KelpDAO/LayerZero Exploit Drains $290m, Freezes DeFi Markets

This report was originally sent directly to clients of Galaxy Trading and Galaxy Asset Management on April 21, 2026. Trade or invest with Galaxy to receive the most timely research directly in your inbox.

The report reflects the best available information at the time of writing. The situation remains fluid; figures on bad debt, Umbrella slashing, and resolution paths will update as Kelp, Aave governance, and LayerZero publish further disclosures. Galaxy Research will continue to monitor developments.

Executive Summary

On Saturday, KelpDAO's liquid restaking token, rsETH, suffered a ~$290 million hack, the largest DeFi exploit of 2026. An attacker, preliminarily identified as North Korea's Lazarus Group, exploited the single-verifier configuration that KelpDAO chose for its LayerZero omnichain fungible token (OFT) bridge to unlock 116,500 rsETH from the Ethereum mainnet escrow. Simply put, the hackers tricked the bridge into releasing tokens that should not have been released. The stolen tokens were immediately deposited as collateral on Aave, Compound, and Euler, primarily on the Ethereum L1 and Arbitrum blockchains, against which the attacker borrowed an estimated $236 million in WETH and wstETH.

The fallout is severe: 112,204 rsETH (roughly 15% of post-exploit supply) became unbacked on the bridge adapter, and only 40,373 rsETH remains in the Ethereum-side adapter as confirmed backing for the 152,577 rsETH outstanding on L2s. Aave froze rsETH, wrsETH, and WETH markets across all deployments, primary stablecoin markets reached 100% utilization (meaning there is zero liquidity for withdrawals), and Aave’s estimated bad debt stands at $123.7 million under uniform socialization of losses or $230.1 million if losses are isolated to L2 rsETH. Major DeFi projects have paused their LayerZero OFT bridges and withdrawal pressure has extended to protocols with no direct rsETH exposure, resulting in a $15 billion drop in total value locked (TVL) across DeFi since the exploit.

On Monday evening, the Arbitrum Security Council took emergency action to freeze 30,766 ETH held on Arbitrum and transfer it to an intermediary frozen wallet which can only take further action with the coins through Arbitrum governance. Immediately following Arbitrum’s actions, the exploiter’s wallet began transferring funds to new wallets in an apparent attempt to launder them. On Tuesday morning, Aave announced it had reopened WETH markets on Ethereum Core V3, although they remain at 100% utilization.

This note covers the exploit mechanics, the two resolution scenarios being modeled by Aave service providers, and the broader implications for Ethereum, the LRT category, and DeFi lending.

What Happened

The Attack Vector

KelpDAO uses a LayerZero Omnichain Fungible Token (OFT) adapter to make rsETH available across roughly 20 Ethereum layer-2s (L2s) and other blockchains. The adapter works on a lock-and-mint model where rsETH bridged out of Ethereum is locked in a mainnet escrow, and incoming cross-chain messages unlock it on return. The security of that escrow depends entirely on the integrity of the messages authorizing releases. LayerZero delegates message verification to Decentralized Verifier Networks (DVNs) and each application chooses how many DVNs must sign off before a message is delivered. KelpDAO ran a 1-of-1 configuration with LayerZero Labs as the sole verifier.

At 17:35 UTC on Saturday, the attacker delivered a forged LayerZero packet claiming to originate from Unichain (Uniswap’s L2) to the rsETH OFT adapter. The adapter then released 116,500 rsETH to the attacker's address on the Ethereum L1 in a single transaction. Two follow-on attempts were blocked when KelpDAO paused contracts 46 minutes after the initial drain. LayerZero's post-mortem, published April 20, identifies the mechanism as a remote procedure call (RPC) poisoning attack rather than key theft, social engineering, or a protocol bug. The DVN instance itself and the signing keys were never compromised. Instead, attackers corrupted two of the downstream RPC nodes the DVN relied on to verify what was happening on the source chain, then launched a DDoS attack on the uncompromised RPCs to force the DVN to fail over to the poisoned ones. The compromised nodes were designed to report fake transaction data to the DVN while continuing to report accurate data to every other system, keeping the attack invisible to LayerZero's monitoring infrastructure until the drain had cleared.

LayerZero attributes the operation with preliminary confidence to the DPRK's Lazarus Group, specifically its TraderTraitor subunit, and has stated it will no longer sign or attest messages from any application running a 1-of-1 DVN configuration. The attribution is meaningful beyond this incident. Lazarus is now preliminarily linked to both the Drift exploit on April 1 ($285 million, six-month infiltration preceding an administrative-key compromise) and the KelpDAO exploit on April 18 ($292 million, infrastructure RPC poisoning). That totals roughly $575 million drained from DeFi by one state-sponsored unit in 18 days through two structurally different attack vectors, neither of which involved a smart-contract bug. Kelp is now the largest crypto-related exploit since the $1.4 billion Bybit breach in February 2025.

The Cashout

Rather than attempting to sell all the 116,500 rsETH on decentralized exchanges (DEXs), which would have crashed the price, the exploiter primarily used the rsETH as collateral to borrow against. Primary amounts borrowed by market and chain include:

On the Aave side, the 5-of-9 Protocol Emergency Guardian froze rsETH and wrsETH markets across all deployments at 18:52 UTC (77 minutes after the drain). On Aave V4, the Protocol Security Council disabled supply and borrow on the Ethereum Core Hub and the Kelp E-Spoke via configuration updates. As a precautionary follow-up at 02:28 UTC on April 20, the Protocol Guardian froze WETH on Ethereum Core, Prime, Arbitrum, Base, Mantle, and Linea, preventing new borrows against WETH collateral while the situation was assessed.

The borrowed assets were swapped to ETH and are now consolidated in the exploiter’s wallet, with 75,700 ETH on Ethereum and 30,765 ETH on Arbitrum. Roughly 89,567 rsETH remains inside Aave on both chains (53,400 on Ethereum and 36,167 on Arbitrum), pledged against the outstanding ETH debt.

DeFi Contagion

Within 48 hours of the drain, DeFi's TVL fell by roughly $13 billion, from ~$99.5b to ~$86.3b. Aave absorbed the majority of that outflow with roughly $8.45b over two days, reducing TVL from $26.4b to $17.9b and costing Aave its position as the largest DeFi protocol by deposits. Lending outflows spread even to protocols with zero rsETH exposure. Morpho, Sky, and JupLend all endured meaningful net outflows despite having no or minimal connection to the exploit.

The most acute stress is on Aave's lending markets. WETH utilization hit 100% within hours of the exploit as depositors raced for the exit. Nearly $5.4b of ETH and WETH left Aave by Sunday morning alone. At full utilization, Aave's design doesn't allow withdrawals, because there is no idle liquidity in the pool to redeem against. Whoever withdraws first is made whole, while whoever comes later must wait for new supply to arrive or borrowers to repay.

Source: Aave mainnet ETH-correlated markets as of 4/20/26

Aave's stablecoin markets are also essentially frozen. USDT and USDC pools reached 100% utilization as users sold other assets for stablecoins they then withdrew. Approximately $5.1b of stablecoin deposits are now subject to withdrawal constraints across the protocol.

Source: Aave mainnet stablecoin markets as of 4/20/26

Protocols beyond Aave moved quickly to contain exposure. SparkLend, Fluid, and Upshift froze their rsETH markets within hours of the exploit. Lido paused deposits into its earnETH product, which held rsETH exposure, while noting that stETH and wstETH remain unaffected. Ethena temporarily paused its LayerZero OFT bridges from Ethereum mainnet. Curve Finance and BitGo (the custodian for WBTC) also halted specific functions in response to the broader uncertainty. Morpho was a clear exception. CEO Paul Frambot disclosed total rsETH exposure of merely $1 million across two isolated markets, with other vaults entirely unaffected, because Morpho's architecture confines each market's losses to that specific pool rather than propagating them into a shared liquidity layer.

Yield-structuring and vault venues moved in parallel. Pendle paused its rsETH principal and yield token (PT and YT) markets to prevent mispriced trading while the impairment of the underlying collateral was being assessed. Yearn froze vaults with rsETH allocations, Beefy froze rsETH-denominated strategies, and Upshift paused its High Growth ETH and Kelp Gain vaults. A handful of protocols took precautionary action on unrelated LayerZero integrations. Most notably, Lombard Finance paused LBTC cross-chain routes, reflecting a broader assessment of LayerZero OFT configurations industrywide rather than any direct rsETH exposure.

Aave bore the brunt of exposure as a direct consequence of its decision in January to allow rsETH as collateral for wETH in its E-Mode, which raised the maximum loan-to-value (LTV) for such loans to 93% from 72%. For comparison, SparkLend caps rsETH-backed borrowing at 72% LTV and Fluid at roughly 75%. Additionally, following the exploit, analysts deduced that rsETH was targeted because it had the largest exploitable value on the bridged setups, suggesting the attacker spent considerable effort ahead of time to determine the most valuable hack.

On Tuesday, Aave partially reversed the WETH freeze, unfreezing the Ethereum Core V3 WETH reserve to allow new supply while keeping the collateral LTV at 0 (preventing borrowing against it). WETH reserves on Ethereum, Prime, Arbitrum, Base, Mantle, and Linea remained frozen. The stated objective was to let fresh liquidity return to the market.

Arbitrum Seizes Exploited Funds

On April 21 at 11:26 p.m. ET, the Arbitrum Security Council, a 12-member multisignature wallet, executed a 9-of-12 vote to recover the 30,766 ETH the attacker had bridged to Arbitrum. The mechanism was unusual. Rather than freezing the funds at the attacker's address, the Council temporarily upgraded the L1 Delayed Inbox (the bridge contract handling all Ethereum-to-Arbitrum messages), added a function capable of sending cross-chain messages on behalf of any address without its private key, forged a message in the attacker's name transferring the ETH to a protocol-controlled burn address, and reverted the contract to its original state. The funds are now in a frozen intermediary wallet that can only be moved by a subsequent governance vote of ARB tokenholders.

The implications cut two ways. The recovery expands the envelope of potentially recoverable funds by roughly one-quarter of the attacker's total consolidated ETH position, materially changing the coverage math for any resolution scenario. But the mechanism demonstrates that Arbitrum's 9-of-12 Security Council can upgrade core bridge contracts with zero delay and introduce new privileged functionality for any purpose. In this case, the power was used to reverse a state-actor theft, but the capability itself is general-purpose.

Arbitrum is classified as a Stage 1 rollup by L2Beat, the industry's primary L2 security framework. That means it has satisfied Stage 0 and Stage 1 requirements: users can exit without operator help; they have 7-day exit windows for unwanted upgrades; the Security Council is properly constituted. But Arbitrum has not yet met the two Stage 2 requirements that would remove the Security Council's unilateral upgrade authority. No major rollup has reached Stage 2. The freeze mechanism used here is precisely the capability Stage 1 classification formalizes, and precisely the capability Stage 2 is intended to remove.

Resolution Paths

The most important outstanding questions are how the losses will be socialized among affected users and how the bad debt will be accounted for. The major parties involved — KelpDAO, LayerZero, Aave — have not yet released a framework for recovery. To further complicate the situation, Arbitrum DAO now has a role in determining the recovery path as it holds roughly $71 million of the attacker-consolidated ETH.

Prior to the Arbitrum recovery on Monday, LlamaRisk, the risk manager for Aave, published an incident report describing potential recovery paths. On the backing side, 112,204 rsETH is unbacked at the Ethereum bridge adapter. The adapter holds 40,373 rsETH (a partial recovery from a reverted second-drain attempt) against 152,577 rsETH of outstanding L2 claims, producing a maximum pro-rata L2 backing ratio of 26.46% from the adapter alone. Mainnet rsETH is not directly affected by the adapter shortfall because it is backed by Kelp's underlying ETH staking deposits, not the bridge. That distinction sets up the two scenarios being modeled.

On the coverage side, the primary assets available to address the bad debt are the Aave DAO treasury ($181m, composed of $62m in ETH-correlated holdings, $54m in AAVE, and $52m in stablecoins), the Umbrella safety module (~$54m of aWETH coverage on Ethereum L1 only, with no L2 coverage), and any portion of the 40,373 rsETH sitting in the adapter that Kelp may choose to allocate. The Arbitrum freeze of $71m in attacker-held ETH adds a potential second recovery source for the L2 shortfall, but one that requires Arbitrum governance to allocate the funds toward rsETH holders specifically rather than other competing claimants.

Two primary scenarios are under consideration, according to LlamaRisk:

Scenario 1: Uniform socialization across all rsETH

Under Scenario 1, the 112,204 unbacked rsETH is treated as diluting the entire supply. Every rsETH token, on every chain, takes a ~15.12% haircut. LlamaRisk's modeling estimates total bad debt across Aave V3 at approximately $123.7 million, concentrated in the wETH reserves. Ethereum L1 absorbs the largest absolute loss at $91.8m (a 1.54% shortfall against the reserve's $5.98b), followed by Mantle at $10.4m (a 9.54% shortfall, the highest proportional impact) and Arbitrum at $10.3m (a 3.11% shortfall). The Umbrella WETH module would absorb roughly 60% of the Ethereum shortfall, leaving a residual gap of ~$38m on mainnet before any treasury deployment. L2 shortfalls of ~$28m have no Umbrella backstop and would need to be addressed through the DAO treasury or other means. If any portion of the Arbitrum-frozen $71m is directed toward Aave's bad debt, the residual gap shrinks correspondingly. Otherwise, the residual ~$70m gap falls to DAO treasury, external commitments, or pro-rata WETH supplier haircuts.

Source: LlamaRisk Incident Report

Scenario 2: Losses isolated to L2 rsETH

Under Scenario 2, mainnet rsETH is treated as fully backed (because it does not depend on the bridge), and the entire shortfall is concentrated on L2 rsETH, which reprices to 26.46% of the pre-exploit value. LlamaRisk's modeling estimates total bad debt at approximately $230.1 million, all on L2 chains. Mantle faces a 71.45% WETH shortfall ($77.7m in bad debt), Arbitrum a 26.67% shortfall ($88.4m), Base 23.28% ($47.5m), and Ink 18% ($13.9m). Ethereum mainnet is unaffected. No Umbrella coverage is available because the module covers only Ethereum reserves. The Arbitrum-frozen $71m could offset roughly 30% of the total L2 shortfall if directed toward rsETH recovery. The remainder would fall to KelpDAO's resources, external commitments, or L2-specific pro-rata haircuts.

Looping Risks

LlamaRisk and the Aave Risk Stewards reduced the WETH Slope2 parameter on Arbitrum, Base, Mantle, and Linea, lowering the 100% utilization borrow rate to 3.0% APR from a range of 8.5%-10.5% APR. The stated objective was "keeping leveraged positions viable and preserving reserve stability across affected markets." The mechanism is a trade-off. At punitive rates, leveraged loopers on non-impaired LSTs (wstETH, weETH) would be forced to repay as rate pressure built, which would free withdrawal liquidity for other depositors. Lower rates keep those loopers in place, which preserves reserve stability at the cost of keeping withdrawal liquidity locked up.

LlamaRisk's April 20 modeling quantifies the potential bad debt across two scenarios. A uniform 15.12% haircut across all rsETH (Scenario 1) would generate approximately $123.7m in total bad debt across Aave V3, concentrated on Ethereum Core at $91.8m (1.54% shortfall against the reserve), with smaller impacts on Mantle ($10.4m, 9.54% shortfall), Arbitrum ($10.3m, 3.11%), and Base ($6.1m, 3.00%). An L2-isolated scenario with a 73.54% haircut on non-mainnet rsETH (Scenario 2) generates approximately $230.1m — no impact on Ethereum Core but severe on L2s, with Mantle at 71.45% WETH reserve shortfall, Arbitrum at 26.67%, and Base at 23.28%. The underlying mechanism is the same: most affected positions were opened at up to 95% LTV, the applicable haircut exceeds the collateral buffer, and post-liquidation collateral value is insufficient to cover outstanding debt.

Source: LlamaRisk Incident Report

The onchain position book sharpens the exposure picture. As of April 20, there are 27 rsETH-collateralized positions on Aave Ethereum Core with outstanding WETH debt, totaling approximately $1.16 billion. Of those, 17 positions with $818m in debt (or roughly 70% of the book) are operating in a stress zone with health factors below 1.05. This means they sit within 5% of their liquidation threshold. The top three positions alone (at $254m, $169m, and $136m) account for more than half of all rsETH-collateralized borrowing on Aave mainnet, and all three are in that stress zone. A haircut to rsETH collateral that pushes health factors below 1.00 would trigger liquidations across the entire stress cluster simultaneously.

Source: Galaxy Research Internal Data as of 4/20/26

The asymmetry between the two paths

Scenario 2 is the outcome that would result from KelpDAO taking no action to socialize losses, because mainnet rsETH is already structurally insulated by Kelp's underlying ETH staking deposits. Scenario 1 requires KelpDAO to affirmatively decide to haircut mainnet holders in order to distribute the pain more widely. We would expect protocol preferences to diverge accordingly. Lending protocols with mainnet-heavy exposure (primarily Aave’s Ethereum Core deployment and Compound) have an incentive to advocate for Scenario 2 because mainnet rsETH retains full backing, while protocols and users with L2 exposure would logically prefer Scenario 1's smaller per-holder impact.

The worst case is failure of the parties to reach an agreement. Prolonged uncertainty would see the full rsETH collateral on Aave marked down further, losses socialized across WETH depositors via pro-rata haircut, and liquidation cascades as looping positions deteriorate. The market is pricing a 1%-2% discount on aWETH deposits, and that discount is likely to widen the longer resolution takes.

Given the lack of a formal resolution process and unconfirmed reports that KelpDAO is working with lawyers to limit liability, it appears that Aave service providers are in the process of securing external commitments to backstop a portion of the bad debt. (LlamaRisk's report notes "indicative commitments from various parties" without disclosing specifics.)

Implications

For Ethereum and ETH

The Ethereum L1 suffered no technical issues during the exploit, but the reputational damage to a chain whose core value proposition is secure settlement and issuance is meaningful regardless. The timing compounds it. In September 2025, Ethereum creator Vitalik Buterin published "Low-risk defi can be for Ethereum what search was for Google," an essay arguing that blue-chip DeFi lending could serve as Ethereum's sustainable economic backbone. Seven months later, the single application most central to that thesis will potentially absorb nine-figure bad debt from a bridge configuration choice downstream of a state-sponsored exploit.

The exploit also reveals a flaw of Ethereum's rollup-centric roadmap. Deploying a single LRT across 20+ networks multiplied the infrastructure surface area that had to be secured, and the day-to-day movement of rsETH across chains ran through a third-party LayerZero OFT whose security depended on one signer. Whether protocols with more conservative architecture (Morpho's isolated vaults, SparkLend's lower LTVs) will absorb the flows Aave is likely to lose, or Ethereum DeFi loses relevance faster than its best architectures can scale, is the open question for the sector.

The question for ETH as an asset is more fundamental. Ethereum's technical focus is already shifting back toward the L1 through the Strawmap program, which will need to move rapidly to scale and rebuild trust following the exploit. The pace at which DeFi recovers, institutional flows return, and the ecosystem regains its narrative footing will depend on execution against that roadmap, but also on a genuine recognition, not a marketed one, that a permissionless and trustless settlement layer offers practical advantages over siloed, permissioned alternatives.

In September 2025, Ethereum creator Vitalik Buterin published " Low-risk defi can be for Ethereum what search was for Google," an essay arguing that blue-chip DeFi lending could serve as Ethereum's sustainable economic backbone. Seven months later, the single application most central to that thesis will potentially absorb nine-figure bad debt from a bridge configuration choice downstream of a state-sponsored exploit. Seven months later, the single application most central to that thesis will potentially absorb nine-figure bad debt from a bridge configuration choice downstream of a state-sponsored exploit.

For DeFi Lending (Primarily Aave)

This is the second nine-figure incident in 2026 where LRT collateral accepted on Aave produced bad debt downstream of a non-Aave failure. Loan-to-value ratios on collateral are likely to tighten, and the case for isolation-mode-only listings is now substantially stronger. The broader risk-framework lesson is subtler. A single verifier on KelpDAO's LayerZero configuration had effective admin-level power over Aave's WETH markets, which means risk review must account not just for the collateral asset but for every trust assumption embedded in the asset's bridge and custody stack.

While the Umbrella module provides some backstop, the coverage sizing and scope are the exposed gaps. The Ethereum Core module covers ~$54m against a potential $92m Ethereum shortfall under Scenario 1 (leaving a ~$38m residual gap), and L2 deployments have no Umbrella coverage at all. LlamaRisk has also recommended a preemptive pause of the WETH Umbrella module because 80% of staked aWETH has already entered cooldown (the 20-day waiting period to unstake) and is positioned to exit once the cooldown ends. Pausing the module blocks those withdrawals and forces any staker wanting to leave to restart the cooldown clock, preserving the full ~$54M of coverage rather than letting it atrophy to a sliver of its current size before it can be deployed.

Aave's shared-pool model is now under direct scrutiny in the governance forum, and the argument that an isolated-vault system would have contained losses the same way is the structural critique most likely to shape next-round collateral frameworks. One tail risk deserves explicit attention. If the realized aWETH loss rate rises high enough, USD stablecoin markets accepting aWETH as collateral face unprofitable liquidations when the aWETH secondary-market discount exceeds the liquidation penalty. Liquidators stop operating, positions cannot be cleared, and the market carries undercollateralized debt. This is not a base case, but the probability rises with every day the rsETH resolution takes.

Expect meaningful contraction in the collateral universes lending protocols are willing to accept, particularly LRTs and LSTs, where multiple protocols will re-review listings and delist marginal issuers while tightening parameters on the rest. Cross-chain bridging activity is likely to decline materially as users and integrators reassess OFT-style configurations industry-wide, and LRT TVL more broadly will compress as users exit positions until backing mechanics can be clearly separated from bridge configurations. The leveraged looping trade that drew capital to Aave at 93% E-Mode LTVs will not clear its cost of capital at tighter parameters, and that flow will migrate back toward wstETH and weETH, or out of looping entirely.

The exploit lands at an unusually exposed moment for Aave, compounding a set of governance and operational challenges Galaxy Research has covered in recent weeks (see prior coverage), including losing three of its most important external contributors – Chaos Labs, BGD Labs, and the Aave Chan Initiative. Aave also faces increased competition, primarily from Morpho, which was largely unaffected by the exploit. While Morpho had gained market share over the past year, Aave had mostly maintained its deposit base. This exploit changes that dynamic because Aave for the first time is experiencing the equivalent of a bank run.

The Broader Security Shift

April 2026 has been catastrophic for DeFi, with over $605 million lost across 12+ protocols in less than 20 days. Two of the three largest events are attributed to the DPRK's Lazarus Group. Specifically, its TraderTraitor subunit has been linked to both Drift on April 1 (administrative-key compromise following a six-month infiltration) and Kelp on April 18 (infrastructure RPC poisoning). That is roughly $575 million drained by a single state-sponsored unit in 18 days through two structurally different attack vectors, neither of which involved a smart-contract bug.

Improving AI tooling appears to be a factor in the pace of attacks. Near term, this advantages attackers. Code already in production was deployed before modern code-reasoning models existed, while the attackers examining that code today have access to tools that make systematic discovery of misconfigurations much faster. Over time, this should reverse as AI-assisted audit tools get integrated into development pipelines and older systems are hardened or deprecated. But that reversal is not imminent, and DeFi is operating in the window between.

The timing is difficult for a second reason. This cycle of losses is landing while U.S. crypto legislation (specifically the CLARITY Act) is progressing through Washington. The exploits undermine arguments that crypto offers a safer and more transparent alternative to legacy financial rails. Opponents can now point to $605 million in losses over 20 days, with state-actor attribution on the two largest.

At the same time, the bill itself includes provisions directly relevant to incidents like these. Section 305 ("Temporary hold for certain digital asset transactions") creates a voluntary safe harbor that protects stablecoin issuers and digital asset service providers from private liability when they place a temporary hold (up to 30 calendar days initially, extendable by an additional 150 days at law enforcement request) on transactions they reasonably believe are linked to illicit activity. The provision does not compel freezing, but it removes the legal risk that has historically discouraged voluntary intervention, and if enacted could make exploits like the ones seen in recent months more easily resolvable.

The ‘Credibly Neutral’ Question

The KelpDAO exploit, together with the Drift incident three weeks earlier (where calls circulated for Circle to freeze USDC proceeds), surfaces a tension DeFi has not fully addressed. The promise of DeFi rests on credibly neutral infrastructure where there is no single point of failure and no entity can decide to do whatever it wants. The reality on display in April 2026 is different. When losses cross nine figures, the preference runs toward whichever centralizing power can act fastest. Arbitrum's Security Council upgraded a bridge contract to recover attacker funds. Circle's blacklist function is invoked as a fallback. Law enforcement coordination is increasingly assumed to be part of DeFi's crisis response rather than external to it.

The question is not whether intervention is acceptable in the abstract but whether the capability is bounded, governed, and predictable. The Arbitrum freeze is a useful stress test. The capability was used responsibly this time, but the mechanism demonstrated that the Security Council can upgrade core contracts to move funds from any address, a general-purpose power, not one scoped to recovery. Some practitioners have begun drawing an explicit distinction between "DeFi" and what they term "MultisigFi," systems that function well but are governed by a small set of signers with upgrade authority over core infrastructure. The distinction matters less as a purity test than as a classification question. Institutional users evaluating protocols need to know which category they are underwriting, and the ecosystem blurs the two. The pressure now is on governance bodies to publish formal policies on when emergency powers may be exercised, rather than leaving each incident to case-by-case discretion.

The direction of travel that would reduce this attack surface is genuine decentralization of the components that remain centralized today — multi-DVN configurations, distributed RPC infrastructure, reduced privileged upgrade authority, isolation of shared risk. The MultisigFi response is the opposite: treat centralization as a feature that enables rapid crisis intervention. Both are defensible positions, but only one of them reduces the attack surface that produced the incidents in the first place. Which direction the ecosystem moves over the next year is one of the more consequential questions surfaced by this month's events.