DeFi’s Trust Crisis: $10 Billion Withdrawn After $292M Exploit as Open Finance Struggles to Regain Confidence

Six years after the explosive growth of DeFi Summer, the decentralized finance ecosystem is grappling with a severe trust crisis. The latest blow came from KelpDAO’s $292 million rsETH exploit, which occurred at a precarious moment for the sector. The incident triggered roughly $10 billion in withdrawals from DeFi protocols over a single weekend, compounding existing concerns.

Confidence in DeFi had already been shaken by Drift Protocol’s $285 million breach on April 1 and Venus’s March post-mortem, which revealed structural vulnerabilities. These events have exposed deeper issues within open finance, raising questions about its ability to remain the default gateway for on-chain financial activity.

While open DeFi is still operational, it is losing ground to more regulated and stable alternatives. Stablecoins, tokenized Treasuries, and regulated settlement rails continue to scale rapidly, while permissionless protocols struggle with a growing trust discount. A circulating hack scoreboard on X reflects the sector’s mounting challenges, highlighting both documented incidents and ongoing investigations.

DeFi’s Security Problem Now Extends Beyond Smart Contracts

One of the most dangerous misconceptions after a major exploit is assuming every failure stems from a smart contract bug. Drift Protocol’s breach, for example, was not a simple coding error. According to Chainalysis, the attack exploited privileged access, pre-signed administrative actions, and fake collateral—not a straightforward contract failure.

This shift in attack vectors means users must now trust far more than just audited code. Operational risks now reside in governance paths, signer workflows, and multi-chain dependencies. As DeFi systems expand across multiple chains, admin councils, liquidity venues, and collateral wrappers, the attack surface grows exponentially, outpacing traditional security measures.

Venus’s post-mortem further illustrates this evolving threat landscape. An attacker borrowed $14.9 million against an inflated THE position, leaving the protocol with $2 million in bad debt. Though the failure mode differed from Drift’s, the outcome was the same: a major DeFi venue required emergency accounting due to thin liquidity and structural edge cases.

KelpDAO’s Exploit Triggers Mass Withdrawals and Market Freezes

The most recent shock came from KelpDAO’s rsETH exploit, which, according to CryptoSlate, prompted approximately $10 billion in withdrawals across DeFi. The incident also led to freezes in rsETH-linked markets, signaling widespread concern over cross-chain complexity, collateral uncertainty, and potential contagion.

Even if the exact outflow figure adjusts as conditions stabilize, the message is clear: users are prioritizing safety over the promises of open finance. The sector’s ability to rebuild trust quickly will determine whether it can reclaim its position as the default front-end for on-chain finance—or if it will continue to cede ground to regulated alternatives.