Close Menu
Crypto Breaking News
    Crypto Breaking News
    • News
      • Press Release
      • Featured
      • Events
      • Exchanges
      • Bitcoin
      • Ethereum
      • Solana
      • Ripple
      • Artificial Intelligence (AI)
      • Real World Assets (RWA)
      • Markets & Finance
      • Regulation & Policy
      • Press Releases by PR Newswire
      • News by CoinPedia
      • News by Coincu
      • News by Blockchain Wire
    • Crypto
      • Companies
      • Events
      • Partners
      • Buy Crypto
      • Timers
    • Advertise
      • Submit a Press Release
      • Logos
      • About
      • Services
    • Offers
      • Marketing Services
      • Wallets & Tools
    • Account
    • Video
    • Contact
    Submit PR
    Crypto Breaking News
    Crypto News Technology & Web3

    DeFi Hacks Expose Operational Security and Risk Gaps, S&P Finds

    28 May 2026
    FacebookTwitterLinkedInCopy Link
    News Feed
    Google NewsRSS
    Defi Hacks Expose Operational Security And Risk Gaps, S&p Finds
    Defi Hacks Expose Operational Security And Risk Gaps, S&p Finds

    Operational security and risk controls under scrutiny after recent DeFi exploits

    Three high-profile DeFi incidents in March and April exposed how operational weaknesses and inadequate risk management can magnify losses across the decentralized finance ecosystem. In a new brief, S&P Global Ratings examined those hacks and concluded that the largest vulnerabilities were not buggy smart contract code, but governance failures, poor operational setups and miscalibrated collateral controls.

    The episodes, which affected Resolv, Drift and KelpDAO and produced combined on-chain losses in the hundreds of millions of dollars, illustrate how token minting mechanics, cross-chain messaging, collateral eligibility and human trust assumptions can create rapid contagion across lending protocols.

    What happened: three incident archetypes

    S&P’s review highlights three distinct attack patterns that were central to the losses observed.

    1) Compromised mint keys and direct token creation. In Resolv’s case, attackers gained control of administrative access keys used to mint tokens. With that control they created additional tokens and leveraged market mechanics and curated lending vaults to extract value. The episode underlines the risks of concentrated administrative privileges for token issuers and the need for segregation and redundancy when mint operations are possible.

    2) Cross-chain messaging and single-point-of-failure setups. The KelpDAO exploit relied on weaknesses in the cross-chain messaging configuration used to aggregate collateral backing for a bridge-native token (rsETH). Attackers were able to create unbacked tokens without breaching the mint contract itself, exploiting a low-security setup on a messaging layer. Although the newly minted tokens were relatively illiquid, they were accepted as collateral on a major lending market. That composability allowed the attacker to borrow roughly $300 million in wrapped ether, converting token creation into realized profit.

    3) Extended social engineering leading to administrative takeover. The Drift attack was, according to S&P, the result of a lengthy social-engineering campaign in which attackers posed as legitimate partners to gain trust and eventually administrative control. The compromise permitted the draining of liquidity and demonstrates how human factors and governance procedures remain a core attack vector even where contracts themselves are sound.

    How risk management failures amplified damage

    S&P’s analysis stresses that operational failures are amplified by lending protocols’ risk settings and the broader composability of DeFi. Several mechanics played a role:

    Collateral eligibility and concentration limits. Lending platforms that allow new or complex assets as collateral must treat each asset as a distinct credit and operational risk. In KelpDAO’s case, a token’s correlation to Ethereum was used as the primary risk signal, rather than acknowledging its unique behaviours and attack surface. As a result, supply caps and exposure controls were insufficient and the protocol lent against the compromised asset at levels exceeding the reserve set aside to absorb losses.

    Hard-coded pricing and curated vault mechanics. In the Resolv fallout, tokens that had collapsed in market value remained accepted as collateral at a fixed price in certain curated vaults. That mismatch created arbitrage pathways allowing on-chain actors to purchase depreciated tokens and borrow against them, turning price dislocations into liquidity drains for lenders.

    Single points of failure in cross-chain systems. Using the lowest-security configuration available for cross-chain messaging created a centralised trust assumption that an attacker could exploit. Redundancy, decentralized relayer sets and stronger verification would reduce this class of risk.

    Recommendations and implications for institutions and protocols

    S&P frames the incidents as cautionary examples for both native DeFi projects and institutional participants exploring tokenization. Key controls identified include:

    Segregation and decentralization of administrative privileges. Minting and burning authorities should be split across multiple actors or managed via multi-sig and time-delayed governance to reduce the risk of unilateral mint events.

    Zero Trust and stronger identity controls. Protocol teams should adopt Zero Trust principles for external integrations and staffing, deploy rigorous identity verification processes for contractors and partners, and reduce reliance on informal trust-based relationships.

    Asset-level risk treatment and calibrated concentration limits. When onboarding collateral, lending platforms need to assess each asset’s operational and market profile and set supply caps, borrow limits and liquidation parameters accordingly.

    Redundancy in cross-chain infrastructure. Cross-chain messaging and oracle layers should avoid single-configuration defaults and implement redundancy and fail-safes to prevent spoofed signals from enabling token creation or misreporting collateralization.

    Broader market and regulatory considerations

    The incidents underscore how composability, while a source of innovation in DeFi, can also transmit shocks quickly between protocols. For institutional actors considering tokenization of traditional assets, the lessons are clear: operational security and governance models must be designed to at least match, and ideally exceed, those used in legacy financial infrastructure.

    Regulators and custodians may increasingly focus on operational controls, proof of reserves, and governance robustness as part of any framework that supports institutional participation in tokenized markets. For market participants, the balance between innovation and prudence will be central to preventing further episodes of contagion driven by operational gaps rather than code flaws.

    Bottom line. The recent wave of DeFi exploits demonstrates that robust risk management and operational security are as important as secure code. As tokenization and institutional engagement expand, protocols and their counterparties must close governance, identity and collateral-calibration gaps to limit contagion in a highly interconnected ecosystem.

    Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

    Crypto Breaking News
    • Website
    • Facebook
    • X (Twitter)
    • Pinterest
    • Instagram
    • Tumblr
    • LinkedIn

    The Crypto Breaking News editorial team curates the latest news, updates, and insights from the global cryptocurrency and blockchain industry.

    Related Posts

    Robinhood’s L2 Launch Fuels Eth Optimism As Saylor Claims Stir Debate

    Robinhood’s L2 Launch Fuels ETH Optimism as Saylor Claims Stir Debate

    17 minutes ago
    Standard Chartered Says Saylor’s Btc Pivot Needs Clear Investor Messaging

    Standard Chartered Says Saylor’s BTC Pivot Needs Clear Investor Messaging

    4 hours ago
    Saylor’s Btc Pivot Message Needs Clarity, Stanchart Says Investors

    Saylor’s BTC pivot message needs clarity, StanChart says investors

    5 hours ago
    Pakistan Crypto Regulator Calls For Dialogue After Ruling On Crypto Payments

    Pakistan Crypto Regulator Calls for Dialogue After Ruling on Crypto Payments

    10 hours ago
    Pakistan Crypto Regulator Opens Dialogue After Court Ruling On Payments

    Pakistan Crypto Regulator Opens Dialogue After Court Ruling on Payments

    11 hours ago
    Cambridge: Ethereum’s Pos Energy Use Trails Lower-End Estimates

    Cambridge: Ethereum’s PoS energy use trails lower-end estimates

    14 hours ago

    Search Crypto News

    Featured Crypto News

    How Ai Is Changing Music: Virtual Artist Lunayah Releases "new Beginning"

    How AI Is Changing Music: Virtual Artist Lunayah Releases “New Beginning”

    1 June 2026

    Latest News

    • Robinhood’s L2 Launch Fuels ETH Optimism as Saylor Claims Stir Debate
    • Standard Chartered Says Saylor’s BTC Pivot Needs Clear Investor Messaging
    • Saylor’s BTC pivot message needs clarity, StanChart says investors
    • Pakistan Crypto Regulator Calls for Dialogue After Ruling on Crypto Payments
    • Pakistan Crypto Regulator Opens Dialogue After Court Ruling on Payments
    • Cambridge: Ethereum’s PoS energy use trails lower-end estimates
    • Cambridge Research Finds Ethereum’s Proof-of-Stake Energy Use at Low End
    • Saylor and Adam Back Criticize BIP-110 Ordinals Proposal
    • Saylor and Adam Back Criticize BIP-110 Ordinals Proposal
    • Empery Digital Shares Jump After Bitcoin Treasury Sale for AI Datacenter

    Join 20,000+ Crypto Followers

    • Facebook2.4K
    • Twitter4.5K
    • Instagram7.2K
    • LinkedIn4.3K
    • Telegram55
    • Threads1000
    Ledger
    Bitcoin Asia 2026

    About Crypto Breaking News

    About Crypto Breaking News

    Crypto Breaking News is a fast-growing digital media platform focused on the latest developments in cryptocurrency, blockchain, and Web3 technologies. Our goal is to provide fast, reliable, and insightful content that helps our readers stay ahead in the ever-evolving digital asset space.

    Web3 Digital L.L.C-FZ
    License Number: 2527596
    📞 +971 50 449 2025
    ✉️ info@cryptobreaking.com
    📍Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates

    FacebookX (Twitter)InstagramPinterestYouTubeTumblrBlueskyLinkedInRedditTikTokTelegramThreadsRSS

    Links

    • Crypto News
    • Submit a Press Release
    • Advertise
    • Contact Us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    • Stocks Breaking News

    advertising

    AVATRADE
    © 2026 CryptoBreaking.com | All rights reserved | Powered by Web3 Digital & Osom One

    Type above and press Enter to search. Press Esc to cancel.

    Change Location
    Find awesome listings near you!