Published: April 22nd, 2026
Crypto traders are pulling billions of dollars from decentralised finance platforms after a series of high-profile hacks underscored how persistent security risks are in the sector.
Data from DefiLlama show that around $15 billion in deposits have been withdrawn from major DeFi applications in recent days. The run follows a string of cyberattacks attributed in part to North Korean hacking groups. The pullback comes after nearly $600 million was stolen from on-chain protocols in the first four months of the year, culminating in a $294 million exploit of Kelp DAO, a restaking platform built on Ethereum.
The withdrawals have hit some of the industry's largest platforms. Aave, the biggest DeFi lending protocol, saw deposits fall by about $10 billion, or roughly a fifth of its total prior to the incident. Morpho and Sky, two other prominent lenders, recorded declines of $1.7 billion and $600 million respectively.
Even platforms not directly affected have felt the strain. Kamino, a leading lending protocol on the Solana blockchain, experienced outflows of around $280 million.
The exodus highlights a recurring tension at the heart of decentralised finance: its promise of open, borderless markets sits uneasily alongside persistent technical vulnerabilities.
DeFi sells itself as a more efficient alternative to traditional banking, offering yield-bearing products without intermediaries. But its growth has been marked by periodic crises, often triggered by flaws in the very code that makes its autonomy possible.
The latest wave of withdrawals comes at an awkward moment. Institutional investors, including large asset managers, have been edging back into the crypto markets, encouraged by the success of exchange-traded funds and a more stable macroeconomic backdrop. DeFi platforms, which offer higher yields than many traditional instruments, have been positioning themselves as the next destination for that capital.
Instead, recent events have reinforced the perception that the sector remains fragile. The scale and frequency of attacks appear to be increasing, even as the technology matures. Figures from Chainalysis show losses from crypto hacks exceeded $3.4 billion last year, the highest on record. This year's tally has already passed $770 million.
Blockchain hacks are nothing new, but their character is changing. Attacks once relied on relatively simple coding errors or poorly secured private keys. Increasingly, they involve intricate, multi-stage operations that exploit both technical and human vulnerabilities.
North Korean hacking groups, in particular, have drawn attention for their evolving tactics. A report by Chainalysis described their operations as showing greater sophistication and patience, favouring fewer but more lucrative attacks. The Kelp DAO exploit appears to fit that pattern.
In that case, attackers forged a message that mimicked a legitimate cross-chain transaction, deceiving the system into releasing funds. The operation required a detailed understanding of how different blockchain components interact, as well as careful timing.
Another recent breach involving Solana-based platform Drift, followed a similarly elaborate script. That attack combined social engineering techniques with the exploitation of obscure features within the network, and reportedly took months to prepare.
Part of the problem is structural. DeFi systems are often composed of multiple interconnected protocols, each introducing its own potential weaknesses. A flaw in one component can cascade across the ecosystem, as the latest episode demonstrates.
Traditional financial institutions are not immune to cyberattacks. In 2016 hackers linked to North Korea attempted to steal nearly $1 billion from Bangladesh's central bank, ultimately escaping with about $101 million before the fraud was detected.
Yet there is a crucial difference. In conventional finance, transactions can often be halted or reversed if suspicious activity is detected in time. In DeFi, code governs outcomes with little scope for intervention. Once a transaction is executed, it is usually final.
This rigidity is both a strength and a weakness. It eliminates the need for trusted intermediaries but leaves little room for error. When vulnerabilities are exploited, losses can be swift and irreversible. Attention is now focused on one of DeFi's most persistent vulnerabilities: cross-chain bridges.
These systems allow assets to move between different blockchains by locking tokens on one network and issuing equivalents on another. In theory, they enable a more interconnected ecosystem. In practice, they introduce additional layers of complexity and risk.
The Kelp DAO exploit appears to have hinged on such a bridge. Attackers triggered a function that convinced the system a legitimate transfer had occurred on another blockchain. The bridge, accepting the message as genuine, released tokens it should have retained.
At the heart of the issue was a weak validation mechanism. The system reportedly relied on a single validator to confirm cross-chain messages. This created a single point of failure. Once that validator was compromised or deceived, the entire structure was exposed.
The consequences were immediate and far-reaching. Around 116,500 rsETH tokens, representing roughly 18% of the asset's circulating supply, were drained. Because these tokens were widely used as collateral across multiple DeFi platforms, the impact quickly spread.
Several protocols, including Aave and others, paused markets linked to the affected asset. Users rushed to withdraw funds, amplifying the shock. In total, more than $5 billion in ether was reportedly pulled from Aave alone as investors sought to reduce exposure.
For now, confidence appears shaken but not broken. DeFi has weathered crises before, from protocol collapses to market crashes, and has often emerged with renewed momentum.
Whether this time is different remains to be seen. The growing sophistication of attacks suggests that vulnerabilities are not being eliminated so much as transformed. Each new layer of innovation introduces fresh risks, even as it addresses old ones.
Crypto traders are likely to remain cautious. The recent outflows reflect a pragmatic response to uncertainty rather than a wholesale rejection of the sector.
Still, the message is clear. In a system governed by code, trust must be earned not through reputation or regulation, but through resilience. For decentralised finance, that remains a work in progress.
