The decentralized finance (DeFi) sector is facing significant challenges following a $292 million exploit linked to KelpDAO, which has contributed to a $13 billion decline in total value locked (TVL) across the ecosystem. Despite these setbacks, analysts suggest that the underlying infrastructure of DeFi remains intact.
The exploit, which occurred over the weekend, targeted the verification stack of LayerZero, a critical component of KelpDAO’s operations. Preliminary investigations have associated the attack with North Korea’s Lazarus Group. The incident raised alarms about the stability of the rsETH token, a liquid staking asset issued by KelpDAO, which became unbacked as a result of the breach. Concerns have also emerged regarding potential spillover effects into lending markets, particularly affecting Aave’s WETH pool.
In the wake of the exploit, Aave experienced substantial capital outflows, with approximately $8.45 billion withdrawn within 48 hours. The broader DeFi TVL has now fallen to around $80 billion, a level reminiscent of the sector’s standing a year ago. This rapid decline in TVL, however, may not reflect a complete loss of capital. The exploit’s impact is compounded by the way assets were leveraged within the ecosystem, which can inflate TVL figures during periods of growth.
Prior to the exploit, Aave had accumulated a significant amount of rsETH as collateral, as users engaged in leveraged trading strategies. These strategies, while potentially profitable, have also contributed to the volatility of TVL calculations. The actual capital loss resulting from the exploit is likely to be less severe than the headline figures suggest, as many assets were recycled within the system.
Historically, the DeFi sector has weathered significant crises, including the collapses of Terra and hacks of platforms like Wormhole and Ronin. A pseudonymous trader noted that DeFi has survived multiple high-profile incidents without collapsing entirely. For example, Bybit, which experienced a theft of approximately $1.5 billion, managed to continue operations and process substantial trading volumes.
0xNGMI, the founder of DefiLlama, emphasized that while the recent losses are considerable, they are not likely to threaten the existence of DeFi. He noted that Aave has various resources available to mitigate the impact of the exploit, including its treasury and potential loans. However, he cautioned that the incident may lead to a reevaluation of risk premiums associated with DeFi investments.
Capital appears to be rotating rather than leaving the DeFi space entirely. For instance, the protocol Spark has seen its TVL increase from $1.8 billion to $2.9 billion over the weekend, indicating a shift in investor confidence towards platforms perceived as more stable. Some industry observers have raised concerns that DeFi may need to enhance its offerings to justify the risks associated with smart contracts and governance.
In response to the exploit, Aave has reportedly raised approximately $160 million of the $200 million needed to address the bad debt resulting from the KelpDAO incident. The DeFi United recovery initiative aims to restore support for rsETH and stabilize the market.
The DeFi sector is experiencing significant challenges following a $292 million exploit linked to KelpDAO, resulting in a $13 billion drop in total value locked. Despite these setbacks, analysts indicate that the infrastructure of DeFi remains resilient, with capital rotation observed in the market.