Significant Exploits in DeFi
A recent report from Binance Research revealed that significant exploits within decentralized finance (DeFi) during April resulted in staggering outflows totaling approximately $13 billion from total value locked (TVL) across various protocols. This reduction in liquidity was accompanied by an increase in the on-chain leverage ratio, which climbed to around 38%—a level not observed since 2021. The report indicates that this rise was primarily due to a swift decline in TVL rather than a renewed demand for borrowing, elucidating that substantive deleveraging in the market has yet to be realized despite a broader downturn in cryptocurrency values. Notably, as TVL decreases, the weight of outstanding debt increases proportionately, exacerbating vulnerabilities in the overall financial system.
Market Analysis and Exploits
According to Binance’s market analysis for May, the TVL in DeFi experienced a month-on-month decrease of 10.7%, settling at $82.7 billion in April. During this turbulent month, various protocols were reportedly subjected to $635.24 million in exploits, marking the highest figure since the Bybit incident back in February 2025. Data from DefiLlama highlighted that April witnessed 28 hacking incidents, exceeding previous records.
As previously covered by crypto.news, the first half of April alone accounted for over $606 million in thefts across twelve separate attacks, with the most notable being the Drift Protocol and KelpDAO exploits, which led to losses of approximately $285 million and $292 million, respectively. It was later revealed that these attacks could be linked to North Korea’s Lazarus Group, with collective losses from these two cases reaching $577 million. Notably, the exploits demonstrated that the risks associated with DeFi are increasingly influenced by factors beyond mere coding flaws, such as social engineering, compromised governance, and infrastructure failures.
Ripple Effects of Security Breaches
The repercussions of the KelpDAO hack spread beyond its immediate fallout, creating around $230 million in bad debt on the Aave platform and slashing Aave’s TVL by half. This incident illustrated how a single breach could instigate a ripple effect throughout the DeFi ecosystem. Following the exploit, KelpDAO successfully implemented measures to initiate its rsETH recovery plan, resuming normal operation of its minting, redemption, and reward functions after transferring a final batch of 20,373.7 rsETH to a LayerZero smart contract.
Despite these recovery steps alleviating some immediate pressures on KelpDAO users, anxieties regarding DeFi leverage persist, particularly in light of Binance Research’s findings indicating that overall borrowing has not seen a substantial rebound and deleveraging remains ongoing.
Continued Security Concerns
In the aftermath of April’s disruptions, security breaches continued, though the financial toll decreased in May. CertiK reported losses due to hacks in May totaled $68.3 million, signifying a nearly 90% decline from April’s approximate $650 million. However, DeFi projects continued to experience breaches, primarily related to bridge vulnerabilities, outdated contracts, private key compromises, and operational weaknesses. Notable incidents included the theft of over $36 million from Humanity Protocol due to compromised administrative keys, $2.1 million lost by Aztec Connect from an immutable contract issue, and a $1.3 million exploit impacting five legacy Solana liquidity pools orchestrated by Raydium, which has promised reimbursement to affected users.
These ongoing events underscore the heightened focus on security within the DeFi landscape, particularly as market leverage remains high and liquidity continues to dwindle. Binance’s analysis paints a picture of a precarious market environment, characterized by declining TVL, faltering borrowing activity, and an incomplete deleveraging process.
