Binance Research said its DeFi exploits caused about $13 billion in total value-locked outflows in April, reducing liquidity across on-chain protocols.
The research arm said the on-chain leverage ratio rose to around 38%, a level last seen in 2021, as TVL fell faster than borrowing.
This move was not driven by a clear recovery in real demand for loans. Binance Research said that “meaningful deleveraging has yet to happen,” even after a broader crypto market pullback. This means that the ratio has become higher because the base of the locked capital has become smaller. When TVL falls, every dollar of debt weighs more heavily on the system.
On-chain leverage ratio rose to ~38%, matching 2021 levels, largely driven by TVL compression rather than renewed loan demand.
April’s DeFi exploits caused TVL outflows of around $13 billion. Despite the broader market pullback, meaningful deleveraging has yet to occur. pic.twitter.com/8KTBIUdRQ0
— Binance Research (@BinanceResearch) June 16, 2026
Drift and KelpDAO cause losses in April
According to Binance’s May market report, DeFi TVL fell 10.7% month-on-month to $82.7 billion in April. It also said protocols suffered $635.24 million in exploits during the month, the highest monthly total since the Bybit incident in February 2025. DefiLlama counted 28 hacking events in April, which Binance called a monthly record number.
As crypto.news reported, more than $606 million was stolen across 12 incidents in the first 18 days of April. The two largest attacks were Drift Protocol, with approximately $285 million, and KelpDAO, with approximately $292 million. Later, crypto.news reported that the two attacks together represented $577 million in losses and were linked to North Korea’s Lazarus Group.
These two cases bore the brunt of April’s reported losses. They also showed that DeFi exploit risk no longer only comes from code errors. Reports linked the attacks to social engineering, compromised systems, weaknesses in governance and bridge infrastructure.
The recovery of Aave and KelpDAO remains central
The KelpDAO incident also spread pressure across the affiliated credit markets. Binance Research said the KelpDAO exploit created approximately $230 million in bad debt at Aave and reduced Aave’s TVL by half. The event showed how a bridge failure can travel through DeFi when stolen collateral enters the credit markets.
KelpDAO later completed the operational portion of its rSETH recovery plan. As previously reported, the protocol sent a final batch of 20,373.7 rsETH to the LayerZero smart contract used for cross-chain transfers. As per protocol, the coin, redemption and reward functions returned to normal after previous restart steps.
The recovery steps reduced some immediate pressure on KelpDAO users. They did not address broader concerns around DeFi leverage. Binance Research data shows that the market is still indebted against a smaller pool of locked assets.
Recent exploits show that risks remain active
Security incidents continued after April, although reported losses decreased in May. CertiK estimates hacking losses in May at $68.3 million, down almost 90% from the approximately $650 million in April as reported. Yet DeFi projects continued to face attacks related to bridges, legacy contracts, private keys, and operational controls.
Recent cases include Humanity Protocol, Aztec Connect and Raydium. Humanity Protocol said more than $36 million was stolen after attackers compromised the administrative keys associated with its bridge systems. Aztec Connect lost about $2.1 million from an old immutable contract, while Raydium said it would reimburse users after a $1.3 million exploit hit five old Solana liquidity pools.
The latest cases put the security of DeFi in sharp focus as debt levels remain high and liquidity remains weaker than before April’s exploit wave. Binance Research’s reading points to a market where TVL has fallen, lending has not recovered strongly and deleveraging remains incomplete.