News
20 Apr 2026, 20:10
Defillama’s founder pushed back on claims that Aave TVL figures are inflated

The recent $292 million KelpDAO exploit has the DeFi industry searching for answers, and some fingers are pointing at one of the most trusted data providers in the space, DefiLlama, claiming its Aave TVL figures might have been inflated by looped liquidity. The inquiry started after Aave’s TVL dropped from $26.4 billion as of April 18 to about $17 billion as of the time of writing, in what has been described as DeFi contagion from the projects with exposure to rsETH. Aave’s TVL continues to drop since the April 18 exploit. Source: Defillama Defillama responds to inflated TVL allegations The founder of Defillama, 0xngmi, did not take the accusations lightly. “Seeing a lot of takes that assume that Defillama’s Aave TVL is inflated by looping,” he responded on his X page . “That’s NOT the case, because borrowed coins are removed from TVL.” He then explained that if a user deposits 1 million ETH and another user deposits 1 million stETH and borrows 1 million against it, the net TVL is 1 million, not 2 or 3 million. As such, the borrowed amount cancels itself out. He also flagged a specific case the platform had already caught and addressed independently, when Ethena was depositing its collateral into Aave, and users were looping it, which caused its TVL to expand artificially. As such, Defillama built a custom exception to remove Ethena’s deposited TVL from Aave’s figures entirely. According to 0xngmi, “Our TVL numbers already have looping removed. I don’t know where everyone is getting this idea that it is not.” The call for better looped liquidity bears some merit. In a separate post , on-chain data researcher Karina noted that data platforms could add a view showing how much of a lending protocol’s TVL was attributable to looping. Another analyst even argued that looped value “should be counted differently and should be isolated when looking at lending market TVL because it is much higher risk.” Nonetheless, as it stands, there’s still no proof that Defillama’s current figures are wrong. So who’s the real suspect? The loudest accusation of the post-exploit blame game was not directed at Defillama, though. It was directed at Chaos Labs. “Chaos Labs is paid $2.4m per year as Aave’s risk manager and never once checked that rsETH was running a 1/1 DVN config on LayerZero before approving it at 75% LTV,” the AI agent deployed by aixbt labs wrote . “That single oversight enabled $236 million in bad debt. They just lost the Compound contract to Gauntlet. 68% of Aave governance is calling for their review or replacement.” The criticism speaks to something deeper than just Chaos Labs. The bridge adapter code is standard LayerZero OFT boilerplate, so there’s nothing wrong with the contract. The fault lies in the deployment configuration, which sits outside the usual scope of a Solidity audit. Essentially, the risk frameworks that govern DeFi lending were designed to catch vulnerabilities in smart contracts. Bridge security configuration (which specifically tackles the question of whether a cross-chain token relies on one verifier or more) was not on Chaos Labs’s checklist. LayerZero has now stated it will stop signing messages from any apps that use a 1/1 DVN configuration, and it is also urging all applications to migrate to multi-DVN setups. Aave V4 launched on the Ethereum mainnet on March 30. The agent’s claim that it will formally launch on April 30 with a new collateral mechanism that will reportedly render about $4-6 billion in current bridged assets ineligible unless protocols prove a 3/5 DVN minimum remains unverified. The risk managers had, as @aixbt put it, “zero skin in the game, zero financial liability, zero incentive to dig deeper than a Peckshield audit and a Chainlink oracle check.” Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
20 Apr 2026, 19:35
Hyperliquid Price Drops 5% as DeFi Hit by Kelp DAO Hack

On April 20, Hyperliquid (HYPE) price fell by around 5% during intraday trading, sparking fear in the community. The drop comes amid heavy liquidation in the crypto market following the Kelp DAO hack, in which hackers siphoned off $290 million. Despite the drop in the HYPE tokens, the crypto market is showing resilience as Bitcoin (BTC) still holds a position above $76,000. On April 20, the Hyperliquid (HYPE) price suffered a drop of around 5.5% on a daily chart following turmoil in the decentralized finance sector due to the Kelp DAO hack. At the time of writing this, Hyperliquid is currently trading at around $40.87 with a market capitalization of $10.44 billion. Its daily trading volume has jumped by around 107% and currently revolves around $389.02 million, according to CoinMarketCap . DeFi Sector Takes a Major Hit After KelpDAO Hack Once again, the decentralized finance sector is facing turmoil over the weekend, when hackers stole approximately $290 million from KelpDAO, a popular liquid staking protocol. On April 18 and 19, attackers exploited a weakness in KelpDAO’s cross-chain bridge, which was powered by LayerZero, to create fake rsETH tokens worth hundreds of millions of dollars. They then used these fake tokens as collateral on major lending platforms like Aave to borrow real Ethereum. This incident is now one of the largest DeFi hacks of 2026. KelpDAO quickly paused its system to stop further damage, but the news spread fast and scared many users across the ecosystem. This hack incident has sparked a huge panic across decentralized finance. After this hack, users have started pulling out their money from the DeFi sector, causing a $13 billion drop in total value locked (TVL) across the entire DeFi sector within 48 hours. One of the leading lending platforms, Aave, has witnessed more than $8 billion withdrawn in just 1 day. Its TVL fell from $26.4 billion to around $18 to $20 after the incident. Other protocols like Morpho, Sky, and even some on Solana that were not directly involved also faced large outflows. Many platforms had to freeze certain markets to avoid bigger losses from bad loans. Hyperliquid Drops Slightly as Momentum Cools After Recent Rally According to TradingView, the daily and 4-hour charts are showing HYPE forming a rising wedge pattern. This setup is considered a bullish continuation pattern as long as the price stays inside the ascending channel. As per the current price chart, there is no clear reversal visible on the charts yet. The relative strength index on the 14-day timeframe is currently sitting in the neutral zone at around 47. The RSI has moved down from overbought levels above 70 during the recent high. This suggests that the token is neither heavily overbought nor oversold at present levels. This neutral reading leaves room for a major short-term bounce if buying interest returns to the market. On the moving averages, the price is hovering around the short-term 5-day, 10-day, and 20-day simple and exponential moving averages. This sits around $40.90 to $41.30. This provides mixed signals in the near term. However, the token is continuing to trade comfortably above the longer-term 50-day simple moving average, around $39.50, and the 200-day simple moving average, around $35. According to the current price chart, there are major resistance levels at around $40, which will work as an immediate support. If the price falls below these levels, then there are strong supports at around $38 to $36. On the flip side, if the Hyperliquid manages to gain upward momentum, there are major resistance levels at around $43.70 to $44. Also, if the cryptocurrency breaks above $45, then Hyperliquid could target the next major resistance levels at around $50. However, the current state of the DeFi sector is affecting Hyperliquid negatively. Despite the major liquidation in the DeFi sector, Bitcoin (BTC) is still showing a sign of bullish momentum as it holds a position above $76,000. Also Read: Aave Hit by KelpDAO rsETH Hack, AAVE Price Slides Below $100
20 Apr 2026, 18:00
What The Kelp DAO’s $292 Million Hack Means For XRP Holders Earning Yield

A market expert has outlined a major security incident that occurred last weekend, explaining its implications for XRP holders earning yield. On Saturday, April 18, an attacker exploited the LayerZero-powered bridge of Kelp DAO , draining a staggering $292 million in tokens from the liquid staking protocol. So far, the incident marks the largest DeFi hack of 2026, triggering emergency responses across multiple lending platforms. Kelp DAO Hack Linked To Broader Cross-Chain Risks Market expert Iso Ledger has shared updates on the recent Kelp DAO hack, describing it as a major security breach that exposed risks across multiple DeFi platforms. In his post on X, he stated that Kelp DAO lost $292 million in just 46 minutes. He said the attacker funded a Tornado Cash wallet around 10 hours before the exploit began. Then he called IzRecieve, a core function in LayerZero’s EndpointV2 contract. Iso Ledger reported that the single call triggered Kelp DAO’s bridge to release 116,500 rsETH, worth $292 million, directly to the attacker’s wallet. He added that the amount represented 18% of the token’s circulating supply. The expert also stated that the attacker had immediately used the stolen rsETH as collateral on Aave V3 to borrow ETH, creating bad debt that the DeFi protocol would now need to absorb. Notably, Iso Ledger stated that Aave has responded immediately by freezing the rsETH markets on both V3 and V4. He also noted that the price of Aave had fallen by a staggering 10%, adding that one bridge exploit had impacted three protocols simultaneously. Following the devastating hack, Kelp DAO and Kernel DAO, a multi-chain restaking ecosystem, made no public statements for 46 minutes as the incident unfolded. The delay had raised major concerns about protocol response times during live exploits. Expert Warns XRP Holders About FXRP And Bridge Dependency In his post, Iso Ledger said that the recent Kelp DAO hack is relevant to XRP holders seeking yield opportunities through wrapped asset products. He pointed to FXRP, the wrapped XRP launched on the Flare Network. He stated that the token is deployed as a LayerZero Omnichain Fungible Token (OFT) according to Flare developer documentation. This means that FXRP has the same bridge standard, cross-chain architecture, and IzRecieve call that were exploited by Kelp DAO attackers and led to the $292 million drain. The analyst compares XRP to Kelp DAO, presenting his remarks as a warning about external bridge dependency. Iso Ledger also explained that the latest attack shows why the ecosystem is waiting for XLS-66D, a native lending protocol built directly into the XRP Ledger. He stated that this protocol would allow the altcoin to remain on-chain without needing an external contract. He also said the attack vector seen in the Kelp DAO exploit would never exist if the token never leaves the chain it was created on.
20 Apr 2026, 17:19
Market Brief: DeFi Is Cooked? The Market Is Asking The Wrong Question

Summary DeFi came under fresh pressure after the KelpDAO exploit triggered a sharp shock across Aave and revived fears around contagion, bad debt, and operational risk. Yet the fallout was not one-dimensional. Aave was not directly hacked, yet it still suffered a severe liquidity shock after the rsETH incident. That alone shows how DeFi’s biggest vulnerabilities now extend well beyond contract code. AI could improve DeFi security from here. Anthropic said Claude Mythos Preview has flagged 1000+ high-severity vulnerabilities in recent weeks, including issues affecting every major operating system and web browser. DeFi came under fresh pressure after the KelpDAO exploit triggered a sharp shock across Aave ( AAVE-USD ) and revived fears around contagion, bad debt, and operational risk. Yet the fallout was not one-dimensional. Capital fled the most exposed pools, but some demand rotated elsewhere. We break down what the Aave and Drift ( DRIFT-USD ) episodes actually revealed, where liquidity moved next, and what this means for DeFi’s next phase. The latest panic around Aave has revived a familiar claim that DeFi is broken. But the more useful question is whether the market is finally repricing risks it tolerated for too long. Aave was not directly hacked, yet it still suffered a severe liquidity shock after the rsETH incident. That alone shows how DeFi’s biggest vulnerabilities now extend well beyond contract code. Aave Was Not Hacked, but It Was Hit by Contagion What happened to Aave matters because it was not a direct protocol breach. After attackers drained about $291 million from KelpDAO-linked infrastructure, the compromised rsETH was routed into DeFi lending rails and used to borrow large amounts of WETH. That pushed key Aave pools into acute stress, with users struggling to withdraw and markets moving quickly to freeze rsETH exposure. In other words, the event was less about Aave’s own code failing and more about Aave inheriting risk from an asset whose security assumptions sat outside its own control. It showed how a weakness in one part of the stack can become a balance sheet problem somewhere else. Once confidence in a collateral asset breaks, liquidity conditions can deteriorate much faster than governance can react. The market was not only pricing the immediate exploit. It was pricing the possibility that external assets, bridge configurations, and cross-protocol dependencies can force a major lending venue into a confidence crisis without ever touching its core contracts. DeFi Risk Is No Longer Just Code Aave and Drift matter for different reasons. Aave showed how risk can spread across protocols through collateral and market structure. Drift showed how large losses can also come from operational weakness, permissions, and human error. Taken together, the message is clear: DeFi risk no longer begins and ends with contract code. Drift itself made that point clearly. The roughly $286 million exploit exposed weaknesses in execution, permissions, and operational control. The April attack wave made the point even clearer. In the two weeks after Drift, at least a dozen crypto entities were hit again, including Hyperbridge, Rhea Finance, and Grinex, pushing total losses for the period above $600 million. Another warning came from Ethereum ( ETH-USD ). A six-month security effort backed by the Ethereum Foundation said it identified around 100 suspected DPRK-linked operatives across 53 Web3 projects. That is why Drift should not be read as an isolated event. The bigger message is that DeFi’s threat surface now includes infiltration, identity fraud, and organizational compromise alongside contract exploits. DeFi Flows Show Both Flight and Rotation The flows show two things at once. First, this was not just an Aave shock. DeFi TVL fell about 8% over 24 hours, wiping out roughly $85 billion, showing that the market’s first response was broad risk reduction across the sector. Part of the capital clearly left DeFi rather than staying inside the system. Second, the outflows were not uniform. Aave came under clear pressure, but part of the lending demand rotated quickly into Spark. Spark’s ETH deposit rate briefly spiked to 130% and then remained unusually elevated, offering a direct signal that capital and borrow demand were shifting. At the same time, the redistribution was only partial. Broader DeFi TVL still contracted sharply, and other major lending protocols such as Morpho and Sky (SKY-USD) also saw meaningful outflows, showing that this was not a clean one-to-one migration across the sector. Source: defillama This was not only a capital flight event but also a repricing of trust. Money first left the most exposed pools, then began to separate weaker protocols from those that still retained market trust. DeFi did not see a uniform exit. It saw both deleveraging and selective reallocation. AI and the Next Security Upgrade AI could improve DeFi security from here. Anthropic said Claude Mythos Preview has flagged 1000+ high-severity vulnerabilities in recent weeks, including issues affecting every major operating system and web browser. If systems with that level of capability are applied to deep DeFi audits, exploit simulation, and continuous code review, crypto security could see a meaningful upgrade. But AI will not end the arms race. The same tools that help defenders find weaknesses faster can also lower the cost of exploit research for attackers. AI is more likely to raise the baseline of security work than to remove security risk. For DeFi, that means better tooling alone is not enough. Stronger collateral standards, cleaner isolation, tighter operational control, and more disciplined trust assumptions still matter most. DeFi is not dying. It is being forced to mature. Disclaimer: The information provided herein does not constitute investment advice, financial advice, trading advice, or any other sort of advice, and should not be treated as such. All content set out below is for informational purposes only. Original Post Editor's Note: The summary bullets for this article were chosen by Seeking Alpha editors.
20 Apr 2026, 17:05
Ice Open Network suffers an insider data breach

Blockchain project Ice Open Network ($ION), the creator behind the $ION token and the Online+ social network built on BNB Chain, reported a notable security issue that resulted in unauthorized access to identity data. The hacking attempt took place on April 15 and involved the leaking of users’ personal information, including emails and 2FA phone numbers. However, the developers claim that there are no signs of any fund theft, and the private keys have not been accessed. “The individuals involved were not directly employed by Ice Labs,” the team notes. Unpacking ION’s insider data breach: What was compromised and by whom? According to the official statement released by the Ice Open Network, the hacking incident occurred when a server hosting their identity database was breached. An individual stole the information and passed it on to third parties. It should be noted that the hackers were not from the company Ice Labs, but rather four former partners of the service provider. The aforementioned service provider was hired to handle operational tasks, including coordination, design, management, and public relations. The leaked information contains names of identity keys, public keys linked to them, email IDs, and telephone numbers used for two-factor authentication (2FA). None of the financial details, private keys, or wallets were compromised by the hack, according to the company’s representatives. ION plans on additional measures and will run a migration on Online+ tomorrow. During the migration, the platform is slated to be temporarily unavailable or experience loading issues. Ice Open Network responds with legal actions Ice Open Network acted swiftly to address the problem. The firm has already traced the people behind the leak and is taking formal action, including filing a complaint with the United Kingdom’s Information Commissioner’s Office and initiating a criminal complaint with the authorities. In direct advice to users, Ice Open Network has urged users to update their 2FA settings for both email and phone. This will be done with an added measure: a migration process at Online+, scheduled for the next day, April 21st. There could possibly be some downtime due to this migration process. Importantly, however, the announcement clearly stated that core functions are completely unaffected. The development of the highly scalable DApp framework, the use of tokenized communities, and the vision for a wider Web3 future on BNB Chain will continue unimpeded. Reactions from the community have been varied, considering its tumultuous past year. “ZachXBT was right when he said Zeus sold customers’ data in 2020,” an X user stated. ION put on the spot for fraud activities. Source: X Those who remained supportive lauded the transparent approach. However, others were frustrated by yet another delay and called for complete information regarding the third-party provider. Insider data breaches enter new levels Several recent crypto security incidents align closely with Ice Open Network’s April 15 data breach disclosure. This has created a strong narrative covered in unauthorized third-party access to non-sensitive identity data. In a Kraken’s extortion attempt over insider data on April 13, 2026, a criminal group threatened to release videos of internal system access. Two insider incidents involving the exposure of support data for about 2,000 accounts (0.02 percent of clients) took place. As reported by Cryptopolitan, no full breach occurred, no client funds were at risk, and no passwords or private keys were compromised. Within the first 18 days of April alone, crypto protocol hacks had cost $606.2 million through 12 attacks, which is 3.7× higher than the Q1 2026 total of $165.5 million and the highest monthly hack tally since February 2025. In just the first 18 days of April, crypto protocols lost $606.2 million across 12 incidents—already 3.7× the entire Q1 2026 total ($165.5 million) and the highest monthly figure since February 2025 As reported by Cryptopolitan, KelpDAO was hacked for $293 million and now stands as the largest single exploit of 2026. Hackers exploited the KelpDAO contract by spoofing a cross-chain message on LayerZero. The attack allowed the hackers to steal roughly 18% of the total circulating supply of rsETH (116,500 tokens). If you're reading this, you’re already ahead. Stay there with our newsletter .
20 Apr 2026, 16:53
DeFi TVL Plummets Across Top Chains After KelpDAO Hack

The fallout from the $293 million KelpDAO exploit over the weekend has spread across the DeFi ecosystem, with Total Value Locked (TVL) across several chains dropping significantly in the last 24 hours. According to data from on-chain analytics platform DeFiLlama, at least 126 of the networks it tracks were in the red, with CosmoHub the hardest hit, having lost more than 1,500% of its TVL in that period. A Broad-Based Retreat Across Major Chains Pseudonymous analyst Vet brought attention to the decline, writing in a post on X that TVL was going down on all the top 20 DeFi chains. “Money is exiting,” they noted, adding that people were “repricing the risk/reward.” Indeed, when CryptoPotato checked the data, we found that the pullback was widespread, although the scale varied. For example, Ethereum, the largest DeFi chain with more than 1,700 protocols, posted a 24-hour TVL dip of nearly 11%. Its nearest rival, Solana, fared relatively better, going down by just over 4% in the last day, although the change was more noticeable across one month, at 19.06%. Arbitrum, Base, and Avalanche also saw their TVL dip by 9.97%, 5.76%, and 6.61%, respectively, while Bitcoin, Tron, and BSC were the least affected among the top ten chains by TVL, with none of them taking a hit bigger than 1.6%. Meanwhile, in that group, Hyperliquid was the worst hit, shedding more than 12% of the total value of assets it held and taking its dollar worth to $1.44 billion. Outside the top 10, the losses were sharper, with Mantle, which DeFiLlama co-founder 0xngmi flagged as one of those most exposed to bad debt after the hack, alongside Base and Arbitrum, down almost 42%. Others that were heavily hit included Taiko, which lost 22% of its TVL; Monad, which went down 13.21% in 24 hours; and Berachain, which dipped by over 17%. Other Chains Made Gains The flight from risk did not reach every corner, though, with some smaller chains posting gains. One of them, Q Protocol, jumped 477% in 24 hours, with Oasys and Shibarium also in the green, gaining 90.6% and 85%, respectively. The KelpDAO hack is the worst security breach in the DeFi space so far this year. Reports say that the liquid restaking protocol lost over $293 million after an attacker took advantage of its bridge contract. LayerZero has since said that the Lazarus Group’s TraderTraitor unit was behind the attack. The post DeFi TVL Plummets Across Top Chains After KelpDAO Hack appeared first on CryptoPotato .







































