April DeFi hacks threaten funds with markdowns, tight liquidity

Nearly 30 decentralized finance hacks in April drained more than $630 million from onchain protocols, with two exploits at Drift Protocol and KelpDAO accounting for over 90% of the losses. The breaches affected tokens, lending markets and onchain yield strategies used by funds.

Liquid and yield-focused funds reported exposure because they hold traded tokens, publish frequent net asset values or rely on stable borrowing costs. Investors and analysts expect these incidents to pressure fund returns and fundraising in the near term.

Security researchers linked multiple factors to the rise in attacks. Igor Igamberdiev, head of research at Wintermute, warned that large language models have improved and can help attackers identify easier vulnerabilities faster, while noting many incidents involved admin-function abuse and social engineering. Some analytics teams have speculated that state-linked actors may be using AI for reconnaissance and social engineering.

Other investors pointed to greater connectivity in DeFi as increasing the attack surface. Francis Zhan, an associate at Tribe Capital, summed the issue as “more complexity + more TVL = more attack surface per dollar secured.” Evgeny Gokhberg of Re7 Capital calculated that April's hack volume annualized would total roughly $750 million and estimated the hack-volume-to-TVL ratio falling from 7.24% in 2022 to about 1.49% in 2026 given projected growth in total value locked.

Operational shortcomings were also highlighted. Thomas Klocanas of Strobe Ventures reported many protocols lack real-time monitoring and often discover breaches only after users post on social media. Investors recommended continuous monitoring, stronger key management, stricter admin controls and clear incident response plans.

The hacks have several direct effects on funds. Amir Hajian of Keyrock outlined layers of pressure: direct markdowns to hacked collateral, indirect losses from positions that reference affected assets such as Pendle PT-rsETH tokens and Curve liquidity positions, and funding shocks when borrow rates spike. After the KelpDAO exploit, Aave recorded about $8.5 billion in outflows and borrowing costs rose, forcing some strategies to mark losses even where collateral remained untouched.

Funds that publish daily or weekly net asset values face choices when recovery takes weeks. Managers may gate redemptions, create side pockets or take immediate markdowns, each option affecting limited partners. Counterparties tightened exposure and revised credit terms, raising financing costs for some funds.

The DeFi industry coordinated more than $300 million in pledged support after the KelpDAO breach to limit contagion. Samantha Bohbot, partner at RockawayX, described the rescue as driven by participants protecting reputations and exposures. Investors noted emergency pledges are not a replacement for sustained security spending.

Investors identified demand for improved security tooling, including AI-powered real-time monitoring and anomaly detection. Some institutional capital has moved into permissioned pools, tokenized treasuries and real-world-asset vaults that offer more controlled risk profiles.

April's spike in incidents increased scrutiny on operational risk and placed short-term pressure on funds with exposure to onchain yield, lending markets and rapidly priced tokens. Industry participants reported plans for tighter controls, more monitoring and higher security budgets for protocols holding larger sums onchain.