Author: Tom Dunleavy
Compiled by: Jia Huan, ChainCatcher
A $292 million cross-chain bridge vulnerability on KelpDAO triggered a chain reaction through Aave, draining $13 billion in TVL from DeFi within 48 hours.
If you earn a 5% USDC yield in the money market, the issue isn't whether DeFi is risky, but whether the risk you take is being rewarded accordingly. Let's use bond mathematics to solve this problem.
Two weeks ago, attackers stole $292 million from KelpDAO via a compromised LayerZero cross-chain bridge. The stolen rsETH was subsequently deposited back into Aave V3 as collateral, leaving approximately $196 million in bad debt on Aave's balance sheet, and TVL plummeted from $26.4 billion to $17.9 billion in three days.
Two weeks prior, Solana's Drift protocol lost $285 million due to the leak of administrator keys by North Korean hackers; this social engineering attack had been planned since the fall of 2025.
Three weeks apart, the two incidents resulted in a total of $577 million in permanent losses. Aave's USDC market reached 99.87% utilization for four consecutive days, with lending rates soaring to 12.4%. Circle's chief economist, Gordon Liao, submitted a governance proposal to quadruple the borrowing limit, simply to clear the queue of withdrawals.
For those who were providing stablecoins to the DeFi money market with yields of 4% to 6% just a month ago, one question is most important: were those yields ever reasonable?
Whether we have received due compensation for the risks we have taken in DeFi, and where future interest rate spreads should be set, are all questions worth exploring in depth.
How does traditional finance price risk?
The yield of every corporate bond is the sum of risk compensations. The core formula of this deduction is:
Yield = Rf + [PD x LGD] + Risk Premium + Liquidity Premium
Rf is the risk-free rate, based on maturities of government bonds. PD x LGD is the expected loss: probability of default multiplied by loss due to default, where LGD equals 1 minus the recovery rate.
The risk premium compensates for the uncertainty of expected losses—two bonds with identical PD and LGD, but with greater potential volatility, will still be priced higher. The liquidity premium, on the other hand, compensates for exit costs.
Moody's long-term data since 1920 provides an anchor:
The long-term average annual default rate for US speculative-grade bonds is 4.5%, currently at 3.2% over a rolling 12-month period, and is projected to rise to 4.1% in the first quarter of 2026. Historically, the recovery rate for unsecured senior high-yield bonds has been around 40%, while LGD bonds have a recovery rate of approximately 60%. The expected loss on high-yield bonds is 2.7% per annum based on the long-term average.
In private lending, KBRA projects a direct loan default rate of 3.0% and a recovery rate of approximately 48% in 2026. Historical recovery rates for senior secured leveraged loans have been between 65% and 75%.
What are the market returns like today?
Let's look at today's actual data. The 10-year Treasury yield closed at 4.29% on Wednesday. As of April 2026, the option-adjusted spread of the ICE BofA credit stack (a measure of how much more risky a bond carries compared to a Treasury bond) shows:
The pattern is quite intuitive. From government bonds to investment grade, then to speculative grade, and finally to subprime commercial real estate, yields rise progressively, compensating for the increasing probability of default and the severity of losses.
The yield on direct loans is around 9%, not because the default rate of the underlying borrowers is higher, but because the liquidity premium of holding illiquid private notes is real and visible.
Now let's look at where Aave's USDC rate was before the Kelp incident—around 5.5%, priced between investment grade and single-B high-yield bonds.
Morpho brings together a carefully selected managed vault with a yield of around 10.4%. These two figures cannot simultaneously represent accurate valuations of the same underlying risks.
DeFi exhibits three types of "default" that are not found in traditional finance.
Traditional credit defaults are tedious: borrowers fail to pay interest, bondholders trigger accelerated repayment, followed by restructuring, asset sales, and negotiations to determine the recovery amount.
DeFi lacks this asset disposal process; it faces the risk of vulnerability exploitation. There are three distinct failure modes:
Pattern 1. Smart Contract Vulnerability
The code contains flaws: reentrancy vulnerability, input validation errors, and missing access controls. Attackers drained the funding pool. Historically, the recovery rate for direct attacks on the protocol is 5% to 15% when white-hat hackers return funds, but is virtually zero when North Korean hackers are involved.
The 2021 Poly Network attackers returned all $611 million, which somehow felt like a joke. Ronin's $625 million and Wormhole's $325 million were recovered because Sky Mavis and Jump Trading each bailed them out with their own balance sheets—this wasn't asset recovery, it was shareholder bailout.
Mode 2. Oracle Manipulation and Governance Attacks
Price feeds are disrupted, typically by manipulating illiquid DEX pools, leading to bad debts. Alternatively, attackers can accumulate governance tokens and drain the treasury through malicious proposals. Beanstalk lost $182 million as a result in 2022.
Such attacks can usually be partially reversed through protocol-level intervention, but lenders' claims on "assets" often end up as claims on worthless tokens.
Pattern 3. Combinability Cascade Effect
This is KelpDAO's failure pattern, and it's the most dangerous because it's the hardest to audit. Protocol A issues liquidity-staking or re-staking tokens, Protocol B accepts these tokens as collateral, and Protocol C bridges them to another chain. A vulnerability in any link of this chain can orphan downstream positions.
Attackers don't need to break Aave; they break rsETH, and Aave's lenders take on the bad debts.
These three models have one thing in common, which is also what distinguishes DeFi from all traditional credit markets: once a problem arises, it will erupt within minutes, rather than over several quarters.
There is no contract renegotiation, no DIP financing (bankruptcy reorganization financing, new financing obtained during corporate bankruptcy protection to maintain operations until reorganization is completed, with priority repayment rights), and the smart contract is executed directly.
Code is law—and when code goes wrong, the losses can be devastating.
Bad debt on rsETH on Aave V3 surged from zero to $196 million in just four hours. In contrast, the median time from the first sign of stress to the completion of restructuring for BB-rated defaults is 14 months.
Does data suggest DeFi has become more secure? It's not that simple.
Traditional narratives are starting to fall apart here. Chainalysis’ mid-year update in December 2025 documented a striking divergence: while DeFi’s TVL recovered from $40 billion in early 2024 to a peak of around $175 billion in October 2025, DeFi-specific hacking losses remained near the lows of 2023.
The $3.4 billion in cryptocurrency thefts in 2025 are mainly concentrated in centralized exchange vulnerabilities (Bybit alone accounted for $1.5 billion) and personal wallet leaks (accounting for 44% of the total stolen value, up from 7% in 2022).
Data source: Chainalysis Cryptocurrency Crime Reports 2025 and 2026
If you only look at Chart 02, you might conclude that DeFi is becoming more secure. This is partly true: smart contract auditing has matured, bug bounty programs like Immunefi now protect over $100 billion in user funds, and cross-chain bridge architectures are slowly adopting time locks and multi-party verification.
But the 2026 record tells a different story. On April 1, Drift lost $285 million, and on April 18, KelpDAO lost $292 million. Two nine-figure loss events within 18 days, both targeting weaknesses in composability rather than the underlying primitives of core lending.
Compared to the average TVL, the annualized loss rate of DeFi in recent years is approximately:
2024: DeFi specific losses were approximately $500 million, with an average TVL of $75 billion = annual loss rate of 0.67%.
2025: DeFi specific losses are estimated at $600 million, with an average TVL of $120 billion = annual loss rate of 0.50%.
Year-to-date 2026 (annualized): Single-event losses in the second quarter alone amounted to approximately $577 million, with a TVL of $95 billion. If this pace continues, the potential annualized loss rate would reach 2.0% to 2.5%.
Assuming a forward annual probability of default (PD) of 1.5% to 2.0% for high-quality DeFi lending, and applying a 90% loss on default (LGD) rate—with an average recovery rate of 5% to 15% for direct exploits when no external balance sheet is willing to cover it—the expected loss is 1.35% to 1.80% per annum.
This is already higher than high-yield bonds. And it doesn't even include the premium from uncertainty, illiquidity, regulatory asymmetry, and the unique structure of composability contagion.
What should DeFi yields actually be?
This is where bond mathematics really comes into play. I will price the fair yield of hypothetical high-quality DeFi stablecoin deposits—that is, overcollateralized lending positions in USDC on Aave or Compound for retail and quantitative borrowers on the Ethereum mainnet.
The fair value yield is constructed upwards from the 10-year Treasury benchmark. The framework follows the Duffie-Singleton credit spread decomposition and has been adapted for DeFi-specific failure modes.
Detailed breakdown of each component:
Risk composition premium: Risk-free benchmark (10-year US Treasury bond) + 4.30% expected loss (default probability × loss rate) + 1.50% oracle manipulation risk + 0.75% governance/administrator key risk + 1.00% cross-chain cascading risk (Kelp-like events) + 1.25% regulatory asymmetry risk + 1.25% stablecoin de-pegging risk + 0.50% liquidity premium + 0.50% model uncertainty premium + 1.50% = reasonable yield floor 12.55%
Therefore, for high-quality DeFi stablecoin deposits on mainstream protocols, the minimum interest rate should not be lower than 13%. Positions with clear insurance (Nexus Mutual coverage, Umbrella-style protocol reserves) can have slightly lower rates, while those involving long-tail protocols, new deployment markets or restaking, and cross-chain base protocol exposures should have higher rates.
Key conclusions
First, fair compensation is required. If you provide USDC to DeFi at a 5% interest rate, you are effectively pricing in BB-level credit risk, taking on worse technical and composability risks than CCC-level.
Morpho's selective vault market yield of 9% to 12% is closer to a fair liquidation price, although it also raises its own questions about manager selection and transparency.
Second, move up the capital stack (from senior secured debt to common stock, the higher the priority of the funds, the lower the risk ).
Overcollateralized lending for blue-chip collateral (ETH, wBTC, and the tried-and-tested LST) features oracle redundancy, protocol-layer insurance, and no cross-chain exposure—this is the true investment grade of DeFi, and its required risk premium will be significantly lower than the estimates in the above framework.
Third, correctly price tail risk.
The KelpDAO vulnerability is not a black swan event; it's a foreseeable failure mode of the bridging and restaking underlying protocol in an increasingly fragile multi-chain architecture. Drift is the same story, just with different protagonists.
The second quarter of 2026 has already resulted in a permanent loss of $577 million. A hybrid DeFi portfolio with a yield of 5.5% faces catastrophic drawdown risk that cannot be compensated by the yield.
DeFi is not uninvestable; it's just mispriced at the top of the order book. Institutional opportunities are real, but limited to asset allocators who either demand a risk premium supported by the framework or scrutinize specific protocols with the same rigor as evaluating private credit.
The easiest approach—depositing stablecoins into mainstream lending platforms and passively accepting published yields—is nothing more than an arbitrage bet disguised as a risk-free interest rate.
