A wave of decentralized finance exploits wiped out approximately $13 billion in total value locked (TVL) during April, according to a new report from Binance Research. The sharp decline in liquidity has intensified concerns about leverage levels across the DeFi ecosystem while highlighting persistent security vulnerabilities that continue to affect protocols across multiple blockchain networks.
The report shows that although the broader crypto market has attempted to stabilize, DeFi remains vulnerable to security breaches, governance weaknesses, and infrastructure attacks that can rapidly drain liquidity and undermine investor confidence.
DeFi TVL Drops as Exploits Shake Investor Confidence
Binance Research reported that DeFi TVL fell 10.7% month-over-month during April, dropping to approximately $82.7 billion.
While TVL contracted significantly, borrowing activity did not decline at the same pace. As a result, the on-chain leverage ratio climbed to roughly 38%, a level not seen since 2021.
The increase does not necessarily indicate stronger demand for borrowing. Instead, Binance Research noted that the ratio rose because the total amount of locked capital declined faster than outstanding debt. In simple terms, a smaller asset base now supports a similar level of leverage.
The report stated that meaningful deleveraging has yet to occur despite broader market weakness.
Drift and KelpDAO Account for Most Losses
April became one of the worst months for DeFi security in recent years.
According to Binance Research, protocols lost approximately $635 million through exploits during the month, marking the highest monthly loss total since the Bybit incident in February 2025.
Data from DefiLlama recorded 28 separate hack incidents during April, setting a new monthly record.
The two largest attacks targeted:
- Drift Protocol: approximately $285 million
- KelpDAO: approximately $292 million
Combined, the two incidents represented the majority of April’s losses.
Previous reports linked both attacks to North Korea’s Lazarus Group, highlighting how sophisticated threat actors continue targeting the decentralized finance sector.
Security Risks Extend Beyond Smart Contract Bugs
The recent attacks demonstrate that DeFi security threats are evolving.
While early DeFi exploits frequently focused on coding errors and smart contract vulnerabilities, many modern attacks involve:
- Social engineering
- Compromised employee systems
- Governance attacks
- Bridge vulnerabilities
- Private key compromises
- Infrastructure weaknesses
This broader attack surface makes security significantly more challenging for protocols operating across multiple chains and interconnected ecosystems.
Aave Feels the Impact of KelpDAO Exploit
The KelpDAO incident had consequences beyond the protocol itself.
According to Binance Research, the exploit generated approximately $230 million in bad debt on Aave and caused Aave’s total value locked to decline by nearly 50%.
The incident highlighted how interconnected modern DeFi has become. A failure in one protocol can quickly spread through lending markets, collateral systems, and liquidity networks.
Despite the disruption, KelpDAO has since completed the operational phase of its rsETH recovery plan.
The protocol successfully transferred more than 20,000 rsETH tokens through LayerZero infrastructure and restored key functions, including:
- Minting
- Redemptions
- Reward distribution
While these recovery efforts helped affected users, they did not eliminate broader concerns surrounding leverage and systemic risk within DeFi.
Security Challenges Continue Beyond April
Although security losses declined sharply in May, attacks continued across the ecosystem.
CertiK estimated that May exploit losses totaled approximately $68.3 million, representing a nearly 90% decrease from April’s figures.
However, several significant incidents still occurred.
Humanity Protocol
Humanity Protocol reported losses exceeding $36 million after attackers compromised administrative keys connected to bridge infrastructure.
Aztec Connect
Aztec Connect suffered losses of roughly $2.1 million due to vulnerabilities within an older immutable contract.
Raydium
Raydium disclosed a $1.3 million exploit affecting five legacy liquidity pools on Solana and later confirmed plans to reimburse impacted users.
These incidents demonstrate that operational security, legacy code, and bridge infrastructure remain critical areas of concern.
Elevated Leverage Creates Additional Risk
One of the report’s key findings centers on leverage.
Because TVL has fallen while borrowing activity remains relatively elevated, the system now carries more debt relative to available collateral.
This creates several risks:
- Higher liquidation sensitivity
- Reduced liquidity buffers
- Increased volatility during market stress
- Greater systemic exposure during security incidents
Until borrowing levels normalize or liquidity returns, leverage remains a potential vulnerability across the DeFi sector.
Outlook
The latest Binance Research report paints a challenging picture for decentralized finance. April’s exploit wave erased approximately $13 billion in total value locked, reduced liquidity across major protocols, and pushed leverage ratios toward levels last seen during the previous bull market cycle.
Although security losses declined in May and several affected protocols have begun recovery efforts, recent incidents involving Humanity Protocol, Aztec Connect, and Raydium show that exploit risks remain active.
For DeFi to regain momentum, protocols will need to strengthen security practices, improve infrastructure resilience, and rebuild investor confidence. Until then, elevated leverage and reduced liquidity will remain key risks for the sector.
