 1:1 DVN configuration used on the bridge was the default configuration documented in LayerZero’s Quickstart guide and was reaffirmed as appropriate by the LayerZero team during Kelp’s L2 expansion. LayerZero, however, attributed the vulnerability to the TraderTraitor subgroup of the Lazarus Group, linked to North Korea, and stated it will no longer permit new OFT deployments to use the 1:1 DVN configuration.
Composability dimension
It is precisely this architectural feature that allowed the vulnerability to spread to Aave, Compound, Fluid, and other exchanges, and also enabled the redemption protocol to be built in less than a day. aWETH is a standardized receipt token, while wstETH and weETH are standardized liquid staking tokens (LSTs); Aave’s “repayWithATokens” function is public and permissionless, allowing aggregators to source liquidity from any exchange. Fluid’s process integrates these fundamental components without requiring governance votes, treasury expenditures, or establishing new counterparty relationships.
This protocol does not reduce the bad debt predicted by Aave’s model, does not reverse the attacker’s borrowing actions, and does not affect the dispute between LayerZero and Kelp. It provides a separate exit path for lenders who would otherwise have to wait for socialized outcomes or accept a larger market discount.
Fluid states that it has sufficient production capacity and is currently engaging with additional partners.