Evgeny Gaevoy, CEO of the crypto market maker Wintermute, has issued a stark warning about the state of decentralized finance (DeFi), stating that innovation "looks quite grim" due to fundamental structural risks. His comments come in the wake of a major exploit on April 18, 2026, targeting KelpDAO, which resulted in losses of approximately $292 million.
Gaevoy's central argument focuses on the double-edged sword of composability—the ability for DeFi protocols to integrate and build upon each other like "money legos." While often touted as a key advantage, Gaevoy contends this creates tightly coupled systems where a single failure can cascade across multiple layers. "The way risk should be assessed has changed," he noted, as exploits' spillover effects are no longer contained within a single protocol.
The KelpDAO hack serves as a prime example. The attack did not stem from a simple smart contract bug. Instead, it involved poisoning downstream RPC nodes within the LayerZero Labs Decentralized Verifier Network (DVN), allowing attackers to alter verification pathways under specific conditions. A critical factor was a 1-of-1 DVN configuration for KelpDAO's rsETH (a liquid restaking token), creating a single point of failure despite LayerZero's architecture supporting more redundant, multi-DVN setups.
The repercussions were immediate and widespread. The rsETH token, used as collateral on the lending protocol Aave, triggered a liquidity crisis, forcing an emergency governance discussion to assess exposure and risk parameters. Beyond direct exposure, the broader DeFi market saw users withdraw roughly $10 billion from various protocols in a reaction observers described as having "bank run optics," demonstrating how fear propagates through interconnected systems.
This incident has reignited a critical debate on DeFi risk management. For builders, it underscores the need to continuously monitor the full dependency chain of integrated assets, not just perform one-time audits. For users, it highlights that a position's safety is tied to the weakest collateral asset a protocol accepts, as liquidation cascades can drain liquidity pools affecting everyone. The event puts renewed scrutiny on integration standards, especially for complex cross-chain assets and messaging layers like LayerZero.
