DeFi Losses Surpass $600M as Kelp DAO Exploit Pushes TVL to One-Year Low
The Kelp DAO exploit on April 18, 2026, during which attackers minted 116,500 unbacked rsETH by poisoning a single LayerZero verifier node, has catalyzed greater than $600 million in sector-wide DeFi losses over latest weeks, with cumulative injury throughout protocols approaching $1 billion.
The downstream impact is now seen on-chain: complete worth locked throughout DeFi has collapsed to its lowest level in twelve months, per DefiLlama knowledge, as capital flight accelerates throughout restaking, lending, and cross-chain bridge protocols.
The core query this raises isn’t whether or not Kelp DAO failed, it did, architecturally. The query is whether or not a single misconfigured verifier simply uncovered a systemic fragility operating beneath your complete cross-chain DeFi stack.
- Total DeFi losses: Approximately $1 billion throughout latest weeks, with $600M+ immediately attributable to the Kelp DAO exploit and its contagion results.
- Kelp DAO exploit scale: 116,500 unbacked rsETH minted – roughly 18% of circulating provide – through compromised LayerZero DVN node; no good contract breach.
- TVL affect: DeFi complete worth locked at a one-year low following a $13 billion exodus inside 48 hours of the exploit.
- Protocols affected: Aave, SparkLend, and Fluid all froze rsETH markets; Aave TVL fell from $26.4B to roughly $18B – the biggest single-protocol casualty.
- Attribution: LayerZero named North Korea’s Lazarus Group – particularly the TraderTraitor subunit – as the possible perpetrator; not but formally confirmed.
- Key watch merchandise: Kelp DAO’s forthcoming forensic report and Aave’s dangerous debt decision on tainted rsETH collateral are the 2 indicators that can decide whether or not contagion stabilizes or deepens.
Discover: The best crypto to diversify your portfolio with
How a Single Verifier Node Took Down $600M in DeFi
The failure was architectural, not foundational, and that distinction issues for a way you assess the remainder of DeFi’s cross-chain infrastructure. Kelp DAO’s rsETH bridge relied on a single Decentralized Verifier Network node to authenticate LayerZero messages, a 1-of-1 configuration that safety agency Halborn had flagged in prior warnings.
The attackers, recognized by LayerZero as Lazarus Group’s TraderTraitor subgroup, compromised two RPC nodes feeding knowledge to that verifier, launched DDoS assaults towards backup nodes to power failover, then injected a fraudulent message that minted 116,500 rsETH towards zero underlying collateral.
The stolen rsETH moved shortly. On-chain knowledge reveals the attacker swapped into ETH and Arbitrum utilizing loans throughout Aave, SparkLend, and Fluid, with Tornado Cash deployed for fuel price obfuscation. Malware self-deleted from the compromised RPCs post-attack, intentionally erasing forensic logs. For extra on how LayerZero’s investigation attributed the attack, the mechanics of the RPC poisoning sequence are documented intimately.
Losses aggregated quick. The 116,500 minted rsETH seeded dangerous debt throughout lending markets that had accepted rsETH as collateral with out enough verification of its backing, an “echo chamber” for solid messages, as Halborn described it. Allium, analyzing the verification hole post-incident, famous that “the instruments labored as designed. The manner they had been configured didn’t.”
That’s not a minor footnote: it means the exploit required no zero-day vulnerability, only a misconfiguration that was documented and warned about upfront.
Single-point-of-failure verifier architectures at the moment are a documented assault floor, and Kelp DAO received’t be the final protocol operating one.
TVL at a One-Year Low: What the Capital Flight Data Actually Signals
DeFi’s mixture TVL had already been compressing by Q1 2026 underneath macro strain, however the Kelp DAO exploit accelerated the drawdown right into a vertical drop.
DefiLlama knowledge reveals a $13 billion TVL exodus inside the 48 hours following the April 18 assault, a tempo that blindsided protocols like Compound that had no direct rsETH publicity however caught contagion withdrawals anyway.
The single-protocol casualty numbers are starker. Aave’s TVL collapsed from $26.4 billion to approximately $18 billion after the protocol froze rsETH markets, a $8.45 billion drawdown pushed by customers de-risking forward of potential dangerous debt crystallization from tainted collateral positions.
Money is leaving DeFi at an unprecedented scale pic.twitter.com/bZ3m40wfs4
— wale.moca
(@waleswoosh) April 20, 2026
Aave’s threat group is now modeling two dangerous debt eventualities relying on restoration charges for the unbacked rsETH that was used as mortgage collateral earlier than markets had been frozen.
The TVL compression units up two distinct ahead eventualities. If outflows stabilize and Kelp publishes a reputable forensic report with a compensation mechanism, the present degree could show to be localized contagion, ugly however bounded. If Aave’s dangerous debt modeling surfaces materials losses and LayerZero’s multi-DVN improve timeline extends previous Q2, anticipate a second leg of TVL decline as yield seekers rotate fully out of restaking protocols into much less interconnected alternate options.
Governance token valuations are already pricing the primary state of affairs as optimistic, AAVE has shed over 20% because the exploit, and the restoration thesis relies upon fully on whether or not Aave can shut its rsETH publicity cleanly.
Discover: The best pre-launch token sales
The submit DeFi Losses Surpass $600M as Kelp DAO Exploit Pushes TVL to One-Year Low appeared first on Cryptonews.
