May 27, 2026 – Several recent hacks of decentralized finance (DeFi) protocols underscore that robust risk management is essential to defend against bad actors. This includes ensuring operational security for smart contracts and calibrating concentration limits to manage individual asset risks.
What’s Happening
A series of exploits in March and April targeting three decentralized finance (DeFi) protocols-Resolv, Drift, and KelpDAO–led to cumulative losses of around $600 million. The exploits did not result from smart contract code vulnerabilities, but rather from operational security weaknesses and a social engineering attack. Specific risk management failures in DeFi lending amplified the severity of their impact.
Why It Matters
As institutional adoption of tokenization and digital assets accelerates, addressing lessons learned from these exploits can ensure appropriate on-chain controls are in place to mitigate any operational security risks and wider ecosystem contagion.
In two recent cases, an attacker was able to create unauthorized and unbacked tokens:
- For Resolv, an attacker took control of the access keys to the smart contract that mints (creates) new tokens. This event…
