Introduction: Responding to DeFi Protocol Exploits
Incidents like the Kelp DAO rsETH hack demonstrate how quickly DeFi protocols can face systemic threats. For teams operating across multiple chains, a single exploit can impact protocol stability, user funds, and ecosystem trust. Recent actions by projects such as Lido and Mantle offer concrete examples of how to respond effectively under pressure.
Step 1: Assess the Incident
Immediate investigation is essential after a hack. Teams should identify which contracts or vaults are affected and determine the scale of user fund exposure. In the Kelp DAO case, only the EarnETH vault was directly impacted by the compromised rsETH token, representing about 9% of its total value locked (TVL). Lido’s main staking products, stETH and wstETH, were unaffected. Defining the scope of the incident early helps avoid unnecessary protocol-wide actions and ensures resources are directed where most needed.
It is also necessary to clarify whether core protocol assets or only specific integrations are involved. This distinction guides both technical response and communication strategy.
Step 2: Contain and Quantify Losses
After identifying affected areas, teams should act to contain further risk. Pausing deposits and withdrawals on impacted vaults or bridge contracts can prevent additional exposure. For example, Lido paused the EarnETH vault to limit losses. Next, teams should model different scenarios for distributing losses. Options include socializing losses across all users, limiting them to specific groups, or compensating users based on pre-hack snapshots. Each approach has trade-offs: spreading losses can create protocol bad debt, while targeting specific groups may concentrate the impact. Compensation based on snapshots can be challenging due to rapid fund flows and pooled liquidity.
Teams should also review available insurance or umbrella coverage and calculate any remaining shortfall. In the Kelp DAO incident, even after applying coverage and treasury resources, a significant amount of bad debt remained.
Step 3: Activate Treasury and Backstop Measures
Once losses are quantified, deploying available backstops is critical for stabilizing the protocol. Lido applied a $3 million first-loss protection from its DAO treasury by burning vault shares, directly absorbing part of the loss. For larger gaps, more complex treasury actions may be required. Mantle, in response to the same exploit, proposed lending up to 30,000 ETH to Aave DAO to help address bad debt, with terms including protocol revenue pledges and collateral in Aave tokens. The proposal also included delegated voting power, highlighting the importance of careful negotiation and governance.
When using treasury resources or negotiating support with other protocols, teams must consider reputational and governance consequences. Transparent decision-making and prompt execution are essential to maintain user and stakeholder confidence.
Step 4: Communicate with Users
Clear, timely communication is vital throughout the response process. Lido’s updates specified that its core staking products were unaffected and outlined which vaults were exposed, along with details of the backstop measures. Providing accurate information about risks and actions taken helps prevent panic and demonstrates operational maturity.
As the situation develops, teams should continue to update users with new information—such as timelines for resuming paused products, details on loss distribution or compensation, and any required governance actions. Maintaining transparency during a crisis is key to sustaining long-term user trust.
Conclusion: Strengthening Protocol Resilience
No DeFi protocol is entirely immune to exploits, but a transparent, structured response can help limit damage and protect reputation. By learning from recent incidents—scoping exposure, activating treasury backstops, and communicating clearly—teams can turn a crisis into an opportunity to reinforce their protocol and build user trust.
For DeFi teams and users managing cross-chain risks, efficiency and security are crucial. To check optimal routes or compare options for your next onchain transfer, visit the Chainspot router to find the most efficient path.
