Bootstrap Gallery
  1. Home
  2. Markets

DeFi Suffers $13 Billion Loss in 48 Hours Following KelpDAO Exploit

A recent exploit of the KelpDAO protocol has triggered a massive outflow of capital from the decentralized finance ecosystem. Over the past two days, top DeFi lending platform Aave has seen a staggering $8.45 billion decline in deposits, contributing to a broader $13.21 billion drop in total value locked across DeFi platforms. Total value locked, which measures the combined dollar value of crypto assets deposited in DeFi protocols, has plummeted from $99.497 billion to $86.286 billion. Aave's TVL has decreased by $8.45 billion to $17.947 billion over the same period, according to DefiLlama. Protocol-level data reveals double-digit percentage drops in TVL across multiple platforms, including Euler, Sentora, and Aave, with the majority of losses concentrated in lending, restaking, and yield strategies tied to the affected collateral. The incident began with a $292 million exploit of Kelp's bridge, which allowed attackers to utilize stolen rsETH, a liquid re-staking token, as collateral to borrow funds on lending platforms. As these stolen tokens lacked legitimate collateral backing, borrowing against them created potential shortfalls for lenders, similar to deceiving a traditional bank by depositing fake fiat and taking out loans against it. In response, protocols froze affected markets, while panicked users withdrew funds, resulting in a broad decline in total value locked. Token prices, however, have been less affected, with the AAVE token down approximately 2.5% over 24 hours, and UNI and LINK down less than 1% over the same period. According to Peter Chung, head of research at Presto Research, the incident highlights the risks associated with cross-chain infrastructure, particularly in verification systems used by bridges. Early analysis suggests that the issue may have originated in the verification layer rather than in the smart contracts themselves. Chung also noted that the episode demonstrates how interconnected DeFi protocols can transmit shocks beyond the initial point of failure, with withdrawal activity and market freezes extending to platforms without direct exposure to the exploit.