The decentralized finance (DeFi) ecosystem is experiencing sharp capital outflows due to the weekend exploitation of the KelpDAO protocol.
Leading DeFi lending platform Aave has lost $8.45 billion in deposits over the past 48 hours, leading to a broader decline of $13.21 billion in total value locked (TVL) in DeFi. TVL refers to the combined dollar value of crypto assets deposited through DeFi protocols, such as Aave, and is widely used to measure liquidity and overall market activity.
The total value of DeFi fell from $99.497 billion to $86.286 billion, while Aave’s TVL fell by $8.45 billion to $17.947 billion over the same period, according to DefiLlama. Protocol-level data shows double-digit percentage declines across platforms including Euler, Sentora and Aave, with losses concentrated on the lending, redraw and yield strategies associated with the affected collateral.
The move follows a $292 million exploit of Kelp’s bridge, which allowed attackers to use stolen rsETH, a liquid re-staking token widely used in DeFi, as collateral to borrow money on lending platforms.
Because these stolen tokens had no legitimate collateral, lending against them created potential shortages for lenders. It is akin to defrauding a traditional bank by depositing fake fiat and taking out loans against it, ultimately leaving the lender with bad debt.
Protocols responded by freezing affected markets while panicked users withdrew funds, leading to a broad drop in overall value.
Token prices have moved less sharply than deposits. The AAVE token is down about 2.5% in 24 hours, while UNI and LINK are down less than 1% in the same period, according to CoinDesk market data.
Peter Chung, head of research at Presto Research, said in a note that the incident highlights risks in cross-chain infrastructure, particularly in verification systems used by bridges.
Early analysis suggests that the problem may originate in the authentication layer and not in smart contracts themselves.
Chung added that the episode also shows how interconnected DeFi protocols can transmit shocks beyond the initial point of failure, with withdrawal activity and market freezes spreading to platforms without direct exposure to the exploit.