KelpDAO Hack Highlights DeFi Dilemma Over Complex Infrastructure

The complex infrastructure underpinning decentralized finance, or DeFi, is emerging as a source of security risk.

CoinDesk reported on May 16 that industry participants see the KelpDAO hack not as a simple coding flaw, but as a failure rooted in a complicated infrastructure stack that includes bridges, operating systems and reliance on external infrastructure.

The KelpDAO exploit has been linked to a vulnerability in LayerZero's bridge infrastructure. The incident has intensified concerns that the tightly interconnected structure of DeFi services is becoming a leading cause of recent hacks.

Eugene Mamin, chief technology officer at the Lido Labs Foundation, said most smart contracts operated as designed. The problem was that the party carrying out that design did not have legitimate authority.

DeFi projects have increasingly adopted bridges, validation systems, multisig wallets, cloud services and external projects. The concern is that when one part of that infrastructure fails, the damage can spread quickly across connected services.

Sam MacPherson, chief executive officer of Phoenix Labs, said smart-contract bugs were once the main cause of hacks. More recent incidents, however, have largely stemmed from operational security problems. If the market becomes overly dependent on the same infrastructure, an isolated issue can develop into systemic risk.

Industry participants said the incident is also reinforcing a shift away from high-yield, high-risk structures and toward stability and predictability. Mamin added that the protocols trusted with large pools of capital are those that have operated reliably over a long period. In that sense, being "boring" is becoming a strength.