DeFi 各类别的总锁定价值自 4 月中旬以来已大幅下跌约 14%,从约 1720 亿美元降至 1480 亿美元。此次下滑与 4 月 18 日 KelpDAO 跨链漏洞利用事件相吻合,该事件不仅本身造成影响,也在更广泛范围内笼罩了 DeFi 情绪。在 4 月 18 日,据称与朝鲜的 Lazarus Group 有关的攻击者利用了 KelpDAO 的 LayerZero 跨链,窃取了约 2.92 亿美元(116,500 rsETH)。此次攻击针对的是链下基础设施,而非智能合约漏洞,通过操纵内部 RPC 节点并压垮外部验证者,将虚假数据输入到一种单点故障的验证设置中,诱使目标链在源链上的“虚假销毁”情形下释放资金。
DeFi Sectoral Impact
Lending, the largest DeFi category, experienced the steepest decline, falling from approximately $53 billion to $40 billion over the period. Liquid restaking protocols also recorded notable declines.
Attack Mechanism Details
The KelpDAO exploit targeted LayerZero's bridge infrastructure through a compromise of off-chain systems. Attackers manipulated internal RPC nodes and overwhelmed external validators to inject false data into a verification setup with a single point of failure. This mechanism tricked the destination chain into releasing funds against a phantom burn recorded on the source chain, rather than exploiting a smart contract vulnerability.
Market Sentiment and Capital Withdrawal
Outflows have persisted for over five weeks following the exploit. Users who exited following the attack have largely not returned, indicating a broader withdrawal of marginal capital rather than a technical re-rating of specific protocols. The pattern reflects how high-profile infrastructure failures reduce risk appetite across the DeFi sector rather than remaining contained to the affected protocol.
不断演变的 DeFi 风险面
KelpDAO 的攻击凸显了 DeFi 威胁格局的变化。随着智能合约安全性不断提升,链下基础设施已成为更可被利用的一层——而现有的监测框架仍在追赶这一风险。
