A series of recent attacks on Drift and Kelp shows that the market is no longer facing isolated hacks, but a sustained campaign against DeFi infrastructure. In just over two weeks, more than $500 million has been siphoned from the sector. And increasingly, it is clear that the attackers’ goal is not just individual protocols, but the very connectivity of the crypto market.
This marks a more dangerous phase. Previously, attacks were more often associated with exchanges, compromised credentials, or smart contract bugs. Now, the ‘technical layer’ of the market is under fire: bridges, asset reuse mechanisms, and cross-chain data channels. This is where the ecosystem’s most vulnerable parts are now concentrated.
Attacks Are No Longer Isolated Incidents
The key takeaway from the Drift and Kelp story is the pace. Less than three weeks passed between the two major incidents, and the total damage has already exceeded half a billion dollars. This changes the entire framework of the discussion.
When major losses repeat with such frequency, the market can no longer consider them coincidences. There is a sense of a consistent strategy, where attacks are selected not randomly, but for maximum effect on the entire system.
Kelp Was Not Hacked Through Cryptography
The Kelp case is especially telling. The attack was not related to key theft or breaking encryption. The system worked as designed, but attackers fed it false input data, which it accepted as legitimate.
This makes the incident even more dangerous. The problem did not arise from a fantastically complex vulnerability, but from how the trust architecture itself was built. The system checked who sent the message, but could not verify that the message itself was true.
Configuration Became the Weak Point
The basis of the attack was not just the overall design, but a specific configuration choice. Kelp used a single verifier to confirm cross-chain messages. This approach is faster and easier to operate, but it removes an important layer of protection.
This is where DeFi’s systemic problem becomes apparent. Formally, a protocol may be decentralized, but if one of its lower technical supports operates on a simplified scheme, the whole structure becomes fragile. In such a system, a single incorrect input can turn into a cascading failure.
The Impact Quickly Spread Beyond One Protocol
The incident did not stop there. The assets involved in Kelp were also used in other applications, including as collateral in lending protocols. This turned a local hack into a systemic episode.
This is why the consequences reached Aave. When a compromised asset is embedded in a chain of obligations, the problem stops being one project’s issue. It begins to spread further—through liquidity, collateral, settlements, and user trust.
DeFi Has Once Again Exposed Its Main Vulnerability
The market often sells the idea of decentralization as its main advantage. But the Kelp incident shows that decentralization is not a label, but a set of technical solutions. If even one layer of the system is centralized or overly simplified, the entire ‘decentralized’ brand quickly loses meaning.
This is especially painful for the sector. The user sees one interface and one token, but behind them lies a long chain of dependencies. The strength of this chain is determined by its weakest link, not by the team’s most attractive promises.
Hackers Shift Focus to Infrastructure
An important shift is also visible in the choice of targets. Previously, exchanges or obvious code vulnerabilities were the main focus of attacks. Now, the market’s ‘plumbing’—bridges, cross-chain protocols, asset reuse, validators, and configuration layers—is increasingly under fire.
This is logical. These areas concentrate a lot of value, and monitoring them is more difficult. They are more deeply embedded in the market, less understandable to the average user, and more often depend on human decisions during setup. For an attacker, this is almost the perfect combination.
The Problem Is Not Unknown Risks, but Known Ones
The most unpleasant part of this story is that it did not reveal a new category of threats. On the contrary, it showed that the ecosystem still does not know how to close well-known weak spots. This is not about a black swan, but about repeating a familiar scenario in new packaging.
This is why the attack seems so alarming. If the market continues to leave critical settings to the discretion of teams and operators, the speed of attacker adaptation will outpace the speed of fixes. And that is already a strategic problem.
For DeFi, This Is Not Just Losses, but a Crisis of the Model
Losses of $500 million in just over two weeks are not just about money. It is a blow to the entire trust model in the sector. DeFi still promises open access, flexibility, and capital efficiency, but each such episode reminds us that the market pays for this efficiency with complexity and fragility.
The more assets move between networks and protocols, the more a single failure infects other elements of the system. This makes infrastructure attacks especially destructive. They do not just steal funds, but undermine confidence that the ecosystem can isolate risk at all.
What Comes Next?
The main threat now is not just new attacks, but the repetition of already known models. If the market does not move from recommendations to mandatory security standards, such incidents will continue to occur. And each time, the price will be higher.
The sector will have to make an unpleasant choice. Either it sacrifices some speed, simplicity, and profitability for a stricter security architecture, or it continues to operate in a mode where a single failure at the bottom of the stack can undermine trust in the entire market. Judging by recent events, there is less and less time left for this choice.
Read More: Coinbase and Bybit Discuss Tokenizing U.S. Stocks for the Global Market
