DeFi: big numbers, bigger chokepoints
This week’s DeFi snapshot shows both scale and fragility — huge TVLs and big hacks are coexisting with concentrated control points that can break composability. The recap lists a $285M Drift exploit, Aave with about $42.34B in deposits (and a $10M V4 launch), GHO at $500M, Morpho at $11B deposits, Uni trading volume hits of $250B and Aerodrome reporting $1.65M revenue, underlining massive liquidity concentrated in a few protocols. At the same time analysts argue decentralization is eroding in practice — validators, multisigs, stablecoin issuers and bridges create operational choke points that can turn one protocol failure into systemic contagion. (x.com) (youtube.com)
A decentralized finance app can look like a vending machine with no cashier, but most of the pipes behind it still run through a handful of valves. This week’s numbers showed that one lending market, one stablecoin, one bridge, or one signer group can still decide whether the machine keeps working. (defillama.com) (aave.com) The biggest shock came first: Drift Protocol was hit for about $285 million on April 1, 2026, after the team said it detected unauthorized activity and paused parts of the platform. Drift had pitched itself as Solana’s largest open-source perpetual futures exchange, which made the loss a reminder that “onchain” does not mean “unbreakable.” (newsbtc.com) (drift.trade) At the same time, the money is piling into fewer places. DefiLlama lists Aave at about $25.3 billion in total value locked across chains today, while Aave’s own March report put deposits near $42.34 billion and said its GHO stablecoin supply had crossed $500 million. (defillama.com) (stablecoininsider.org) Aave also pushed out version 4 on Ethereum at the end of March, and outside trackers reported the new version passed $10 million in deposits within days. That is the DeFi pattern in one line: new code ships fast because users already trust the old hub that holds the liquidity. (coinmarketcap.com) (stablecoininsider.org) Morpho is following the same path from a different angle. Morpho said this week that it grew from zero to more than $11 billion in deposits in two years, while DefiLlama currently shows about $7.3 billion in total value locked and more than $259 million in cumulative revenue. (morpho.org) (defillama.com) Trading is concentrated too. DefiLlama shows Uniswap with more than $103 billion in cumulative spot volume, while a widely cited 2026 market roundup said Uniswap version 4 alone had already passed $100 billion in cumulative volume by mid-2025. (defillama.com) (coinlaw.io) On Base, Aerodrome shows how fee capture gets concentrated once one exchange becomes the default route. DefiLlama lists Aerodrome at roughly $349.8 million in total value locked, $8.94 billion in 30-day trading volume, and about $66.99 million in annualized revenue, which works out to roughly $1.84 million every 10 days. (defillama.com) The weak point is not only smart-contract code. Stablecoin issuers can freeze assets, bridges can halt transfers, validators can censor transactions, and multisignature wallets can upgrade contracts with a small set of human approvals, which means the “decentralized” front end often sits on centralized emergency levers. (aave.com) (docs.uniswap.org) (drift.trade) That is why one failure can spread farther than the hacked app itself. If a lending market depends on a stablecoin for collateral, an oracle for prices, a bridge for cross-chain liquidity, and a multisignature wallet for upgrades, then one broken dependency can jam every app stacked on top of it like a closed highway interchange. (aave.com) (docs.uniswap.org) (defillama.com) So the story in DeFi right now is not “small and experimental.” It is giant pools of money sitting inside systems that still have real chokepoints, and the larger those pools get, the more one paused bridge, one frozen stablecoin, or one compromised key starts to look less like a bug and more like a system-wide circuit breaker. (defillama.com) (newsbtc.com)
