The easiest take after a $290 million exploit and a roughly $13 billion slide in DeFi total value locked is that decentralized finance is broken again. It is also probably the laziest.
The KelpDAO exploit over the weekend was serious. It appears to have started with a targeted attack on infrastructure used in LayerZero’s verification stack, not a smart contract bug as commonly seen in other exploits. LayerZero has preliminarily linked the incident to North Korea’s Lazarus Group, and said the attack succeeded because Kelp had opted for a single-verifier setup despite repeated recommendations to use a more resistant configuration. The exploit left rsETH (a liquid staking token issued by KelpDAO) unbacked and triggered fears that bad debt would spill into lending markets, especially Aave’s WETH pool (where users borrow wrapped ether against collateral).
A sharp repricing, not a collapse
And yet the more interesting story is not that DeFi was hit. It is that DeFi is still here.
Capital fled quickly after the breach. Aave alone experienced $8.45 billion in outflows over 48 hours, while broader DeFi TVL fell into the mid-$80 billion range, roughly back to where the sector sat around this point last year. In other words, this was a sharp repricing of risk, not as destructive as some are making out.
Aave, the largest DeFi lending market, had accumulated significant rsETH as collateral in the weeks before the exploit as users built leveraged positions. The scale of that TVL drop also warrants some context. A $292 million theft does not directly produce a $13 billion decline unless a meaningful portion of that TVL was already recycled collateral. Much of Aave’s WETH exposure heading into the weekend was concentrated in looping strategies, where users deposit liquid restaking tokens, borrow WETH against them, swap for more restaking tokens, and repeat. In other words, the same pile of assets may be counted multiple times in the TVL calculation. That leverage inflates TVL on the way up and unwinds sharply during events like this. The actual net capital loss is likely a fraction of the headline figure, though the exact amount is difficult to isolate given how deeply looping strategies are embedded in DeFi’s TVL calculations.
Leverage had already lost its purpose
Those strategies were themselves partly a product of a yield environment that had already stopped making sense. As of early April, Aave was offering 2.61% APY on USDC deposits, below the 3.14% available on idle cash at Interactive Brokers, a traditional financial brokerage. The risk premium that historically justified DeFi’s complexity and smart contract exposure had largely disappeared. With organic yield insufficient, leverage filled the gap, and that concentration is what made the rsETH contagion as damaging as it was. Data from DefiLlama shows that rsETH balances on Aave had grown rapidly in the weeks leading up to the exploit, reaching nearly 580,000 tokens ($1.3 billion), evidence that the leverage buildup made the subsequent unwind so sharp.
DeFi has survived worse
The phrase “DeFi is dead” gets wheeled out after every hack because the failures are visible and immediate, while the recovery is slower and less cinematic. But crypto has seen worse. Terra collapsed and vaporized confidence across the sector. Wormhole and Ronin lost roughly $1 billion each. Multichain unraveled.
More recently, Bybit suffered what was widely described as the largest crypto theft on record, losing around $1.5 billion last February, yet it continued operating, processed a surge in withdrawals, restored reserves and still handles billions of dollars in trading volume each day.
0xNGMI, founder of DefiLlama, told CoinDesk the losses are significant but unlikely to be existential. “Aave has many recourses to cover the loss, including its treasury and taking loans, and I think those will have to be used to protect the protocol. Overall a significant loss but one that will be recovered. The biggest issue will be the impact on risk premiums that are assigned to DeFi.”
Capital rotates, not just flees
Those risk premiums are a real and lasting cost. Capital will demand more compensation for sitting in onchain systems whose attack surface now extends beyond code.
Still, repricing is not the same thing as collapse. “Some of the money will come back. We saw this before in Aave when rumors of a hack appeared. It’s always the best strategy to withdraw and redeposit later as the cost of that is tiny and the reward very large,” 0xNGMI said.
There is also evidence that capital is not simply leaving DeFi. It is rotating. Spark offers one example. Spark’s strategy lead, who goes by monetsupply.eth, said the protocol delisted rsETH and other low-utilization assets in January, a move that may have cost it business and WETH-looping activity to Aave at the time. Under current conditions, however, SparkLend still has ample WETH withdrawal liquidity while Aave is experiencing shortages across several markets. Over the weekend Spark TVL jumped from $1.8 billion to $2.9 billion, demonstrating clear capital rotation.
The more interesting critique, raised by some builders after the exploit, is not that DeFi failed but that it has become too timid. If the sector is going to ask users to bear infrastructure risk, smart contract risk and governance risk for low single-digit yields, the product set starts to look less compelling. With that in mind, Kelp is not the end of DeFi. It is a wake-up call for builders to build safer systems while continuing to offer real world use cases.
