In the last two weeks, the decentralized finance sector has suffered one of its largest losses on record. Over the weekend, Kelp DAO’s restaked-ether bridge was exploited for $292 million in a cyberattack, pushing total DeFi losses in April beyond $580 million. Combined with an earlier $285 million incident involving Drift Protocol on April 1, these large-scale breaches have triggered panic in the market. In immediate response, over $6 billion in assets was withdrawn from the Aave platform as users rushed to protect their funds, sending the AAVE token tumbling more than 18% over the weekend.
Aave, Kelp DAO, and industry response
Aave is recognized as one of the largest lending and borrowing protocols based on Ethereum. Its founder, Stani Kulechov, stressed that the recent attack did not directly affect Aave’s smart contracts. However, the real threat stemmed from the collapse of the support mechanism for rsETH—used as collateral—which occurred outside Aave itself. Consequently, Aave was left with approximately $196 million in bad debt. To mitigate risk, several other platforms, including SparkLend, Fluid, and Lido’s earnETH service, either halted rsETH-linked transactions or suspended new deposits.
This cyberattack exposed a vulnerability in one of the core pillars of blockchain security: cross-chain verification systems. The attackers exploited a configuration choice, manipulating the LayerZero messaging layer to inject a forged command and mint 116,500 rsETH on Ethereum. Security experts warn that in decentralized platforms, where each project selects its own validator networks, misconfigurations can easily cascade and threaten the wider ecosystem.
Stephen Ajayi, audit team lead at blockchain security firm Hacken, relayed that “A string of similar attack attempts on multiple smart contracts, powered mainly by AI-assisted, automated code analyses, is rapidly expanding the threat surface.”
Rise of AI-driven attacks and industry challenges
Until recently, the dominant fear in DeFi was that automation might one day overtake the system. Experts now emphasize that attackers have already embraced automation. Research by Anthropic late last year showed that advanced AI models like Claude Opus 4.5, Claude Sonnet 4.5, and OpenAI’s GPT-5 tested on 405 exploited smart contracts from 2020 to 2025 generated $4.6 million in active attack scenarios. These models also analyzed vulnerabilities in 2,849 newly deployed contracts, uncovering novel exploits at minimal cost.
Security tests by firms such as Cecuro reveal that specialized AI security agents found vulnerabilities in 92% of smart contracts across DeFi protocols—a stark contrast to just 34% found by standard coding agents. Today, the average AI-powered security scan for a smart contract costs only about $1.22. Research further shows that exploit capabilities are doubling every 1.3 months.
Sector’s growing security gap
The impact of recent attacks on sector-wide insurance capacity is also notable. While the on-chain insurance market remains limited to several hundred million dollars, the total value locked in DeFi approaches $100 billion. Smart contract audits are lagging behind deployment speeds, and each new integration introduces fresh risks. Regulators, notably the European Union, are working to improve transparency and mandate disclosures, but there are no laws requiring continuous auditing or real-time attack simulations for major protocols safeguarding large pools of assets.
Simultaneously, Anthropic’s new Claude Mythos Preview model—though not yet publicly released—has already uncovered thousands of new vulnerabilities on major operating systems and browsers. This model reads and analyzes DeFi projects at machine speed. Anthropic has warned that public release could dramatically shift the balance between attackers and defenders. Industry leaders and developers increasingly emphasize that every new integration expands the attack surface, calling for persistent security testing and segmented risk acceptance points.
It remains uncertain how the gap left by the Kelp DAO attacks will be filled. While some believe a portion of the stolen ether could be recovered, the economics of attacks and defenses in DeFi are shifting rapidly. Today, an effective assault does not require a large team or a six-figure budget—an AI-assisted attacker can now use transactions worth just a few hundred dollars to threaten DeFi protocols at speed.
