在遭受 165 亿美元的攻击之后，DeFi 现在被迫接受它曾经抵制的控制

The rsETH crisis resulted in $200 million in bad debt on Aave's books, despite not a single line of its contracts misbehaving. On Apr. 18, attackers that Chainalysis preliminarily linked to Lazarus compromised RPC infrastructure, forced a failover to poisoned nodes via DDoS, and injected false data into a 1-of-1 DVN configuration on KelpDAO's rsETH bridge. The forged message released approximately 116,500 rsETH, and Aave's incident report confirmed that Ethereum accepted nonce 308 while the Unichain source endpoint never advanced past 307. The attacker supplied the compromised rsETH to Aave and borrowed against it, resulting in bad debt and serving as a frame for the current state of DeFi's security. Exploiters extracted over $635 million across 28 incidents in April, the worst monthly total in over a year. DefiLlama puts the cumulative historical cost of hacks at $16.5 billion, with $7.7 billion specifically targeting DeFi. The high-profile exploits on Drift and the KelpDAO bridge resulted in DeFi losing nearly $11 bilion in total value locked last month. That contraction occurred as stablecoin rails, tokenized treasuries, and regulated settlement layers gained institutional traction in the same capital markets. DeFi exploiters extracted $635 million across 28 incidents in April, the sector's worst monthly loss in over a year, while cumulative historical hacks reached $16.5 billion. How did DeFi end up here? Mitchell Amador, CEO of Immunefi, told CryptoSlate that DeFi has historically rewarded growth, integrations, liquidity, and speed over security maturity. A protocol that adds a new asset, bridge, oracle, adapter, or external dependency gains immediate utility. The risk that integration carries produces no visible price signal until an exploit materializes, because the absence of an incident is invisible while it holds. That asymmetry kept audit cycles and isolation practices secondary to shipping velocity for years, until April concentrated the consequences int