A new report from Binance Research shows that a wave of DeFi hacks in April caused major damage to the decentralized finance sector, leading to an estimated $13 billion in total value locked (TVL) outflows and reducing liquidity across many on-chain protocols.
According to the report, the decline in locked assets pushed the DeFi leverage ratio to around 38%, a level not seen since 2021. However, Binance Research noted that this increase was not driven by stronger borrowing activity. Instead, it happened because the amount of capital locked in DeFi fell much faster than outstanding debt.
In simple terms, there is now less collateral supporting roughly the same amount of borrowing, making the system appear more leveraged and potentially more vulnerable to market stress.
April was one of the worst months for DeFi security in recent years. Binance reported that DeFi TVL dropped 10.7% during the month, falling to $82.7 billion. At the same time, hackers stole approximately $635 million from various protocols, marking the highest monthly loss since the major Bybit incident in early 2025.
Data from DefiLlama recorded 28 separate hack events during April, making it the busiest month on record for DeFi exploits.
The two largest attacks targeted Drift Protocol and KelpDAO. Drift lost around $285 million, while KelpDAO suffered losses of approximately $292 million. Together, the two incidents accounted for most of April’s stolen funds. Reports later linked both attacks to North Korea’s Lazarus Group.
These attacks highlighted how modern DeFi risks go beyond simple coding errors. Security researchers pointed to issues such as social engineering, compromised systems, governance weaknesses, and vulnerabilities in bridge infrastructure.
The KelpDAO exploit had a particularly large impact because it affected other protocols connected to its ecosystem. Binance Research said the attack created roughly $230 million in bad debt for Aave and caused Aave’s TVL to drop by about half. The incident demonstrated how problems in one protocol can quickly spread throughout the broader DeFi market.
KelpDAO has since completed key parts of its recovery plan. The protocol successfully restored its rsETH operations and resumed normal functions, including minting, redemptions, and rewards. While this helped stabilize the platform, concerns about leverage and liquidity in the wider DeFi market remain.
Although security losses fell sharply in May, risks have not disappeared. Blockchain security firm CertiK estimated that crypto hacks caused $68.3 million in losses during May, nearly 90% lower than April’s total.
Several notable incidents still occurred. Humanity Protocol reportedly lost more than $36 million after attackers gained access to administrative keys connected to its bridge systems. Aztec Connect suffered losses of about $2.1 million due to an issue involving an older smart contract, while Raydium announced plans to reimburse users following a $1.3 million exploit that affected several legacy liquidity pools on Solana.
Binance Research believes these incidents show that DeFi security remains a major concern. While the sector has recovered from some of the immediate damage, liquidity remains lower than before April’s exploit wave, borrowing activity has not fully normalized, and the process of reducing leverage across the market is still incomplete.
For now, the report suggests that DeFi continues to face a challenging balance between growth, innovation, and security as the industry works to rebuild confidence after one of its most difficult months in recent memory.







