# Сопутствующие статьи по теме DeFi

Новостной центр HTX предлагает последние статьи и углубленный анализ по "DeFi", охватывающие рыночные тренды, новости проектов, развитие технологий и политику регулирования в криптоиндустрии.

A Transformative Era for DeFi Collateral: Exploring RWA as the New Composable Infrastructure for DeFi

DeFi Collateral Transformation: RWA Emerges as Composable Infrastructure The tokenized Real-World Asset (RWA) market has reached $27 billion, yet only about $2.7 billion is actively used as collateral in DeFi lending markets. This growth was accelerated by key 2025-2026 regulatory milestones in the U.S., including the GENIUS Act for stablecoins and the classification of major blockchain tokens as digital commodities. The composition of tokenized assets differs significantly from those actively used in DeFi. U.S. Treasuries dominate tokenized AUM (48.5%) but represent only 2% of DeFi deposits. Conversely, credit assets (17% of AUM) constitute 80% of deposits, driven by yield differentials that enable profitable leverage strategies. Reinsurance is emerging as a new composable asset class, with over 80% of its tokenized supply active in DeFi. The market is evolving in real-time. As yield spreads compress, collateral diversification is increasing, evidenced by Aave Horizon's shifting composition. Permissionless access is a critical driver for distribution, as demonstrated by Maple Finance's 'syrup' tokens, which have been composably deployed across multiple chains and protocols without requiring permissions. In conclusion, while the absolute value of RWA in DeFi is still small, its rapid growth rate, the divergence between tokenized and utilized assets, and the power of permissionless composability are the key trends shaping this new infrastructure layer.

marsbit04/20 10:22

A Transformative Era for DeFi Collateral: Exploring RWA as the New Composable Infrastructure for DeFi

marsbit04/20 10:22

When Wallets Start Embedding AI Agent: The New Interaction Paradigm of ERC-8211, Why Is It Worth Attention?

The article discusses ERC-8211, a new Ethereum standard developed by Biconomy and the Ethereum Foundation, aimed at enabling dynamic, multi-step on-chain execution for AI agents and complex DeFi workflows. Currently, AI agents can plan multi-step operations (e.g., swapping ETH for USDC, bridging, and depositing into a protocol), but execution fails due to static parameters in existing batch processing standards like ERC-4337. These static batches freeze values (e.g., swap amounts) at signing, making them vulnerable to slippage, gas changes, and chain state shifts, often resulting in partial or failed transactions. ERC-8211 introduces a programmatic approach ("From transactions to programs") with three primitives: - **Fetchers**: Retrieve real-time on-chain values (e.g., current balance) during execution. - **Constraints**: Enforce conditions (e.g., minimum output amount) before proceeding. - **Predicates**: Act as gatekeepers between steps (e.g., wait for cross-chain funds to arrive). This allows atomic execution of multi-step transactions with dynamic, condition-based flow, reducing failure risks and idle capital. The standard is compatible with account abstraction (e.g., ERC-4337) and shifts wallets from mere signers to interpreters of intent-based programs, enhancing security and usability for AI-driven DeFi. It represents the next evolution in on-chain interaction, enabling one signature to execute a dynamic, outcome-oriented program.

marsbit04/20 10:21

When Wallets Start Embedding AI Agent: The New Interaction Paradigm of ERC-8211, Why Is It Worth Attention?

marsbit04/20 10:21

The $290 Million Deficit: A Three-Way Game Between Aave, L0, and Kelp—Who Should Foot the Bill?

An incident involving the theft of 116,500 rsETH (worth approximately $290 million) from Kelp DAO’s cross-chain bridge contract has triggered a complex dispute over responsibility and compensation among Kelp DAO, LayerZero, and Aave. The attack occurred due to a compromised RPC provider used by LayerZero’s Decentralized Verifier Network (DVN). Since Kelp DAO’s bridge used a 1/1 DVN configuration—a single point of failure—the attacker successfully forged a cross-chain message, leading to the unauthorized release of rsETH tokens from the mainnet. These genuine tokens were then deposited into Aave and other lending platforms to borrow WETH, enabling the attacker to exit with the funds. Responsibility is attributed primarily to Kelp DAO for its risky 1/1 DVN setup. LayerZero bears secondary responsibility for permitting such a vulnerable configuration in its protocol layer. Aave also shares indirect blame for over-collateralizing rsETH and other Liquid Restaking Token (LRT) assets without adequate ongoing risk oversight. Kelp DAO lacks sufficient funds to cover the loss, shifting focus to the deeper-pocketed players: LayerZero, whose cross-chain ecosystem and reputation are at risk, and Aave, which faces massive bad loans and declining Total Value Locked (TVL). Aave has asserted that mainnet rsETH remains fully backed, implying it expects Kelp DAO to allow redemption of underlying ETH. This approach would preserve Aave’s mainnet positions but invalidate Layer2 rsETH, damaging LayerZero’s cross-chain credibility. Potential solutions include: - A universal 18.5% haircut on all rsETH holders, causing significant Aave bad debt. - Writing off Layer2 rsETH entirely, protecting Aave mainnet but harming LayerZero and Kelp DAO. - Negotiating a bounty with the hacker for partial fund return. - A joint bailout, possibly led by LayerZero’s ecosystem fund, given its long-term stake in the cross-chain ecosystem. The situation remains unresolved as the parties negotiate, but prolonged delay risks broader DeFi instability, including potential liquidity crises and loss of confidence in LRT and cross-chain infrastructures.

Odaily星球日报04/20 08:52

The $290 Million Deficit: A Three-Way Game Between Aave, L0, and Kelp—Who Should Foot the Bill?

Odaily星球日报04/20 08:52

On the Same Day Aave Introduced rsETH, Why Did Spark Choose to Exit?

On April 18, Kelp DAO's cross-chain bridge was exploited, resulting in the malicious minting of 116,500 unbacked rsETH. The attacker deposited these into Aave and borrowed WETH, creating a potential bad debt of approximately $195 million. Aave’s Guardian quickly froze the market, but the protocol’s insurance could only cover about 25% of the loss. In contrast, SparkLend, a lending protocol in the MakerDAO ecosystem, suffered no direct losses. This was not due to superior foresight but rather a preemptive governance decision. On January 29, Spark executed a governance action to discontinue new rsETH supply, citing low usage and high concentration from a single wallet. The same day, Aave expanded its rsETH market by enabling E-Mode with a 93% LTV to attract more deposits. Spark’s risk management framework is designed to remove assets with low usage or poor risk-adjusted returns, regardless of external security concerns. Aave’s decision was growth-oriented, aiming to boost WETH utilization and attract capital. Spark also employs additional safeguards: rate-limited supply and borrow caps that would have limited the scale of such an attack, and a robust oracle system using the median of three price feeds. These mechanisms systemically contain the maximum exposure to any single risk event, demonstrating a fundamentally different approach to risk than Aave’s growth-first model.

marsbit04/20 08:14

On the Same Day Aave Introduced rsETH, Why Did Spark Choose to Exit?

marsbit04/20 08:14

Strategy's 'Money Printer': Is STRC Bitcoin's Savior or Destroyer?

Bitcoin's recent price movement is being heavily influenced by Michael Saylor and his company, MicroStrategy, through a new financial instrument: STRC (Variable Rate Series A Perpetual Stretch Preferred Stock). This Nasdaq-listed perpetual preferred stock offers an 11.5% annual dividend, attracting significant capital. Crucially, funds raised from STRC are used to purchase Bitcoin, with a 3x leverage effect—for every $1 from STRC, MicroStrategy adds $2 from MSTR equity to buy $3 worth of BTC. This creates a powerful "flywheel": more STRC sales fuel massive BTC buying, supporting its price and improving MicroStrategy's credit, which in turn makes STRC more attractive to investors. However, this mechanism introduces risks. A significant "ex-dividend arbitrage" pattern has emerged, where traders buy STRC before its monthly dividend, collect the payout, and quickly sell, causing price volatility and potentially driving up Bitcoin's cost basis for MicroStrategy. In response, Saylor has proposed shifting STRC to a semi-monthly dividend to smooth out these effects. Furthermore, STRC's high yield is being integrated into DeFi protocols like Apyx Protocol and Saturn Credit, offering new on-chain yield opportunities. The central concern remains: as MicroStrategy aggressively accumulates over 3.5% of all BTC, it challenges Bitcoin's foundational principle of decentralization, creating a system where a single public company significantly influences the market.

marsbit04/20 08:06

Strategy's 'Money Printer': Is STRC Bitcoin's Savior or Destroyer?

marsbit04/20 08:06

L1 is Dead, Long Live Appchain

"L1 is Dead, Appchain Rises" critiques the failure of current Layer-1 (L1) blockchain models, arguing their tokens are trending toward zero. The author identifies key flaws: linear token emissions that incentivize selling rather than value creation, weak value propositions like "gas token" and "governance" narratives, mismanagement by bloated "foundations" or "labs" that drain value through excessive spending and token sales, and poor industry leadership focused on short-term narratives and overhyped trends like RaaS and high TPS. The solution proposed is a fundamental shift. New L1 token models are needed, moving away from the "low float, high FDV" paradigm that disadvantages retail investors. Fundraising should be sufficient only for launch, not excessive. Token unlocks should be tied to real milestones like CEX listings or DeFi integration. The ultimate goal should be for L1 tokens to become widely used mediums of exchange, not just fuel for networks. Value is increasingly moving to the application layer, with successful apps building their own chains (appchains). The author concludes that L1s must build sustainable value by creating useful applications and services, fostering strong holder communities, and achieving self-sustainability without relying on continuous token emissions.

marsbit04/20 03:36

marsbit04/20 03:36

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

An open-source AI security tool flagged critical risks in Kelp DAO’s cross-chain architecture 12 days before a $292 million exploit on April 18, 2026—the largest DeFi incident of the year. The vulnerability was not in the smart contracts but in the configuration of LayerZero’s cross-chain bridge: a 1-of-1 Decentralized Verifier Network (DVN) setup allowed an attacker to forge cross-chain messages with a single compromised node. The tool, which performs AI-assisted architectural risk assessments using public data, identified several unremediated risks, including opaque DVN configuration, single-point-of-failure across 16 chains, unverified cross-chain governance controls, and similarities to historical bridge attacks like Ronin and Harmony. It also noted the absence of an insurance pool, which amplified losses as Aave and other protocols absorbed nearly $300M in bad debt. The attack unfolded over 46 minutes: the attacker minted 116,500 rsETH on Ethereum via a fraudulent message, used it as collateral to borrow WETH on lending platforms, and laundered funds through Tornado Cash. While an emergency pause prevented two subsequent attacks worth ~$200M, the damage was severe. The tool’s report, committed to GitHub on April 6, scored Kelp DAO a medium-risk 72/100—later acknowledged as too lenient. It failed to query on-chain DVN configurations or initiate private disclosure, highlighting gaps in current DeFi security approaches that focus on code audits but miss config-level and governance risks. The incident underscores the need for independent, AI-powered risk assessment tools that evaluate protocol architecture, not just code.

marsbit04/20 03:23

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

marsbit04/20 03:23

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

Last week (April 13-19) saw 15 blockchain funding rounds totaling over $165 million. Key deals include Paxos Labs raising $12 million led by Blockchain Capital to build DeFi infrastructure for stablecoin issuance and lending. In AI+Web3, OpenGradient secured $9.5 million for its verifiable AI compute network. DeFi highlights include Brix's $5.5 million raise for emerging market asset tokenization and Votre's $3.75 million seed round for its on-chain crypto lending platform. In centralized finance, digital banking platform Slash closed a $100 million Series C. Prediction market platform Pumpcade raised $5 million, backed by Jump Crypto. Additionally, DePIN project SHARE completed a seed round led by Greenfield Capital.

marsbit04/20 02:58

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

marsbit04/20 02:58

The Code Was Fine, But It Was Still Hacked: What Is the 'DVN Configuration Vulnerability' Behind the Biggest Hack of 2026?

Title: Code Was Secure, Yet $293M Stolen: The 2026 DVN Configuration Breach Explained On April 18, 2026, Kelp DAO’s restaking protocol was exploited, losing 116,500 rsETH (worth $293M at the time) due to a configuration flaw—not a smart contract vulnerability. The attacker used a forged cross-chain message to drain funds via LayerZero’s bridge, then dispersed the stolen rsETH across Aave V3, Compound V3, and Euler to borrow real assets, ultimately escaping with $236M in WETH. The root cause was a critical misconfiguration in Kelp’s LayerZero V2 setup: the protocol used a 1-of-1 Decentralized Verifier Network (DVN) threshold, meaning only one node approval was needed to validate cross-chain messages. The attacker compromised that single node, allowing unauthorized minting of rsETH on Ethereum. This configuration choice—permitted by LayerZero but highly risky—left zero fault tolerance. In contrast, protocols like ApeChain using multi-node validation (e.g., 2-of-3 or 5-of-9) remained secure. This incident highlights a blind spot in DeFi security audits: tools like Slither and Mythril scan code for logic flaws but ignore configuration parameters. The 2022 Nomad hack ($190M loss) also stemmed from a config error, bringing total losses from such issues to ~$482M—rivaling private key breaches. The Kelp exploit underscores the need for standardized config audits and higher baseline security in cross-chain designs.

marsbit04/19 23:56

The Code Was Fine, But It Was Still Hacked: What Is the 'DVN Configuration Vulnerability' Behind the Biggest Hack of 2026?

marsbit04/19 23:56

Kelp DAO Suffers $292 Million rsETH Exploit – Details

Kelp DAO has suffered a major cross-chain exploit resulting in the loss of approximately 116,500 rsETH, valued at nearly $292 million. The attack targeted a vulnerability in the protocol's cross-chain bridge mechanism, specifically through LayerZero’s EndpointV2. On-chain investigator ZachXBT first identified the breach, noting that the attacker used Tornado Cash to conceal funding sources. In response, Kelp DAO immediately paused all rsETH contracts across mainnet and Layer-2 networks, preventing two additional attempts to drain another $100 million in assets. The protocol is collaborating with LayerZero and Unichain for a full investigation. The incident has impacted the broader DeFi ecosystem, leading Aave to freeze rsETH markets on its V3 and V4 deployments as a precaution, though its own contracts remain secure. The stolen rsETH represents around 18% of its circulating supply, significantly damaging liquidity and user confidence.

bitcoinist04/19 22:33

Kelp DAO Suffers $292 Million rsETH Exploit – Details