The Weekly: DeFi Security, Risk Perception & Yield Opportunity

Re7 Capital has continued to expand its institutional product suite and distribution reach through Q1 and into Q2:

• ETH Yield Strategy — Re7 has launched mRe7ETH on Optimism, an ETH-denominated, market-neutral yield strategy designed for institutional allocators.

• Telegram Wallet integration — Re7's DeFi yield strategies are now available within Telegram's self-custody TON Wallet, enabling users to access on-chain yield directly within the app.

• Zodia Custody partnership — Re7 partnered with Zodia Custody, which provides custody and off-exchange settlement, and enables on-chain representation of Re7's BTC Yield and Market Neutral strategies.

Weekly Summary

We cover:

• Why DeFi yields are rising as capital exits the sector

• Why exploit headlines may be overstating systemic risk

• How AI and security vendors are reshaping DeFi security infrastructure

• Why risk is increasingly concentrated in weaker protocols

• The growing opportunity set across higher-quality DeFi infrastructure

DeFi Security, Risk Perception & Yield Opportunity

Capital continues to rotate out of DeFi amid elevated exploit headlines and weaker risk appetite, reducing liquidity across lending, LP, and leverage-driven strategies.

As a result, yields have moved higher while TVL has fallen. At face value, this could be interpreted as the market pricing in a deterioration in underlying protocol quality and systemic risk.

Aave V3 TVL has fallen 43% in recent weeks from the KelpDAO exploit.

However, as we explore here, recent exploit activity presents a more nuanced picture. While headline exploit volumes remain elevated, the composition of losses increasingly points toward operational failures and weaker long-tail protocols rather than broad deterioration in core DeFi infrastructure.

The result is an environment where capital is becoming increasingly selective, concentrating in protocols with stronger operational discipline and security practices.

Security Reality Check: Exploit vs Perception

April saw roughly 30 publicly reported DeFi exploit incidents, reinforcing the perception that the ecosystem remains structurally vulnerable.

On an absolute basis, exploit volumes remain elevated and continue to weigh on investor confidence and capital formation across the sector. 2026 exploit run rate is currently ~$2.3B.

However, the ratio of total exploit volume to overall DeFi TVL continues to trend lower on a run-rate basis, suggesting realised losses are not increasing proportionately with the size of the ecosystem.

The exploit-to-DeFi TVL ratio has fallen from 7.2% in 2022 to ~1.5% in 2026 based on this run rate.

In fact, even with an additional ~$650m in exploit value from January through April, the exploit-to-DeFi TVL ratio would still have trended lower.

Both the distribution and underlying causes of recent exploits also matter materially when assessing system-level risk.

A growing share of losses appears concentrated in smaller protocols, operational failures, and weaker security practices (key management, social engineering susceptibility) rather than widespread failures in core smart contract infrastructure.

April was no exception…

Roughly 95% of losses came from just 2 incidents (Drift, Kelp DAO) where both of these were opsec-related incidents.

In other words, elevated exploit counts do not necessarily equate to rising systemic risk.

Security Infrastructure & the Evolving Risk Curve

Recent discussion around AI-driven exploits has reinforced concerns that attack capabilities are compounding faster than defensive infrastructure across DeFi.

However, recent exploit activity increasingly reflects differences in security maturity across the ecosystem rather than broad deterioration in core smart contract infrastructure.

While larger protocols have generally continued strengthening governance processes, operational controls, and vendor infrastructure over time, realised losses still demonstrate that operational discipline remains critical regardless of protocol size.

This is also creating a more selective environment where asset allocators can increasingly differentiate between protocols with robust operational processes and security frameworks versus weaker operators where exploit risk remains more concentrated.

At the same time, risk remains disproportionately concentrated among smaller and earlier-stage protocols with weaker operational setups, incomplete security processes, and limited external review — reinforcing the divergence between stronger operators and the long tail of the market.

This concentration is unsurprising given fewer than 30% of newly deployed DeFi contracts reportedly receive adequate pre-launch security reviews.

Security infrastructure across the ecosystem also continues to mature rapidly. Security is increasingly becoming baseline infrastructure rather than optional overhead, with the DeFi security market estimated at ~$4.8bn in 2025 and projected to grow at roughly 19% annually through 2034.

Concerns around AI-enabled exploit development have also accelerated materially over the last year. However, AI appears to be strengthening both attack and defence capabilities simultaneously rather than creating a one-sided deterioration in protocol security.

Investment in AI-driven DeFi security tooling exceeded an estimated $430m in 2025, while AI-augmented auditing platforms are compressing review cycles from weeks to hours.

The more important shift is that security is no longer simply a function of how much a protocol is willing to spend on internal tooling or LLM access.

Sophisticated state-sponsored actors such as Lazarus Group will likely continue to retain advantages that individual protocols cannot fully offset through tooling spend alone.

Instead, the playing field is increasingly being levelled through broader access to external security vendors, monitoring infrastructure, AI-assisted auditing, and operational tooling that are becoming more accessible and affordable across the ecosystem — including for earlier-stage protocols.

Protocol architecture is also evolving alongside security infrastructure. Architectures such as Aave V4 increasingly enable risk to be compartmentalised at the pool and asset level rather than socialised across broader ecosystems, potentially supporting more tailored institutional participation over time.

Market Implications

Capital outflows and elevated exploit headlines continue to weigh on sentiment across DeFi, contributing to higher yields and broad-based risk discounting across the sector.

The Aave v3 USDC supply APR on Ethereum has surged in recent weeks as pool TVL has fallen.

At the same time, current market pricing increasingly appears to reflect broad fear around DeFi exploit risk without fully distinguishing between weaknesses in individual operators and the resilience of core protocol infrastructure.

Recent exploit activity suggests the ecosystem is facing more of a security maturity gap than a structural failure in smart contract architecture itself.

The result is an increasingly bifurcated market where yields may be compensating for perceived systemic risk more than broad deterioration in underlying protocol quality.

As capital continues to rotate out of the sector, yield opportunities across stronger protocols are in many cases becoming increasingly attractive, particularly where operational discipline, security infrastructure, and process maturity remain robust.

Positioning therefore increasingly favours higher-quality protocols with stronger security baselines, operational discipline, and institutional-grade infrastructure, while avoiding weaker long-tail exposure where exploit risk remains disproportionately concentrated.

State of Yields

Stablecoin lending yields:

• ~3.2% on Aave (USDC) — utilisation rates for USDC markets are still elevated but have seemed to stabilise at ~91%.

• 5.12% on Aave (MegaUSD) — same as last week. Higher MEGA incentives driving supply side. Looping is pulling USDm out of the pool where new suppliers keep arriving for MEGA APY.

Fixed-rate DeFi lending: yield premium in fixed markets marginally expanding from last week:

• Pendle sNUSD: 8.1% (Jun 2026)

• Pendle sUSDAi: ~10% (Jun-Oct 2026 maturities)

• sUSDe: ~4.2%

ETH yield benchmarks:

• Lido staking: ~2.42% (slight increase from previous week)

About Re7

Re7 Capital is a research-driven digital asset investment firm specialising in DeFi yield and liquid alpha strategies.

Disclaimers

The content is for informational purposes only. None of the content is meant to be investment advice. Use your own discretion and independent decision regarding investments. The opinions expressed in all Re7 public research articles are the independent opinions of the authors at the time of publication and not the opinions of the affiliates of Re7.

Please see here for full disclaimers.