CoinDesk
The $293 million KelpDAO exploit is becoming a defining case study in how DeFi's risk surface has moved. The contracts performed as their authors instructed, according to Eugene Mamin, chief technical master at the Lido Labs Foundation — the issue was that the authors were not the legitimate parties. A weakness in shared bridge infrastructure linked to LayerZero cascaded outward into protocols built on top of it, draining roughly $293 million in a single incident last month.
Why it matters
For years, the dominant narrative around DeFi exploits pointed at smart contract bugs — reentrancy, oracle manipulation, faulty logic. That category of failure has been largely tamed by formal verification, mature auditing tools, AI-assisted code review and sizeable bug bounty programmes, both Lido's Mamin and Sam MacPherson, CEO of Phoenix Labs (the team behind Spark), said. What's replaced it is operational and infrastructural risk: multisigs, key management, software supply chains, SaaS providers, cloud dependencies and the bridges that knit protocols together. "When you reuse someone else's infrastructure, you inherit their threat model," Mamin told CoinDesk. MacPherson put it bluntly: "Smart contract risk is largely a solved problem. Recently, all the hacks have been from bad operational security."
Market impact
Concentration is starting to look like a systemic risk vector. "If too much of the market depends on the same infrastructure, failures stop being isolated and start cascading," MacPherson said. Spark has seen deposits rise as users rotate into conservative lending markets and simpler collateral structures — both executives framed that rotation as DeFi's market voting for predictability over yield. The broader implication: security increasingly depends on the operational discipline of the people running the protocol — distributed multisigs, timelocks, rehearsed incident response, governance that avoids single points of control — rather than on the audit report alone. The sector's next test is whether that boring, infrastructure-grade discipline can scale before the next cascade.
Frequently asked questions
-
What happened in the KelpDAO exploit?
A weakness in shared bridge infrastructure linked to LayerZero allowed roughly $293 million to be drained from KelpDAO. The smart contracts executed as written — the issue was that the parties authorising transactions were not the legitimate operators, exposing operational rather than code-level risk.
-
Why are Lido and Spark framing the KelpDAO hack as an operational failure rather than a smart contract bug?
Both Eugene Mamin of Lido Labs and Sam MacPherson of Phoenix Labs argue that auditing tools, formal verification and bug bounty programmes have largely tamed contract-level bugs. They say recent large losses stem from multisigs, key management, SaaS providers, software supply chains and bridge dependencies — the…
-
How does shared bridge infrastructure create systemic risk in DeFi?
When many protocols depend on the same bridge, validator set or messaging layer, a single weakness can cascade across all of them. MacPherson of Phoenix Labs put it directly: "If too much of the market depends on the same infrastructure, failures stop being isolated and start cascading."
-
What is the "boring DeFi" shift the KelpDAO exploit is accelerating?
Industry leaders say investors are rotating from high-yield, complex protocols into simpler, more transparent lending markets with conservative collateral structures. Spark has seen deposits rise on that thesis. The framing is that predictability, strong risk management and reliable operations are becoming the…
-
What does operational security look like for a mature DeFi protocol?
According to Lido and Phoenix Labs, it means geographically distributed multisigs, timelocks on governance actions, rehearsed incident response plans, strict key management, audited software supply chains, and governance structures that avoid single points of control — web2-grade discipline applied to onchain…
Crypto News
WuBlockchain
TheBlock
CryptoSlate