Three possible scenarios for handling the rsETH hack: Balancing bad debts and reputation, testing KelpDAO's credibility and Aave's risk tolerance.

According to Mars Finance, on April 20th, DefiLlama founder 0xngmi analyzed three possible action paths KelpDAO might take after the rsETH hack. All three paths have significant flaws, and the final decision will test KelpDAO's credibility and Aave's risk tolerance. Path 1: All users share the loss. KelpDAO would deduct 18.5% of the loss from all rsETH holders proportionally. Currently, there are approximately 666,000 rsETH staked on the Aave network, heavily leveraged primarily on the mainnet and L2 (assuming both are at 95% liquidation LTV). If the loss is socialized, the equity of all mainnet positions will be completely wiped out, generating approximately $216 million in bad debt. The Umbrella protocol can cover $55 million in bad debt, and the Aave treasury would cover an additional $85 million, leaving a shortfall of approximately $76 million. KelpDAO could potentially cover the losses by lending or selling Aave tokens (currently valued at approximately $51 million), but this would still put significant pressure on Aave, and all users would share the losses. Option Two: Directly Rug rsETH Holders on L2. KelpDAO would only guarantee mainnet rsETH, treating L2 rsETH as worthless. Aave L2 currently has approximately $359 million in rsETH collateral (based on current oracle prices). If all were leveraged at maximum, this would result in approximately $341 million in bad debt, completely uncoverable by the Umbrella protocol. Aave would have to use its treasury or lending to salvage part of the market, most likely abandoning the most severely affected chains like Arbitrum, Mantle, and Base, causing these L2 markets to collapse. This option would have a smaller impact on the Aave mainnet but would severely damage the reputation of the L2 ecosystem and could trigger a chain reaction. Path Three: Attempting to refund only holders at the time of the hack using a snapshot taken before the attack, extremely difficult to implement. KelpDAO attempted to fully repay rsETH holders only based on the snapshot taken before the attack, with subsequent purchases or transfers borne by the holders themselves. However, due to the significant flow of funds after the attack, and the fact that DeFi protocols are essentially liquidity pools, it's impossible to truly differentiate between different batches of depositors, making technical execution extremely difficult. The hacker borrowed $124 million on the Aave mainnet and $18 million on Arbitrum; even after deducting the Umbrella protocol's coverage, approximately $91 million in losses remained. While this solution theoretically minimizes the spread of the attack, it is virtually impossible to implement in practice and is likely to trigger legal and community controversies.