Why TradFi keeps one foot on the sidelines: Lessons from Drift and Kelp hacks

Two significant exploits, within three weeks of each other, have again exposed the fragility of DeFi infrastructure. On April 2, Solana-based perpetuals protocol Drift was drained of approximately $286 million in a suspected DPRK (Democratic People's Republic of Korea )-linked attack, according to blockchain analytics firm Elliptic. The attack involved a social engineering trick in which attackers built trust with the Drift team. Attackers tricked at least two of Drift's five Security Council members into pre-signing special transactions using Solana's durable nonces feature, essentially getting them to sign a blank check that stays valid for weeks or months and could be executed later without the signers knowing its true malicious purpose.

On Saturday, April 18th, an attacker drained 116,500 rsETH, roughly $292 million, from Kelp DAO’s LayerZero-powered cross-chain bridge by exploiting a weakness in Kelp's cross-chain messaging setup, triggering the release of tokens to an attacker address that had been funded hours earlier via Tornado Cash.

Kelp’s emergency multisig executed pauseAll roughly 46 minutes after the initial drain, blocking two follow-up attempts that would have added close to $100 million in losses. Aave responded by freezing the rsETH markets on V3 and V4, flagging potential bad debt on positions opened after the exploit. The AAVE token dropped by ~21%, while the protocol’s TVL has declined by approximately $9 billion since the event. Combined, the two incidents account for roughly $578 million in stolen assets across a single 20-day window.

>> Explore our TVL dashboard

Contagion is a live risk, not a legacy one

For institutions trying to vet DeFi as a credible yield venue, these events confirm a structural concern: contagion is still a live risk, not a legacy one. The Kelp incident is particularly telling. A bridge exploit did not stay contained to the issuing protocol; it propagated to Aave, creating bad debt against a Liquid Restaking Token that had become a mainstream collateral asset. This is the precise transmission-mechanism risk that risk committees flag when reviewing DeFi mandates: a single point of failure cascading across supposedly independent protocols.

The Drift case adds a second institutional red flag. A state-linked adversary operating at scale continues to target DeFi venues. For compliance and AML functions, this reinforces the view that on-chain perpetual markets carry an elevated counterparty and sanctions risk profile compared with traditional execution venues. Neither incident involved an obscure protocol: Drift is among the leading perp DEXs on Solana, and rsETH is deployed across more than 20 networks. The message is consistent: DeFi’s security debt compounds with every new layer of composability, and existing insurance, audit, and multisig controls have yet to close the gap.

When asked whether there is a risk of a cascading effect in the coming days or weeks, Paul Frambot, CEO of Morpho told The Big Whale: “The core unresolved dilemma after the Kelp exploit is where the loss will ultimately be realized—whether absorbed by mainnet Kelp holders (and thus hitting Aave on Ethereum) or imposed on the bridged Layer 2 users who chose to bridge, a brutally harsh outcome that would wipe out positions and block Aave deployments across Optimism, Mantle, and Arbitrum, sparking an intractable legal war with lawyers on both sides.”

>> DeFi: Apollo makes strategic investment in Morpho

The Big Whale’s take

The institutional adoption narrative for DeFi has progressed on regulation, custody, and tokenized collateral. It has not progressed on systemic risk. As long as bridges, oracles, and restaking layers remain vulnerable to single-transaction drains on a nine-figure scale, the asset class will struggle to graduate from tactical exposure to core allocation. The pause-and-patch response model, visible again this weekend with Kelp and Aave, is operationally competent but strategically insufficient for balance sheets that cannot tolerate binary outcomes.

The current architecture still asks institutions to underwrite risks they are not structurally equipped to price: protocol-level smart contract risk, cross-chain messaging risk, and geopolitical threat actors. Until the sector delivers standardized bridge security, enforceable circuit breakers, and credible insurance capacity at scale, most TradFi desks will continue to engage DeFi through narrow, ring-fenced mandates rather than full portfolio integration.

‍