The bank said the incident caused real damage to decentralized finance (DeFi) but stopped short of breaking it.
DeFi News
Standard Chartered published a research note on April 29, 2026, titled "DeFi - Bent, not broken." Geoffrey Kendrick, the bank's global head of digital assets research, wrote the note in response to the $292 million KelpDAO exploit that occurred on April 18, 2026. The bank said the incident caused real damage to decentralized finance (DeFi) but stopped short of breaking it.
The attack began with the theft of roughly $292 million in rsETH through a suspected forged LayerZero message. The attacker then deposited those stolen, unbacked tokens as collateral into Aave, the sector's largest DeFi lending protocol. From there, the attacker borrowed legitimate assets against the worthless collateral. The resulting panic triggered bank-run-style withdrawals across the protocol.
Aave lost $17 billion in deposits, marking a 38% decline, and $5.5 billion in active loans, representing a 31% drop. Kendrick identified the root cause as an asset-liability mismatch inside DeFi lending markets. Increasingly complex collateral, including wrapped, staked, and restaked assets, had been accepted against liabilities with very different risk profiles. Concentrated looping trades amplified the damage once the attack spread.
A $300M Rescue Effort
A coalition led by Aave and its founder Stani Kulechov committed more than $300 million to stabilize the protocol. The effort drew support from Aave DAO, Arbitrum, Consensys, Joseph Lubin, Mantle, and Lido. The intervention helped bring yields down and partially restore deposits, according to the report. Kendrick described the coordinated response as a potential "much-needed antifragile moment" for the sector.
The bank said the crisis is accelerating structural upgrades already in progress. Aave V4, launched in late March 2026, aims to reduce the protocol's reliance on cross-chain bridges. The forthcoming Ethereum Economic Zone (EEZ) is also designed to limit bridge dependency. Cross-chain bridges have been the primary attack vector in many of the largest crypto hacks, including this one.
Standard Chartered maintained its forecast that tokenized RWA will reach a $2 trillion market cap by end-2028. That figure is up from $35 billion recorded in October 2025. The bank said the forecast rests on continued growth in DeFi banking and stablecoin liquidity. Kendrick framed the KelpDAO episode as a stress test of that thesis, not a reason to abandon it.
JPMorgan separately said hacks and stagnant capital levels in DeFi continue to weigh on the sector's institutional appeal. The bank cited a $20 billion impact from the KelpDAO exploit as part of its assessment.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
