Standard Chartered maintains its bullish outlook on decentralized finance, viewing the $292mn cybertheft on restaking platform KelpDAO as an "antifragile moment" that exposed vulnerabilities but triggered swift industry responses and structural upgrades.
Standard Chartered Says Kelp Exploit Won’t Derail DeFi Growth
29 April 2026 - 19:00 CEST
The 18 Apr attack, allegedly carried out by North Korea-linked Lazarus Group hackers exploiting a single-verifier LayerZero bridge configuration, created 116,500 unbacked rsETH tokens. Attackers deposited much of this on Aave (AAVE), the dominant DeFi lending protocol, borrowing against it and triggering a bank run. According to the report, Aave saw $17bn in deposit outflows (38% of total) and $5.5bn in active loans withdrawn (31%), with 76% of stolen assets routed through the platform.
DeFi United coalition raises over $300mn
Aave founder Stani Kulechov contributed 5,000 ETH personally and led the DeFi United initiative. The coalition included Aave DAO (25,000 ETH), Arbitrum DAO (30,765 ETH), Consensys (30,000 ETH), Mantle (30,000 ETH) and others, committing more than $300mn to restore rsETH backing, reimburse users and manage controlled liquidations.
"The recent DeFi coalition and longer-term structural solutions both point to greater DeFi resilience going forward," said Geoff Kendrick, Standard Chartered’s global head of digital assets research.
Yields on Aave have since normalized, with net deposits rising again as confidence returned.
Aave dominance, looping risks amplify impact
Aave supplies more than 50% of all active DeFi loans, making it a natural target for liquidity extraction. The incident highlighted concentration risks: 98% of KelpDAO’s rsETH collateral on Aave sat in a single looping position. Looping strategies involve depositing assets, borrowing against them and recycling funds to acquire more yield-bearing tokens like rsETH, boosting returns but creating asset-liability mismatches when complex or bridged collateral fails.
Lending remains DeFi’s largest TVL category, central to composability where assets simultaneously earn yield, serve as collateral and stay liquid – features harder to replicate in traditional finance without multiple intermediaries.
Upgrades reduce bridge reliance
Bridges have been the primary vector in major hacks, including this one and the recent $282mn Drift exploit. Aave’s V4, launched in late March, introduces a hub-and-spoke model for shared liquidity across Ethereum layer 2s. The Ethereum Economic Zone (EEZ), slated for mainnet this summer, will enable freer, real-time composable asset transfers using zero-knowledge proofs, bypassing risky bridges.
Standard Chartered projects tokenized real-world assets will reach $2tn market cap by end-2028, supported by DeFi growth and stablecoin liquidity.
DeFi total value locked dropped roughly $13bn in the immediate aftermath but has shown signs of stabilization. Onchain metrics indicate partial recovery in Aave deposits and yields as of late April. No major regulatory announcements have followed, though the event may accelerate scrutiny on bridge security and cross-chain protocols.
KelpDAO has paused affected contracts and is coordinating with the coalition on loss allocation. The episode draws TradFi parallels to bank runs and risk mismatches, showing the need for better diversification and stress testing in onchain systems as institutional adoption grows.
