Frequent DeFi Security Incidents Lead to TVL Shrinkage, Kelp DAO's Massive Vulnerability Triggers Chain Reaction

BroadChain BroadChain learned that at 09:30 on April 21, according to PANews, over the past three weeks, multiple security incidents have occurred consecutively in the DeFi sector, with cumulative losses exceeding $6 billion. Among them, the $292 million vulnerability attack on Kelp DAO was particularly impactful, directly dragging down the total value locked (TVL) in the entire DeFi space to approximately $82.4 billion, hitting a new low in a year. Compared to the peak of around $110 billion in early 2026, the current TVL has shrunk by about 25%. On the day following the Kelp DAO attack, the DeFi sector experienced a single-day drawdown of 5.6%. All sub-markets were affected, with the TVL of lending protocols declining by about 13%, liquid staking by about 3.4%, and decentralized exchanges and derivatives protocols also seeing declines of 2% to 3%. To control risks, Aave has frozen the related asset rsETH, leading to liquidity shortages in some stablecoin markets and locking up billions of dollars in deposits. Arkham Intelligence analysis pointed out that if Kelp DAO cannot secure external funding, potential solutions include distributing approximately 16% of the losses among all rsETH holders or prioritizing Ethereum mainnet users while letting Layer2 users bear most of the losses. The latter option would expose rsETH holders on Aave to losses of about $267 million. Currently, Kelp DAO, Aave, and LayerZero are shifting blame among themselves regarding responsibility. A Yearn core developer revealed that all parties have hired lawyers, and the situation has descended into an "all-out war."