DeFi TVL 在 KelpDAO 桥被利用后下跌 14%

DeFi 各类别的总锁定价值自 4 月中旬以来已大幅下跌约 14%，从约 1720 亿美元降至 1480 亿美元。此次下滑与 4 月 18 日 KelpDAO 跨链漏洞利用事件相吻合，该事件不仅本身造成影响，也在更广泛范围内笼罩了 DeFi 情绪。在 4 月 18 日，据称与朝鲜的 Lazarus Group 有关的攻击者利用了 KelpDAO 的 LayerZero 跨链，窃取了约 2.92 亿美元（116,500 rsETH）。此次攻击针对的是链下基础设施，而非智能合约漏洞，通过操纵内部 RPC 节点并压垮外部验证者，将虚假数据输入到一种单点故障的验证设置中，诱使目标链在源链上的“虚假销毁”情形下释放资金。

DeFi Sectoral Impact

Lending, the largest DeFi category, experienced the steepest decline, falling from approximately $53 billion to $40 billion over the period. Liquid restaking protocols also recorded notable declines.

Attack Mechanism Details

The KelpDAO exploit targeted LayerZero's bridge infrastructure through a compromise of off-chain systems. Attackers manipulated internal RPC nodes and overwhelmed external validators to inject false data into a verification setup with a single point of failure. This mechanism tricked the destination chain into releasing funds against a phantom burn recorded on the source chain, rather than exploiting a smart contract vulnerability.

Market Sentiment and Capital Withdrawal

Outflows have persisted for over five weeks following the exploit. Users who exited following the attack have largely not returned, indicating a broader withdrawal of marginal capital rather than a technical re-rating of specific protocols. The pattern reflects how high-profile infrastructure failures reduce risk appetite across the DeFi sector rather than remaining contained to the affected protocol.

不断演变的 DeFi 风险面

KelpDAO 的攻击凸显了 DeFi 威胁格局的变化。随着智能合约安全性不断提升，链下基础设施已成为更可被利用的一层——而现有的监测框架仍在追赶这一风险。