DeFi losses surge as Kelp DAO rsETH exploit triggers Aave outflows

DeFi losses accelerated in April after two major hacks. Kelp DAO’s restaked-ether (rsETH) bridge was exploited for about $292M over the weekend, bringing total April DeFi losses to over $580M. Earlier on April 1, Drift Protocol suffered a $285M incident. The Kelp DAO breach drove rapid deleveraging risk on Aave, one of the largest Ethereum lending/borrowing protocols. Although Aave said its smart contracts were not directly affected, the rsETH support mechanism collapsed outside Aave. Aave reported roughly $196M in bad debt. In response, users withdrew more than $6B from Aave, and AAVE fell over 18% during the weekend. Security experts also highlighted how cross-chain verification failures are being weaponized. Attackers allegedly used a LayerZero messaging-layer configuration to inject a forged command and mint about 116,500 rsETH on Ethereum. A central theme behind the worsening picture is the rise of AI-driven attacks. The article cites research suggesting exploit capability doubles about every 1.3 months, and AI security agents outperform standard coding agents in finding smart-contract vulnerabilities. Traders may see near-term volatility and reduced risk appetite in DeFi until confidence in collateral mechanisms and cross-chain infrastructure improves. Longer term, the gap between fast protocol deployment and slower continuous auditing could keep pressure on DeFi risk premia, especially for bridge and restaking-related designs.