Two major DeFi hacks trigger $13 billion exodus, what lessons have we learned?

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯2216 words

Author: Fenrir, Crypto City North Korean hackers launch the opening battle, the long game between Drift and Lazarus April 2026 became an exceptionally heavy month in the history of decentralized finance (DeFi). In just 18 days, the entire ecosystem lost over $606 million due to various hacker attacks and vulnerabilities. This wave of disaster began on April 1st, when Drift Protocol, a leading perpetual contract exchange in the Solana ecosystem, was ransacked for approximately $285 million within 12 minutes. Although many investors initially thought it was an April Fools' prank, the subsequent asset wipeout was a real financial catastrophe. This attack stemmed from a six-month social engineering infiltration, with hackers bypassing rigorous smart contract audits. According to investigations, members of the North Korean Lazarus Group (also known as UNC4736) forged identities, met through offline conferences, and implanted malware on developers' personal devices, eventually successfully gaining the trust of the Drift contributor group. The hackers utilized the obtained administrative privileges and pre-signed Durable Nonce Transactions to empty multiple vaults, seizing assets such as $USDC, $WETH, and $JLP. This incident reveals the most difficult-to-prevent human risk in DeFi systems. Even if on-chain security is tight, if offline management processes fail, multi-signature wallet governance mechanisms will also lose their defensive functions. Cross-chain bridge defense collapses, the fatal blow to Kelp DAO and virtual tokens 12 days after the Drift incident, the Hyperbridge cross-chain protocol was attacked on April 13th. Although the $2.5 million loss was smaller, it exposed structural flaws in cross-chain message verification logic. Hackers exploited the lack of boundary checks in Merkle Mountain Range (MMR) proof verification, forged cross-chain messages, and minted 1 billion virtual DOT out of thin air. Ironically, the protocol had claimed to have extremely high security just two weeks prior. This outpost battle subsequently triggered a more severe storm on April 18th: $rsETH, the liquid restaking token (LRT) under Kelp DAO, was hit hard. The attacker targeted the LayerZero V2-powered cross-chain bridge, combined RPC node infiltration with DDoS attacks, and utilized a misconfigured Distributed Validator Network (DVN) to forge messages. Without actual burning, the hackers induced the protocol to issue 116,500 $rsETH, worth approximately $292 million, accounting for 18% of the token's total supply. This batch of uncollateralized rsETH was then deposited as collateral into lending platforms such as Aave V3 and Compound, subsequently borrowing approximately $236 million in mainstream assets like $WETH. On the same day, the ENS gateway eth.limo also experienced a DNS hijacking incident, where hackers gained control by deceiving the domain registrar. These two simultaneous events once again prove that Web3 infrastructure is just as vulnerable to attack as on-chain code. 1.3 billion leverage cycle disintegrates, Aave faces capital flight and bad debt challenges The $rsETH collateral abuse case at Kelp DAO quickly evolved into a systemic financial crisis. As the largest lending market in DeFi, Aave had a Total Value Locked (TVL) of over $20 billion to $26 billion before the accident, but a large amount of rsETH was used here as collateral for "looping" strategies. Users deposit LRT, borrow ETH, exchange for more LRT, and deposit again; this leverage behavior triggered a violent deleveraging reaction during market volatility. Data shows that the bad debt faced by Aave is estimated to be between $124 million and $230 million, and the utilization rates of core markets such as $USDT, $USDC, and $WETH soared to 100%, triggering withdrawal bottlenecks. In just 48 hours, over $6 billion in capital fled Aave, and the TVL of the overall DeFi market evaporated by $13 billion. Although Aave's protocol guardians decisively froze all rsETH reserves and set the Loan-to-Value (LTV) ratio to zero, it was difficult to stop funds from flowing to more conservative protocols. The TVL of the Spark protocol grew from $1.8 billion to $2.9 billion over the weekend, indicating that capital is undergoing risk reallocation. This exodus reflects changes in the DeFi yield environment. When the annualized yield for USDC deposits on Aave dropped to 2.61%, lower than the 3.14% offered by the traditional financial institution Interactive Brokers, the incentive for users to bear smart contract risk dropped significantly, and any security concerns were enough to cause leveraged capital to collapse instantly. Emergency intervention and post-disaster reconstruction, the realistic compromise of decentralized ideals Faced with severe monthly losses, the DeFi industry was forced to choose between decentralized ideals and

Data Status✓ Full text extractedRead Original (區塊客)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-04-29

DeFi shaken by $292 million hack, but showing resilience, Standard Chartered says

Similarity 120%關鍵字 defi同分類 hot

2026-04-26

DeFi United Secures $160M as Industry Moves to Cover Aave Bad Debt Crisis

Similarity 120%關鍵字 defi同分類 hot

2026-04-23

Cryptoquant: KelpDAO Hack ‘Contagion’ Triggers Worst DeFi Liquidity Crunch Since 2024

Similarity 120%關鍵字 defi同分類 hot

2026-04-23