The easiest conclusion after a $290 million exploit and a roughly $13 billion drop in total DeFi value locked is that decentralized finance is broken again. It’s also probably the laziest.
The KelpDAO exploit over the weekend was serious. It appears to have started with a targeted attack on the infrastructure used in the LayerZero verification stack, not a smart contract bug as commonly seen in other exploits. LayerZero preliminarily linked the incident to North Korea’s Lazarus Group and said the attack was successful because Kelp had opted for a single verifier configuration despite repeated recommendations to use a more robust configuration. The exploit left rsETH (a liquid staking token issued by KelpDAO) unsupported and raised fears that bad debts would spread to lending markets, especially Aave’s WETH pool (where users borrow ether wrapped against collateral).
And yet, the most interesting story is not that DeFi has been affected. DeFi is still here.
The capital quickly fled after the breach. Aave alone saw $8.45 billion in outflows over 48 hours, while the broader DeFi TVL fell to the mid-$80 billion range, roughly back to where the sector was at this point last year. In other words, it was a strong reassessment of risk, not as destructive as some claim.
Aave, the largest DeFi lending marketplace, had accumulated a significant amount of rsETH as collateral in the weeks leading up to the exploit, as users built leveraged positions. The scale of that TVL drop also warrants some context. A theft of $292 million does not directly produce a decrease of $13 billion unless a significant portion of that TVL was already recycled collateral. Much of Aave’s ETH exposure heading into the weekend was focused on loop strategies, where users deposit liquid recovery tokens, borrow ETH against them, exchange them for more recovery tokens, and repeat. In other words, the same set of assets can be counted multiple times in the TVL calculation. That leverage inflates TVL on the way up and unravels sharply during events like this. The actual net capital loss is likely a fraction of the headline figure, although the exact amount is difficult to isolate given how deeply loop strategies are integrated into DeFi TVL calculations.
Those strategies were partly the product of a performance environment that no longer made sense. In early April, Aave was offering a 2.61% APY on USDC deposits, below the 3.14% available on idle cash at Interactive Brokers, a traditional financial brokerage. The risk premium that historically justified the complexity of DeFi and exposure to smart contracts had largely disappeared. Since organic performance was insufficient, leverage filled the void, and that concentration is what made the rsETH contagion so damaging. Data from DefiLlama shows that reETH balances on Aave had grown rapidly in the weeks leading up to the exploit, reaching nearly 580,000 tokens ($1.3 billion), evidence that the buildup of leverage made the subsequent drop so steep.
Cryptocurrencies have survived worse
The phrase “DeFi is dead” appears after every hack because the failures are visible and immediate, while the recovery is slower and less cinematic. But cryptocurrencies have seen worse. Terra collapsed and vaporized confidence throughout the sector. Wormhole and Ronin lost approximately $1 billion each. The multichain was undone.
“DeFi didn’t die when Terra crashed and caused billions in liquidations and losses,” wrote a pseudonymous trader on
More recently, Bybit suffered what was widely described as the largest cryptocurrency theft ever recorded, losing around $1.5 billion last February, but it continued trading, processed a surge in withdrawals, restored reserves, and still handles billions of dollars in trading volume each day.
The revaluation of trust
0xNGMI, founder of DefiLlama, told CoinDesk that the losses are significant but unlikely to be existential. “Aave has a lot of resources to cover the loss, including its treasury and borrowing, and I think they will have to be used to protect the protocol,” he said. “Overall, it is a significant loss, but one that will be recovered. The biggest issue will be the impact on risk premiums allocated to DeFi.”
These risk premiums are a real and lasting cost. Capital will demand more compensation for remaining in on-chain systems whose attack surface now extends beyond the code.
Still, price revision is not the same as collapse. “Some of the money will come back,” 0xNGMI said. “We saw this before on Aave when rumors of a hack surfaced. It is always the best strategy to withdraw and re-deposit later, as the cost is small and the reward very large.” Some deposits will not return, but historically deposit outflows during stress events reverse as conditions stabilize, as evidenced after the Terra collapse in 2021.
There is also evidence that capital is not simply abandoning DeFi. It’s spinning. Spark offers an example. Spark’s strategy lead, who goes by monetsupply.eth, said the protocol delisted rsETH and other low-utilized assets in January, a move that may have cost Aave business and ETH loop activity at the time. However, under current conditions, SparkLend still has ample liquidity for ETH withdrawals, while Aave is experiencing shortages in several markets. Over the weekend, Spark TVL jumped from $1.8 billion to $2.9 billion, demonstrating a clear capital turnover.
The most interesting criticism, raised by some builders after the exploit, is not that DeFi has failed but that it has become too timid. If the industry is going to ask users to take on infrastructure risk, smart contract risk, and governance risk to earn low single-digit returns, the product suite is starting to look less compelling. With this in mind, Kelp is not the end of DeFi. It’s a wake-up call for builders to create more secure systems while still delivering real-world use cases.
