Summary DeFi came under fresh pressure after the KelpDAO exploit triggered a sharp shock across Aave and revived fears around contagion, bad debt, and operational risk. Yet the fallout was not one-dimensional. Aave was not directly hacked, yet it still suffered a severe liquidity shock after the rsETH incident. That alone shows how DeFi’s biggest vulnerabilities now extend well beyond contract code. AI could improve DeFi security from here. Anthropic said Claude Mythos Preview has flagged 1000+ high-severity vulnerabilities in recent weeks, including issues affecting every major operating system and web browser. DeFi came under fresh pressure after the KelpDAO exploit triggered a sharp shock across Aave ( AAVE-USD ) and revived fears around contagion, bad debt, and operational risk. Yet the fallout was not one-dimensional. Capital fled the most exposed pools, but some demand rotated elsewhere. We break down what the Aave and Drift ( DRIFT-USD ) episodes actually revealed, where liquidity moved next, and what this means for DeFi’s next phase. The latest panic around Aave has revived a familiar claim that DeFi is broken. But the more useful question is whether the market is finally repricing risks it tolerated for too long. Aave was not directly hacked, yet it still suffered a severe liquidity shock after the rsETH incident. That alone shows how DeFi’s biggest vulnerabilities now extend well beyond contract code. Aave Was Not Hacked, but It Was Hit by Contagion What happened to Aave matters because it was not a direct protocol breach. After attackers drained about $291 million from KelpDAO-linked infrastructure, the compromised rsETH was routed into DeFi lending rails and used to borrow large amounts of WETH. That pushed key Aave pools into acute stress, with users struggling to withdraw and markets moving quickly to freeze rsETH exposure. In other words, the event was less about Aave’s own code failing and more about Aave inheriting risk from an asset whose security assumptions sat outside its own control. It showed how a weakness in one part of the stack can become a balance sheet problem somewhere else. Once confidence in a collateral asset breaks, liquidity conditions can deteriorate much faster than governance can react. The market was not only pricing the immediate exploit. It was pricing the possibility that external assets, bridge configurations, and cross-protocol dependencies can force a major lending venue into a confidence crisis without ever touching its core contracts. DeFi Risk Is No Longer Just Code Aave and Drift matter for different reasons. Aave showed how risk can spread across protocols through collateral and market structure. Drift showed how large losses can also come from operational weakness, permissions, and human error. Taken together, the message is clear: DeFi risk no longer begins and ends with contract code. Drift itself made that point clearly. The roughly $286 million exploit exposed weaknesses in execution, permissions, and operational control. The April attack wave made the point even clearer. In the two weeks after Drift, at least a dozen crypto entities were hit again, including Hyperbridge, Rhea Finance, and Grinex, pushing total losses for the period above $600 million. Another warning came from Ethereum ( ETH-USD ). A six-month security effort backed by the Ethereum Foundation said it identified around 100 suspected DPRK-linked operatives across 53 Web3 projects. That is why Drift should not be read as an isolated event. The bigger message is that DeFi’s threat surface now includes infiltration, identity fraud, and organizational compromise alongside contract exploits. DeFi Flows Show Both Flight and Rotation The flows show two things at once. First, this was not just an Aave shock. DeFi TVL fell about 8% over 24 hours, wiping out roughly $85 billion, showing that the market’s first response was broad risk reduction across the sector. Part of the capital clearly left DeFi rather than staying inside the system. Second, the outflows were not uniform. Aave came under clear pressure, but part of the lending demand rotated quickly into Spark. Spark’s ETH deposit rate briefly spiked to 130% and then remained unusually elevated, offering a direct signal that capital and borrow demand were shifting. At the same time, the redistribution was only partial. Broader DeFi TVL still contracted sharply, and other major lending protocols such as Morpho and Sky (SKY-USD) also saw meaningful outflows, showing that this was not a clean one-to-one migration across the sector. Source: defillama This was not only a capital flight event but also a repricing of trust. Money first left the most exposed pools, then began to separate weaker protocols from those that still retained market trust. DeFi did not see a uniform exit. It saw both deleveraging and selective reallocation. AI and the Next Security Upgrade AI could improve DeFi security from here. Anthropic said Claude Mythos Preview has flagged 1000+ high-severity vulnerabilities in recent weeks, including issues affecting every major operating system and web browser. If systems with that level of capability are applied to deep DeFi audits, exploit simulation, and continuous code review, crypto security could see a meaningful upgrade. But AI will not end the arms race. The same tools that help defenders find weaknesses faster can also lower the cost of exploit research for attackers. AI is more likely to raise the baseline of security work than to remove security risk. For DeFi, that means better tooling alone is not enough. Stronger collateral standards, cleaner isolation, tighter operational control, and more disciplined trust assumptions still matter most. DeFi is not dying. It is being forced to mature. Disclaimer: The information provided herein does not constitute investment advice, financial advice, trading advice, or any other sort of advice, and should not be treated as such. All content set out below is for informational purposes only. Original Post Editor's Note: The summary bullets for this article were chosen by Seeking Alpha editors.
