The easiest takeaway after $290 million in leverage and a roughly $13 billion drop in DeFi’s total value is that decentralized finance is broken again. It’s probably also the lazy thing.
The KelpDAO exploit over the weekend was serious. It appears to have started with a targeted attack on infrastructure used in LayerZero’s verification stack, not a smart contract flaw as is commonly seen in other exploits. LayerZero has tentatively linked the incident to North Korea’s Lazarus group and said the attack succeeded because Kelp had chosen a single-verifier setup despite repeated recommendations to use a more resilient configuration. The exploit left rsETH (a liquid staking token issued by KelpDAO) unsupported and sparked fears that bad debt would spill over into the lending markets, particularly Aaves’ WETH pool (where users borrow wrapped ether against collateral).
And yet the more interesting story isn’t that DeFi got hit. It’s that DeFi is still here.
Capital fled quickly after the breach. Aave alone saw $8.45 billion in outflows over 48 hours, while broader DeFi TVL fell in the mid-$80 billion range, roughly back to where the sector sat around this time last year. In other words, this was a sharp repricing of risk, not as destructive as some think.
Aave, the largest DeFi lending marketplace, had accumulated significant rsETH as collateral in the weeks leading up to the exploit as users built leveraged positions. The extent of this TVL drop also warrants some correlation. A $292 million theft doesn’t directly add up to a $13 billion drop unless a meaningful portion of that TVL was already recycling security. Much of Aave’s ETH exposure heading into the weekend was concentrated in looping strategies where users deposit floating restaking tokens, borrow ETH against them, trade for more restaking tokens and repeat. In other words, the same pile of assets can be counted multiple times in the TVL calculation. This leverage inflates TVL on the way up and unwinds sharply during events like this. The actual net capital loss is likely a fraction of the overall figure, although the exact amount is difficult to isolate given how deeply looped strategies are embedded in DeFi’s TVL calculations.
These strategies were themselves partly a product of a dividend environment that had already ceased to make sense. As of early April, Aave offered 2.61% APY on USDC deposits, below the 3.14% available on available cash at Interactive Brokers, a traditional financial brokerage. The risk premium that historically justified DeFi’s complexity and smart contract exposure had largely disappeared. When the organic yield was insufficient, leverage filled the gap, and that concentration is what made the rsETH contagion as damaging as it was. Data from DefiLlama shows that reETH balances on Aave had grown rapidly in the weeks leading up to the exploit, reaching nearly 580,000 tokens ($1.3 billion), proving that the leverage build-up made the subsequent liquidation so sharp.
Crypto has survived worse
The phrase “DeFi is dead” is trotted out after every hack because the failures are visible and immediate, while the recovery is slower and less cinematic. But crypto has seen worse. Terra collapsed, eroding confidence across the sector. Wormhole and Ronin lost about $1 billion each. Multichain unraveled.
“DeFi didn’t die when Terra collapsed causing billions in liquidations and losses,” wrote a pseudonymous trader on X. “DeFi didn’t die when Wormhole and Ronin were drained of about $1 billion. DeFi didn’t die when Multichain bridge assets were stolen.”
Recently, Bybit suffered what was widely described as the largest crypto theft ever, losing around $1.5 billion in February last year, but it continued to operate, processing a surge in withdrawals, restoring reserves and still handling billions of dollars in trading volume every day.
Repricing of trust
0xNGMI, founder of DefiLlama, told CoinDesk that the losses are significant but unlikely to be existential. “Aave has many means to cover the loss, including its treasury and borrowing, and I think they should be used to protect the protocol,” he said. “Overall, a significant loss, but one that will be recovered. The biggest issue will be the impact on risk premiums allocated to DeFi.”
These risk premiums are a real and lasting cost. Capital will demand more compensation for sitting in onchain systems whose attack surface now extends beyond code
Yet repricing is not the same as collapse. “Some of the money will come back,” 0xNGMI said. “We saw this before in Aave when rumors of a hack surfaced. Withdrawing and re-depositing later is always the best strategy as the cost is small and the reward very large.” Some deposits do not return, but historically, during stress events, deposit outflows reverse as conditions stabilize, as evidenced by the 2021 collapse of Terra.
There are also signs that capital is not just leaving DeFi. It rotates. Spark provides an example. Spark’s strategy manager, who goes by monetsupply.eth, said protocol delisted rsETH and other underutilized assets in January, a move that may have cost it business and ETH-looping activity to Aave at the time. However, under current conditions, SparkLend still has ample ETH withdrawal liquidity, while Aave is experiencing shortages in several markets. Over the weekend, Spark TVL jumped from $1.8 billion to $2.9 billion, showing clear capital rotation.
The more interesting criticism raised by some builders after the exploit is not that DeFi failed, but that it has become too timid. If the sector wants to ask users to bear infrastructure risk, smart contract risk and governance risk for low single digit returns, the product set starts to look less compelling. With that in mind, Kelp is not the end of DeFi. It’s a wake-up call for developers to build more secure systems while continuing to offer real-world use cases.
