DeFi Losses Top $600 Million Amid Kelp DAO Exploit and TVL Decline

Key Takeaways:

• Total DeFi losses have skyrocketed to approximately $1 billion recently, with $600M+ linked directly to the Kelp DAO exploit.
• The exploit involved minting 116,500 unbacked rsETH by manipulating LayerZero’s verifier, without breaching smart contracts.
• A $13 billion exodus led to DeFi’s tvl-7532">total value locked (TVL) hitting a one-year low soon after the event.
• Aave, SparkLend, and Fluid froze rsETH markets, with Aave’s TVL dropping by about $8.4 billion.
• North Korea’s Lazarus Group, notably its TraderTraitor subunit, is suspected to be behind the attack, yet formal confirmation is pending.

WEEX Crypto News, 2026-04-22 12:04:54

Kelp DAO Exploit and DeFi’s Structural Vulnerability

The Kelp DAO incident on April 18, 2026, laid bare vulnerabilities in DeFi infrastructure, resulting in over $600 million in losses. These losses stemmed from a targeted attack that minted 116,500 unbacked rsETH due to a compromised LayerZero verifier node. Security firm Halborn had previously highlighted this single-point architectural weakness, forewarning what has now become a cautionary tale of structural oversight.

How It Happened

In a high-stakes maneuver, the Lazarus Group—a subdivision dubbed TraderTraitor—leveraged compromised RPC nodes to carry out a DDoS attack, thereby executing a fake message that conjured the uncollateralized rsETH. The fact that no novel smart contract vulnerabilities were exploited underscores the issue: known misconfigurations were ignored.

[Place Image: Demonstration of Kelp DAO exploit via LayerZero verifier]

This flawed setup, documented and previously flagged, turned internal security oversights into a significant exploit. Attackers rapidly converted rsETH into ETH and Arbitrum, using Tornado Cash for further transactions to obscure origin trails.

Unprecedented Capital Flight and TVL Plunge

DeFi’s TVL had been dwindling due to macroeconomic pressures. However, the Kelp DAO exploit rapidly escalated the situation, triggering a $13 billion capital flight within just 48 hours, according to DefiLlama. This bleached market liquidity, blindsiding even those protocols not directly linked to rsETH like Compound, which still faced withdrawal spasms.

Aave, profoundly affected, witnessed its TVL drop from $26.4 billion to roughly $18 billion—a dramatic $8.45 billion fall, mainly as a protective measure against crystallizing bad debts tied to faulty rsETH collateral.

[Place Image: Chart showing Aave’s TVL decline]

Future Scenarios

Two paths emerge from here. If Kelp DAO issues a credible forensic report along with a restitution strategy, and if Aave manages to rectify its rsETH exposure, the contagion could stabilize. On the contrary, further delays in LayerZero’s security overhaul could trigger another wave of withdrawals, forcing yield hunters to pivot to more secure yet interconnected ecosystems.

On the Frontline: Security and Recovery Measures

LayerZero’s naming of the Lazarus Group provides some directional insight into responsibility, yet formal affirmation is essential. Meanwhile, the DeFi community anxiously awaits comprehensive reports from both Kelp DAO and Aave. These reports will be pivotal in gauging immediate recovery prospects and long-term resilience.

The vulnerability exposed—relying on a 1-of-1 verifier—is far from unique to Kelp. Other protocols running similar frameworks must heed these warnings. An industry-wide reassessment of architectural robustness is inevitable if future misplaced trust is to be avoided.

Ripple Effects and Governance Token Dynamics

Governance tokens feel the ripple effects too. AAVE, for instance, dipped over 20% post-exploit, primarily driven by users’ de-risking maneuvers reflecting a shaky confidence in asset-backed lending.

[Place Image: Governance token valuation trends post-exploit]

This uncharted terrain poses questions about possible protocol adaptations. Will platforms adopt multi-layered verifier structures, or are cross-chain networks fundamentally vulnerable? As stakeholders dwell on these questions, they remain wary of any incidents that might precipitate a similar exodus.

FAQ

What triggered the Kelp DAO exploit?

The exploit was triggered by a vulnerable single-point verifier node under LayerZero, compromised through RPC node hijacking, resulting in unbacked rsETH minting.

How much of the rsETH was uncollateralized during the exploit?

116,500 rsETH was minted without collateral through the exploit, roughly 18% of the circulating supply.

What was the extent of DeFi’s TVL reduction post-exploit?

DeFi TVL suffered a $13 billion reduction within 48 hours of the exploit, hitting a one-year low.

Which protocols took major hits following the exploit?

Aave, SparkLend, and Fluid froze their rsETH markets, with Aave’s TVL falling by $8.45 billion.

Who is suspected to have orchestrated the Kelp DAO attack?

The Lazarus Group, specifically its TraderTraitor subunit from North Korea, is suspected, but formal confirmation is awaited.