Overview
- Andre Cronje said most current DeFi favors slick interfaces over trustless design, leaving users reliant on teams and web front ends.
- Losses in April topped about $600 million, with Drift and Kelp responsible for most of the damage, according to CertiK.
- On Drift, investigators reported attackers used social engineering and pre-signed durable nonce transactions to gain multisig access without a contract flaw.
- Following the Kelp hit, Aave froze rsETH markets on its V3 and V4 deployments to limit knock-on risk.
- Cronje-associated Flying Tulip added withdrawal circuit breakers that throttle abnormal outflows using preset triggers, a tool similar to stock market trading halts that can cause retries but can keep pools from draining.