DeFi loses investors after major hacks

Decentralized finance is having the kind of stress test that exposes what the system is really made of. The immediate news is simple — investors have yanked roughly $14 billion from DeFi after two big hacks, one at Drift and one at KelpDAO. But the deeper story is not just “crypto got hacked again.” It’s that DeFi’s biggest selling point — everything connects to everything — also turned out to be the thing that made the damage spread. (pymnts.com) ### What actually got hit? The two incidents doing most of the damage were the April 1 exploit at Drift, a Solana-based decentralized exchange, and the April 18 KelpDAO exploit. The KelpDAO case was worse for confidence because the attacker didn’t just steal funds and disappear. The attacker used the stolen rsETH as collateral to borrow from Aave, dragging one protocol’s breach into another protocol’s balance sheet. (pymnts.com) ### Why did this scare investors so much? Because this was not an isolated smart-contract bug sitting in one corner of crypto. KelpDAO’s exploit showed how a bridge or messaging failure can jump chains, hit a collateral token, and then blow through a lending market that never got hacked directly. That is a much uglier story than “one (pymnts.com)not be. (pymnts.com) ### Where did the money go? DefiLlama data cited in recent coverage shows close to $14 billion leaving DeFi projects in recent weeks. Aave became the clearest pressure point. Separate reporting around the KelpDAO aftermath showed Aave’s deposits dropping by billions as users rushed to pull funds once bad-debt fears spread through the (pymnts.com)s discussed before the shock. (pymnts.com) ### Why does Aave matter here? Because Aave is not some fringe app. It is DeFi’s biggest lender, which makes it a bit like the plumbing under the rest of the sector. If a stolen asset can be posted there as collateral and leave a hole in the pool, people stop asking whether one token is safe and start asking whether the whole lending stack is safe. That is how a hack becomes an exodus. (pymnts.com) ### Is this just a DeFi problem? Not really. The timing is awkward because banks, asset managers, and payment firms have been experimenting with tokenized assets and blockchain rails. Hacks on this scale weaken the pitch that crypto infrastructure is safer, cleaner, or more transparent than the old system. Transparency does help inves(pymnts.com)harmless. (pymnts.com) ### So is DeFi collapsing? Probably not. The sector is bruised, not dead. Coverage after the KelpDAO exploit argued that a $13 billion TVL drop looked catastrophic, but it also showed DeFi still sitting on a large asset base rather than disappearing outright. Basically, the market is not voting for extinction. It is voting against weak security assumptions and against protocols that depend on fragile cross-chain trust. (coindesk.com) ### What changes now? The obvious answer is more audits, but that is not enough. The catch is that recent exploits were not only classic code bugs. They involved bridges, admin access, interface compromise, and the messy connective tissue between protocols. That means the next phase of DeFi security is (coindesk.com)governance settings, and emergency shutdowns. (pymnts.com) ### Bottom line? Investors are pulling back because DeFi’s failures are no longer staying contained. The sector can survive big losses. What it struggles to survive is contagion — when one exploit turns a whole network of “decentralized” apps into a single shared risk. (pymnts.com)