A series of recent attacks on Drift and Kelp shows that the market is facing not just isolated hacks, but a sustained campaign against DeFi infrastructure. In just over two weeks, more than $500 million has been drained from the sector. And as time goes on, it’s becoming clearer that the hackers' target isn’t just individual protocols, but the very interconnectedness of the crypto market.
We are talking about a more dangerous phase. If earlier attacks were more often associated with exchanges, compromised credentials, or errors in smart contracts, now the 'technical layer' of the market is under attack: bridges, asset reuse mechanisms, and interchain data transmission channels. This is where the most vulnerable part of the ecosystem is currently concentrated.
Attacks are no longer one-off episodes.
The key takeaway from the stories of Drift and Kelp is the timeline. Less than three weeks passed between two major incidents, and the total damage has already exceeded half a billion dollars. This changes the very framework of discussion.
When large losses recur with such frequency, the market can no longer consider them coincidences. There’s a sense of a consistent strategy, where attacks are not chosen randomly but based on maximizing the effect on the entire system.
Kelp was hacked not through cryptography.
The case with Kelp is particularly telling. The attack was not related to key hacking or encryption destruction. The system worked as intended, but the attackers fed it false input data that it accepted as valid.
This is what makes the incident more dangerous. The problem did not arise from a fantastically complex vulnerability but from how the architecture of trust was constructed. The system checked who sent the message but could not verify that the message itself was truthful.
The weak link has become the configuration.
The attack was based not only on the overall design but also on a specific choice of configuration. Kelp used a single validator to confirm interchain messages. This approach is faster and easier to operate, but it removes an important layer of protection.
This is where the systemic problem of DeFi manifests. Formally, the protocol may be decentralized, but if one of the lower technical supports operates on a simplified scheme, the entire structure becomes fragile. In such a system, one incorrect input can lead to a cascading failure.
The blow quickly exceeded a single protocol.
The incident did not stop there. The assets involved in Kelp were also used in other applications, including as collateral in lending protocols. This turned a local hack into a systemic episode.
This is why the consequences have reached Aave. When an infected asset is embedded in a chain of obligations, the problem stops being the issue of one project. It begins to spread further — through liquidity, collateral, settlements, and user trust.
DeFi has once again shown its main vulnerability.
The market often sells the idea of decentralization as its main advantage. But the Kelp incident shows that decentralization is not a label but a set of technical decisions. If even one level of the system is centralized or overly simplified, the entire brand of 'decentralization' quickly loses its meaning.
This is particularly painful for the sector. Users see one interface and one token, but behind them lies a long chain of dependencies. The strength of this chain is determined by its weakest link, not by the most attractive promises of the team.
Hackers are shifting their focus to infrastructure.
An important shift is noticeable in the choice of targets. If exchanges or obvious code vulnerabilities were the main objects of attack before, now the 'plumbing' of the market is increasingly under fire — bridges, interchain protocols, asset reuse, validators, and configuration layers.
This makes sense. These areas hold a lot of value, and they are harder to monitor. They are more deeply embedded in the market, less understandable to the average user, and more often depend on human decisions during setup. For an attacker, this is almost the perfect combination.
The problem is not in unknown risks, but in known ones.
The most unpleasant part of this story is that it did not open a new category of threats. On the contrary, it showed that the ecosystem still cannot adequately address well-known weak points. This isn't about a black swan, but about the repetition of a familiar scenario in a new wrapper.
This is precisely why the attack appears so alarming. If the market continues to leave critical settings to the discretion of teams and operators, the speed at which attackers adapt will exceed the speed of fixes. And that’s already a strategic problem.
For DeFi, this is not just losses but a crisis of the model.
Losses of $500 million over just two weeks is not just a matter of money. It's a blow to the entire trust model in the sector. DeFi still promises open access, flexibility, and capital efficiency, but every such episode reminds us that the market pays for this efficiency with complexity and fragility.
The more assets move between networks and protocols, the stronger one failure contaminates other system elements. This makes infrastructure attacks particularly destructive. They don't just steal funds, but undermine the confidence that the ecosystem can isolate risk.
What's next?
The main threat now is not only new attacks but the repetition of already known patterns. If the market does not transition from recommendations to mandatory security standards, such incidents will keep happening. And each time, the price will be higher.
The sector will have to make an unpleasant choice. Either it sacrifices some speed, simplicity, and profitability for a stricter security architecture, or it continues to operate in a mode where one failure at the bottom of the stack can collapse trust in the entire market. Judging by recent events, time for this choice is running out.
#HackerAlert #security #defi #Write2Earn
