5 hours ago
13
- KelpDAO exploit drains $290 million and triggers massive DeFi liquidity shock
- NFT holders using shared wallets face indirect risks from lending and collateral exposure
- Simple wallet hygiene steps can reduce risk but are often ignored
The KelpDAO exploit didn’t directly target NFTs, and on the surface, it might look like just another DeFi incident. But the ripple effects tell a different story, one that reaches far beyond a single protocol and into how people actually use their wallets day to day.
About $290 million was drained on April 18 after a configuration flaw, not a core infrastructure failure, allowed an attacker to manipulate transaction confirmations, which is… a subtle but important distinction.
How One Weak Link Triggered a Chain Reaction
The issue came down to KelpDAO using a “1-of-1 DVN” setup, meaning a single verifier handled critical confirmations. That created a single point of failure, and once exploited, the attacker was able to send fake signals that transactions had gone through when they hadn’t.
Even though LayerZero confirmed the vulnerability was isolated to KelpDAO’s setup, the damage didn’t stay contained. Within hours, AAVE dropped sharply, and total value locked across DeFi started falling fast, showing how tightly connected these systems really are.
DeFi Contagion Moves Faster Than Expected
AAVE’s price fell around 17%, and its total value locked dropped significantly as rsETH, which had been used as collateral, suddenly became unstable. That instability led to bad debt, paused markets, and a quick drain of liquidity, which tends to happen fast once confidence cracks.
In total, DeFi lost over $13 billion in value locked in a short period, which is a pretty stark reminder that even “isolated” exploits rarely stay isolated for long.
The Overlooked Risk for NFT Holders
This is where NFT holders need to start paying attention, even if their assets weren’t directly involved. Many collectors use a single wallet for everything, holding NFTs, staking tokens, borrowing assets, and interacting with DeFi protocols all at once.
If that wallet had exposure to something like rsETH and the position turned risky or got locked, the NFT itself isn’t hacked, but it can still be affected indirectly, through liquidations, frozen positions, or lack of access. It’s not obvious, but it’s real.
Simple Fixes That Most People Ignore
The solutions aren’t complicated, which is almost the frustrating part. Revoking unused smart contract approvals, separating high-value NFTs into dedicated wallets, and actively monitoring lending positions can significantly reduce exposure.
But in practice, most users don’t take these steps until after something goes wrong, and by then, it’s usually too late. The KelpDAO exploit is just another reminder that in crypto, risk doesn’t always hit where you expect, sometimes it spreads quietly through everything connected.
Disclaimer: BlockNews provides independent reporting on crypto, blockchain, and digital finance. All content is for informational purposes only and does not constitute financial advice. Readers should do their own research before making investment decisions. Some articles may use AI tools to assist in drafting, but every piece is reviewed and edited by our editorial team of experienced crypto writers and analysts before publication.
English (US) ·