How Compound Governance Triggered a $30M Recovery From the KelpDAO Exploit

TLDR: Compound governance approved an oracle tweak that enabled liquidation of stolen rsETH collateral. The attacker used 116,500 rsETH as collateral to borrow ETH and wstETH across Compound v3. DeFi United seized nearly $30M after temporary oracle bounds forced undercollateralization. The recovered rsETH was redeemed into ETH to help restore KelpDAO’s damaged bridge reserves. DeFi governance proved capable of acting as an emergency recovery mechanism after the April 2026 KelpDAO exploit. Roughly 116,500 rsETH worth $292 million were stolen and deployed as collateral on Compound v3. Standard liquidation rules offered no path to recovery, since the stolen rsETH still priced normally. A governance-approved oracle adjustment changed that, eventually enabling DeFi United to seize roughly $30 million. The recovery marked one of the most coordinated on-chain interventions in DeFi’s history. Why Standard Liquidation Rules Could Not Touch the Attacker’s Position On April 18, 2026, attackers exploited a vulnerability in KelpDAO’s LayerZero bridge infrastructure. About 116,500 rsETH worth $292 million were released illegitimately from the Ethereum-side escrow. The attack was widely attributed to North Korea’s Lazarus Group. Rather than selling, the attacker deployed them as collateral across multiple lending protocols. On-chain data shows the attacker opened a Compound v3 position within minutes of the exploit. ETH and wstETH were borrowed in tranches against the stolen rsETH tokens. Partial withdrawals helped manage the collateral ratio in the same window. The position was active and borrowing real assets before the protocol could respond. In the weeks that followed, the position remained technically healthy at market prices. Compound’s rsETH markets were frozen, and loan-to-value ratios were set to zero. The stolen rsETH still priced normally despite having no legitimate backing. Automated liquidation mechanisms therefore had no grounds to trigger. DeFi lending liquidati...