A weekend security breach at KelpDAO protocol has triggered a significant capital withdrawal from the decentralized finance (DeFi) sector. Aave, a leading DeFi lending platform, reported an $8.45 billion reduction in deposits within 48 hours, contributing to a total decrease of $13.21 billion in the value locked across DeFi. The term ‘total value locked’ (TVL) refers to the aggregated dollar value of crypto assets held by various DeFi protocols like Aave and is used as an indicator for liquidity and market activity.
In this period, TVL plummeted from $99.497 billion to $86.286 billion, while Aave’s TVL specifically dropped by $8.45 billion, settling at $17.947 billion, according to DefiLlama data. Platforms such as Euler, Sentora, and Aave experienced double-digit percentage declines in TVL, particularly affecting lending, restaking, and yield strategies tied to the compromised collateral.
The downturn traces back to a $292 million exploit involving Kelp’s bridge that enabled attackers to misuse stolen rsETH—a liquid re-staking token commonly employed in DeFi—as collateral to secure loans on lending platforms. This fraudulent activity created potential shortfalls for lenders, akin to depositing counterfeit fiat at a traditional bank and obtaining loans against it, which results in bad debt.
In response, protocols took measures by freezing affected markets, prompting users to hastily withdraw their funds, thereby exacerbating the decline in total value locked across DeFi.
Although token prices experienced less severe drops compared to deposits—with AAVE falling around 2.5% and UNI and LINK decreasing under 1% over a day according to CoinDesk—Peter Chung, research head at Presto Research, noted that the incident underscores vulnerabilities within cross-chain infrastructure, specifically in verification systems utilized by bridges.
Initial assessments indicate the problem likely originated from the verification layer rather than smart contracts. Chung also highlighted how interconnected DeFi protocols can propagate shocks beyond the initial breach point through widespread withdrawal activities and market freezes affecting even those platforms not directly impacted by the exploit.