
Binance Research: $13B left DeFi in April, leverage ratio hit 38%. May losses down 90%; Aave still carries $230M bad debt from KelpDAO exploit.
April's DeFi exploit wave pushed about $13 billion out of on-chain protocols, Binance Research said. The outflow cut total value locked across lending markets and sent the on-chain leverage ratio to about 38%, a level last seen in 2021.
The ratio rose because TVL fell faster than borrowing. Binance Research said "meaningful deleveraging has yet to materialize," even after the broader crypto market pullback. Each dollar of outstanding debt now weighs more against a smaller pool of locked capital.
Binance's May market report put DeFi TVL at $82.7 billion by the end of April, down 10.7% month over month. The firm counted $635.24 million in exploit losses during the month, the highest since the Bybit incident in February 2025. DefiLlama tracked 28 separate hack events, which Binance called a monthly record.
Two attacks carried the bulk of the losses. Drift Protocol lost about $285 million and KelpDAO about $292 million. Reports tied both to North Korea's Lazarus Group through social engineering, compromised systems, governance weaknesses, and bridge infrastructure.
The KelpDAO incident spread pressure across connected lending markets. Binance Research said the exploit created roughly $230 million in bad debt on Aave, a leading Ethereum-based lending pool, and cut Aave's TVL by half. Stolen collateral entered Aave's pools, dragging down the protocol's position. The event showed how a single bridge failure can move through DeFi when the stolen assets hit lending markets.
KelpDAO completed the operational part of its rsETH recovery plan. The protocol sent a final batch of 20,373.7 rsETH to the LayerZero smart contract used for cross-chain transfers. Minting, redemptions, and reward functions were operating normally after earlier restart steps, it said. The recovery steps reduced direct pressure on KelpDAO users but did not fix the wider leverage concern.
Security incidents continued after April, though reported losses dropped. CertiK put May hack losses at $68.3 million, down nearly 90% from April's roughly $650 million. Still, attacks kept hitting bridges, legacy contracts, private keys, and operational controls.
Humanity Protocol said more than $36 million was stolen after attackers compromised administrative keys linked to its bridge systems. Aztec Connect lost about $2.1 million from an old immutable contract. Raydium said it would reimburse users after a $1.3 million exploit hit five legacy Solana liquidity pools.
Binance Research said "meaningful deleveraging has yet to materialize."
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.