KelpDAO Hack Triggers $13B DeFi TVL Drop 

Image credit: Pexels

A $292 million exploit of KelpDAO’s bridge triggered a sharp two-day decline across DeFi. Total value locked fell by $13.21 billion as users withdrew funds and lending protocols froze affected markets. Aave, the sector’s leading lending platform, accounted for the largest share of the decline, shedding $8.45 billion in deposits over 48 hours alone.

Stolen rsETH Used as Collateral Triggers System-Wide Lending Freeze

According to DefiLlama, DeFi’s aggregate TVL, the combined dollar value of crypto assets deposited across protocols, and a standard measure of ecosystem liquidity fell from $99.497 billion to $86.286 billion in the aftermath of the weekend attack. 

Aave’s TVL dropped to $17.947 billion over the same window. Protocol-level data shows double-digit percentage declines across Euler, Sentora, and Aave, with losses concentrated in lending, restaking, and yield strategies tied to the compromised collateral.

How a Single Bridge Exploit Cascaded Across the Ecosystem

The mechanism behind the contagion involved the use of compromised collateral across lending platforms. Attackers exploited Kelp’s cross-chain bridge and made off with rsETH, a liquid restaking token widely used as collateral across DeFi, without legitimate backing. 

They then borrowed against those stolen tokens on lending platforms, creating potential bad-debt shortfalls for lenders. That allowed attackers to borrow against compromised collateral, increasing the risk of bad debt for lenders.

Protocols responded by freezing markets tied to the affected collateral, which itself accelerated the deposit flight as users moved to withdraw funds across even platforms without direct exposure to the exploit. The chain reaction showed how quickly losses and withdrawals can spread when the same collateral is used across multiple protocols.

Token Markets Hold Relatively Steady Despite Deposit Collapse

Even as deposits fled lending protocols, token markets showed a more muted reaction. Despite the scale of the TVL decline, DeFi’s major governance tokens have so far absorbed the shock with limited damage. The AAVE token was down approximately 2.5% over 24 hours following the incident, while UNI and LINK each fell less than 1% over the same period, according to market data. 

The divergence between deposit outflows and token price performance may indicate that market participants are treating the episode as a liquidity event rather than a broader repricing of the sector.

Bridge Verification Failures Expose DeFi’s Cross-Chain Infrastructure Risk

Peter Chung, head of research at Presto Research, said in a note that the incident highlights risks embedded in cross-chain infrastructure, particularly in the verification systems that bridges rely on to validate asset transfers. 

Early analysis, Chung noted, suggests the vulnerability may have originated in the verification layer rather than in the smart contracts themselves. He also flagged that the episode demonstrates how interconnected DeFi protocols can transmit shocks well beyond the initial point of failure, with withdrawal activity and market freezes spreading to platforms that had no direct exposure to the exploit.  He added that the attack showed how losses and withdrawal pressure can spread beyond the initially affected protocol.