Subscribe to Bankless or sign in
🔒 FREE PREVIEW: Upgrade to unlock full access. Join Bankless Premium.
gm Bankless Nation,
Sunday's exploit struck at the heart of DeFi.
The entire industry is going to have to move forward from this exploit with a new mindset – and a new design. In today's essay, David Hoffman lays out the path.
Join Bankless Premium to dive deeper,
luma 🫡
Sponsor: MetaMask - Trade prediction markets on mobile, powered by Polymarket.
Although not even in the top 10 crypto hacks in terms of dollar-size, the LayerZero<>KelpDAO<>
Aave exploit will go down in history as the most consequential DeFi hack of all time.
The entire onchain industry is now on a completely different path than we were before.
The implications to crypto come in two buckets:
- DeFi needs to be Rearchitected
- Validators/Security Councils will need to standardize recovery operations (or give up control)
DeFi Needs to be Rearchitected
The LayerZero<>KelpDAO<>Aave exploit occurred because each component in their composable DeFi stack trusted each other.
KelpDAO trusted that LayerZero’s DVN wouldn’t ever be compromised (it got compromised).
LayerZero trusted KelpDAO to choose the appropriate level of security (they didn’t)- Aave trusted KelpDAO’s rsETH collateral to always be fully backed (it wasn’t)
Trust lowers the costs of transactions and improves the welfare of everyone involved. So, it's enticing to assume these protocols are operating inside of trustworthy environments.
But they are not.
Permissionless systems are inherently adversarial environments. Building under the premise that 99.99% of users are good doesn’t change the fact that it only takes one bad actor to attack the system.
The LayerZero<>KelpDAO<>Aave structure forgot this paradigm...
Trade the outcomes of real-world events across sports, politics, crypto, finance, all on mobile—with prediction markets on MetaMask, powered by Polymarket. No KYC, total self-custody, and simple two-tap trades.
📈 The Asset
- Bitmine bought 10,000 ETH OTC from the EF and is now staking +70% of its total holdings
- Etherealize published the Productive Money thesis
- The EF swapped 21,269 aWETH to wstETH
- Grayscale staked another 102k ETH for its Ethereum Mini Trust
🏛️ The Protocol
📱 The Apps
- Aave froze its rsETH markets in the wake of the Kelp exploit
- Shutter unveiled Perpetual Endowment Networks
- Alchemix postponed lifting its V3 deposit caps
- Catalysis introduced Covered Vaults
- EtherFi updated its LayerZero DVN threshold to 4/4
- Eth.limo added support for local ENS gateways
- Fileverse launched Comments v2
- Fluid created the aWETH Redemption Protocol
- Lido outlined its EarnETH Vault plans re: the rsETH shortfall
- Lighter added support for ETH collateral
Polymarket is officially migrating to a new chain- Safe published its Q1 2026 report
🤫 The Privacy Stack
- Privacy Cash launched on Base
- Starknet rolled out its privacy-centric Shinobi upgrade
- Sunnyside Labs launched Privacy Boost on OP Mainnet
- Tom Lehman proposed baking private transfers into the Ethereum L1
🐸 The Culture
- DeFi United has nearly raised 100% of the funds needed to cover Kelp’s rsETH hack
- MegaETH is holding its TGE on April 30
- Giveth kicked off its Ethereum Security QF round
💽 The Tech
- Base introduced Azul, the L2’s first independent network upgrade
- L2BEAT launched its Interop page and added “Quantum Resistant” tags to its ZK Catalog
- Mantle transformed from a Validium into a ZK Rollup
- Ronin is migrating to the OP Stack
- ZKsync Lite is shutting down on May 4
Markets are hitting new highs, but crypto just took a major hit.
Ryan and David break down the $300M KelpDAO exploit and why it exposed deeper flaws across DeFi and Layer 2s, including Arbitrum’s controversial decision to freeze funds.
They also explore whether AI will drive deflation or inequality, unpack a new bullish ETH thesis, and debate why the biggest risks in crypto may be building beneath the surface.
Tune into this week’s Rollup! 👇
