Recently, the significant attack event related to the Kelp DAO cross-chain bridge has sounded the alarm for the security of the DeFi industry. According to AiCoin data, attackers exploited protocol vulnerabilities to illegally mint approximately 292 million dollars of unsecured rsETH and quickly used it as collateral to lend real ETH on the Aave platform, directly resulting in approximately 230 million dollars of bad debt. This chain reaction triggered severe market turbulence, causing the total locked value (TVL) across the DeFi network to evaporate by about 20 billion dollars within just a few days after the attack. Although some of the stolen funds have been frozen, the impact of this incident on the on-chain liquidity ecosystem is already set in stone.

The outbreak of such systemic risk is further eroding traditional financial institutions' trust in on-chain finance. Analysts at JPMorgan pointed out in a report released from April 23 to 24 that the frequent occurrence of DeFi security incidents, combined with the long-term stagnation of TVL valued in ETH, is severely limiting institutional investors' willingness to participate. Although users have shown a clear preference for risk aversion during the risk events, tending to turn to Tether (USDT) for asset preservation, this flow of funds did not significantly boost the overall market value of USDT. This risk-aversion behavior in the context of "stock game" reflects the current market's lack of motivation for new capital entry, and whether DeFi possesses the organic growth capability to support institutional adoption is facing unprecedented skepticism.

rsETH Cross-chain Bridge Attack: 230 Million Bad Debt

The attack on the Kelp DAO-related cross-chain bridge is not only a technical vulnerability exploitation but has also evolved into one of the most severe credit crises in the DeFi sector in recent years. The attackers accurately captured the logical flaws in the cross-chain bridge contract, minting approximately 292 million dollars of rsETH out of thin air without providing any physical collateral. Subsequently, the attackers utilized the liquidity of lending protocols like Aave, successfully borrowing about 230 million dollars of real ETH by using these unsecured "air assets" as collateral and rapidly transferring the funds. This operation directly formed substantial bad debt within Aave, exposing the combinatory risks among protocols.

According to AiCoin data, within a few days after this security incident, the total locked value (TVL) across the DeFi network shrank by about 20 billion dollars, which is not just a physical outflow of funds but also a significant retraction of market risk appetite. LayerZero and several blockchain security researchers pointed out in subsequent traceability investigations that the funding path and methods involved in this attack exhibit a high level of professionalism, initially attributing it to the North Korean hacker group Lazarus Group. This connection with sanctioned entities is regarded by institutional investors as a high-level signal of compliance and security risk, further undermining the fragile trust in the on-chain ecosystem.

Currently, actions to intercept the stolen funds are still ongoing. While relevant parties have successfully frozen some of the stolen assets on-chain, a considerable part of the funds continues to circulate frequently among different addresses, attempting to cover tracks through decentralized coin washing protocols. As a direct impact of this incident, on April 19, Morpho announced that, as a precautionary measure, it has paused the cross-chain bridge function for its MORPHO token on Arbitrum, explicitly stating that it would not resume until the root cause of the rsETH incident is thoroughly clarified. This chain reaction shows that the bad debt pressure triggered by the Kelp DAO incident has forced leading protocols to adopt extreme defensive measures to avoid potential secondary disasters.

DeFi Sideways After 20 Billion Dollar TVL Evaporation

In a research report released in late April, JPMorgan provided a set of alarming data: Due to the direct impact of the Kelp DAO-related cross-chain bridge attack, the total locked value (TVL) in the DeFi space evaporated by about 20 billion dollars within just a few days. Such a scale of capital withdrawal or valuation shrinkage is not only a reaction to security vulnerabilities of a single protocol but also reveals the fragile liquidity structure of the current DeFi ecosystem. According to AiCoin data, although some funds were reallocated among different protocols in defensive operations following the attack, this volatility driven by security incidents has become a direct indicator of systemic risk on-chain.

More fundamentally, setting aside the interference of asset price fluctuations, the actual growth momentum of DeFi is facing severe challenges. JPMorgan analysts emphasized in their report that the DeFi TVL valued in ETH has been in a long-term sideways state. This state of stagnation, measured "in currency," is seen as a clear signal that DeFi is struggling to achieve organic growth—namely that protocols have failed to attract new native assets through innovative application scenarios, and the existing TVL fluctuations largely rely on price inflation of underlying assets rather than actual demand expansion. For institutional investors, this lack of organic growth support greatly diminishes the appeal of DeFi as a long-term allocation track.

Against the backdrop of frequent security incidents, the functional attributes of TVL are undergoing a transformation. It is no longer merely a growth indicator that measures the prosperity of protocols but resembles a real-time monitored "risk thermometer." The report mentioned that at major risk nodes like the Kelp DAO attack, on-chain users often exhibit clear risk aversion tendencies, preferring to shift assets to Tether's USDT. However, this risk-averse behavior has not significantly boosted the overall market value of USDT, reflecting that funds are more engaged in defensive migration within the existing market rather than new capital entry. When security cycles are prolonged and the ETH-valued TVL struggles to break out of the sideways range, any slight disturbance at the protocol layer amplifies market pessimism, making TVL—a single indicator in the face of hacker attacks—catalyze the rapid collapse of institutional confidence.

Wall Street Sees Risk: JPMorgan Temporarily Halts Support for DeFi

In research reports around April 23, JPMorgan analysts provided a cautious assessment of the current health status of the DeFi ecosystem. The report clearly pointed out that the frequent occurrence of security vulnerabilities and the stagnation of the total locked value (TVL) valued in ETH are core pain points hindering traditional institutions' entry. According to JPMorgan's analysis, despite violent fluctuations in cryptocurrency prices, the TVL in DeFi protocols measured in ETH has long been in a sideways state, and this lack of organic growth capability has led the market to question whether DeFi protocols can support institutional-level capital allocation basis. For highly regulated Wall Street giants, the underlying risks of smart contracts and the fragility of cross-chain protocols are not just technical flaws but a direct challenge to their risk control bottom line and compliance red line.

The Kelp DAO-related cross-chain bridge attack has been included as a research sample by mainstream investment banks due to its wide-ranging impact and clear loss path, becoming a typical case for demonstrating DeFi security risks. In this incident, attackers exploited vulnerabilities to mint about 292 million dollars of unsecured rsETH and used this to borrow real ETH on Aave, resulting in approximately 230 million dollars of bad debt. This series of on-chain actions directly triggered the evaporation of around 20 billion dollars from DeFi market TVL within a few days. JPMorgan's report specifically cited this data, emphasizing that the outbreak of such systemic risks is continuously dampening institutional participation enthusiasm. From LayerZero's tracking to attribution to Lazarus Group, the frequency of security incidents has made institutions realize that even leading protocols struggle to come away unscathed in the complex cross-chain interactions.

Currently, traditional financial institutions' attitudes toward DeFi have shifted from early "active exploration" to a more stringent "wait and assess." Although observations indicate that after security incidents, on-chain users tend to move assets to USDT for risk aversion, JPMorgan noted that this internal defensive migration has not translated into a significant expansion of USDT's market value, indicating that the market lacks incremental capital support. For institutional investors, amid ongoing discussions that have not reached a consensus on security and the need for preventative measures like Morpho's suspension of the OFT functionality on its MORPHO token on Arbitrum, large-scale allocation of DeFi assets clearly lacks sufficient persuasive power. This high sensitivity to security has become an insurmountable threshold for DeFi's institutionalization process.

Morpho Takes Initiative to Halt Cross-chain Functionality

After the outbreak of the rsETH minting vulnerability related to Kelp DAO, the risk contagion effect among DeFi protocols quickly became apparent. On April 19, the lending protocol Morpho officially announced that, out of precautionary safety considerations, it has formally paused the OFT (Omnichain Fungible Token) cross-chain bridge function for its MORPHO token on the Arbitrum network. According to AiCoin data, this move occurred during the sensitive window when attackers minted approximately 292 million dollars of unsecured rsETH through the cross-chain bridge vulnerability, leading to about 230 million dollars of bad debt on Aave. As a downstream application, Morpho's action is viewed by the market as a typical self-protective measure by a protocol, aimed at physically isolating to cut off potential asset risk from spreading to its core lending pool.

This prioritization of "safety over convenience" directly reflects the vulnerability of the current cross-chain infrastructure under extreme pressure. Morpho has made it clear that the cross-chain functionality on Arbitrum will remain suspended until the root cause of the rsETH incident is conclusively determined. Since the Kelp DAO security crisis has been pointed out by multiple parties to be related to LayerZero's cross-chain standard, and MORPHO's cross-chain is based on LayerZero's OFT solution, the compromised security of this upstream infrastructure forces downstream protocols to bear pressure passively. Although LayerZero later participated in tracing the attack path of the Lazarus Group, Morpho's decisive "shut-off" indicates that when on-chain asset security is uncertain, sacrificing liquidity and user experience has become a necessary means to prevent systemic risks.

This crisis handling model of “shutting off the gates first and inspecting later” is gradually becoming the standard procedure for DeFi protocols to respond to cross-chain attacks. Against the backdrop of the total locked value (TVL) in DeFi evaporating by about 20 billion dollars within a few days due to this incident, Morpho's proactive de-risking measures protected existing assets but also revealed that the defensive positions of the DeFi ecosystem are far behind in the face of organized hacking attacks. For institutions observing the flow of on-chain funds, the frequent self-rescue actions at the protocol level, while demonstrating risk control awareness, also indirectly confirm that the cross-chain communication layer is still a security shortcoming that cannot be closed-loop under the current technical architecture. This passive stagnation brought about by infrastructure failures continues to erode institutional investors' confidence in the robustness of decentralized finance systems.

Hackers, TVL, and Institutions: DeFi Needs to Provide Answers

The recent attack on the Kelp DAO-related cross-chain bridge, which resulted in the minting of 292 million dollars of unsecured rsETH, has not only led to about 230 million dollars of bad debt on Aave but also caused the overall TVL in DeFi to evaporate by about 20 billion dollars in the short term. This heavy blow, combined with the long-standing sideways situation of ETH-valued TVL, has become a key barrier hindering the entry of institutions. According to recent analysis in JPMorgan's report, the frequent occurrence of security vulnerabilities and the stagnation of Ethereum-based growth have significantly weakened mainstream financial institutions' confidence in DeFi's organic growth capabilities. Although after the impact, on-chain users showed clear risk-averse tendencies by shifting funds into USDT and other assets, data from AiCoin indicates that this defensive repositioning has not brought about a significant expansion of USDT's market value, reflecting that the overall market sentiment remains cautiously observant rather than greedily laying out for the future.

In the face of systemic risks to infrastructure, DeFi protocols have begun entering a phase of active defense. Morpho announced the suspension of the cross-chain bridge function for its MORPHO token on Arbitrum until the root cause of the rsETH incident is fully clarified, marking a reassessment of cross-chain security solutions at the protocol level. The next market focus will be on the final investigation and recovery progress of the rsETH incident, the iterative efficiency of cross-chain bridge security architecture, and whether the ETH-valued TVL can break out of the sideways deadlock. This round of impact is essentially an extreme "stress test" on cross-chain risk control and protocol robustness, and whether the DeFi industry can provide satisfactory answers to institutions by addressing gaps will directly determine the degree and depth of institutional exposure in the next phase.

Join our community to discuss and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh
AiCoin on-chain: https://aicoin.com/hyperliquid
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。