跨 DeFi 類別的總鎖倉價值(TVL)自 4 月中旬以來已下滑約 14%,從約 1720 億美元降至 1480 億美元。這一下滑與 4 月 18 日的 KelpDAO 橋接器遭攻擊事件同時發生,該事件在本身之外也為整體 DeFi 情緒投下更廣泛的陰影。4 月 18 日,據報攻擊者疑似與北韓的 Lazarus Group 有關,利用 KelpDAO 的 LayerZero 橋接器,竊取約 2.92 億美元(116,500 rsETH)。此次攻擊鎖定的是離線(off-chain)基礎設施,而非智慧合約漏洞;透過操控內部 RPC 節點並壓垮外部驗證者,向單一故障點的驗證設定餵入錯誤資料,欺騙目的鏈在來源鏈的「不存在的焚毀(phantom burn)」之下釋放資金。
DeFi Sectoral Impact
Lending, the largest DeFi category, experienced the steepest decline, falling from approximately $53 billion to $40 billion over the period. Liquid restaking protocols also recorded notable declines.
Attack Mechanism Details
The KelpDAO exploit targeted LayerZero's bridge infrastructure through a compromise of off-chain systems. Attackers manipulated internal RPC nodes and overwhelmed external validators to inject false data into a verification setup with a single point of failure. This mechanism tricked the destination chain into releasing funds against a phantom burn recorded on the source chain, rather than exploiting a smart contract vulnerability.
Market Sentiment and Capital Withdrawal
Outflows have persisted for over five weeks following the exploit. Users who exited following the attack have largely not returned, indicating a broader withdrawal of marginal capital rather than a technical re-rating of specific protocols. The pattern reflects how high-profile infrastructure failures reduce risk appetite across the DeFi sector rather than remaining contained to the affected protocol.
不斷演變的 DeFi 風險版圖
KelpDAO 攻擊凸顯了 DeFi 威脅版圖的轉變。隨著智慧合約安全性有所提升,離線基礎設施已成為更容易被利用的層級——而這項風險現有的監控框架仍在趕上。
