DeFi Week 25: $74.2B TVL rebound, $36M Humanity Protocol breach, Base flips Arbitrum

Total DeFi TVL recovered +2.72% to $74.21B in the week of June 9–15 — broad-based after the prior week's -9.31% crash — while a $36M private-key breach at Humanity Protocol (H token -85%) headlined a ~$39M gross-loss exploit week. Syscoin Bridge recovered $0 net after a full whitehat return. Base overtook Arbitrum in L2 TVL for the first time ($4.26B vs $1.31B). Aave DAO closed three Snapshot votes and filed a protocol-wide risk framework ARFC. apxUSD remains depegged at $0.959 (Day 11) with $31.8M in Pendle PT tokens expiring June 18. TON rebranded to GRAM effective June 15.

DeFi TVL Ranking & Protocol Anomalies @NeoDrop Official

2026. 6. 15. · 23:31

구독 1개 · 콘텐츠 5개

Total DeFi TVL recovered +2.72% to $74.21B in the week ending June 15 — every major protocol green after last week's -9.31% crash — while a $36M private-key breach at Humanity Protocol reminded the market that Q2 2026 is already the most-hacked quarter in DeFi history by incident count. 1 2

Week 25 quick scan

Signal	Entity	Direction	This week
Total DeFi TVL	All DeFi	▲	$74.21B, +2.72% WoW
Biggest protocol gainer (%)	Kelp (Liquid Restaking)	▲	+171.3% → $1.06B
Biggest protocol gainer ($)	Lido	▲	+$960M → $15.97B
L2 milestone	Base overtakes Arbitrum	▲	$4.26B vs $1.31B
RWA presence	Top 25 protocols	▲	5 of 25 slots, $13.81B combined
Largest exploit	Humanity Protocol	▼	~$36M — private key compromise
Full recovery	Syscoin Bridge	✅	$8.56M unauthorized mint → $0 net loss
Stablecoin depeg	apxUSD (Apyx Finance)	▼	$0.959 — Day 11, stalled recovery
Stablecoin collapse	StablR EURR	▼	$0.53 — down from $0.548 W24, no update
On-chain vote	Arbitrum Foundation $43.5M	🗳️	99.8% approval, still active
Governance passed	Aave V4 on Arc (Temp Check)	✅	Unanimous, 371K AAVE For
Governance passed	Aave remoteGSM on Arbitrum	✅	Unanimous, 529K AAVE For
Rebrand	TON → GRAM	✅	Effective June 15, 81.22% vote
Yield anomaly (extreme)	Aerodrome USDC-NOCK (Base)	▲	440,885% APY — memecoin incentive
Yield spike reversed	BenQi sAVAX (Avalanche)	▼	-26.89pp → 2.98% — W24 spike confirmed transient

TVL recovery: broad but shallow

The $74.21B reading at June 15 close represents a +$1.97B rebound from Week 24's $72.24B — itself the steepest single-week drop of 2026 following the June 5 crypto market selloff. Recovery was broad: all 11 protocols tracked from the Week 24 baseline posted positive seven-day changes. 1 Still, total DeFi TVL sits about 7% below pre-April levels; Q2 2026 has seen ~70 exploits totaling $746M stolen, a quarterly incident count that has no historical precedent. 2

Protocol movers

Lido held its #1 position at $15.97B (+6.4% from $15.01B), recovering a portion of the $2.51B lost in Week 24. Aave V3 climbed to $12.37B (+6.5%), while Morpho Blue reached $7.01B (+5.8%). 3

The two standout gainers were restaking protocols responding to post-crash yield demand:

Kelp surged +171.3% to $1.06B, the largest percentage move among all tracked protocols. Kelp had fallen to $390M at Week 24's low — the April KelpDAO LayerZero exploit ($221M attacker collateral seized) had punished the protocol for months.
Pendle rose +49.5% to $1.18B, with PT token markets absorbing renewed yield-trading interest as post-crash rate volatility created pricing opportunities.

ether.fi completed a structural split into four sub-protocols this week: ether.fi Stake ($2.96B), ether.fi Liquid ($180M), EtherFi Borrowing Market ($150M), and EtherFi Cash Liquid ($130M). The combined $3.42B is up from the entity's $1.99B W24 baseline, though part of the apparent gain reflects reclassification rather than pure inflow. 3

RWA occupies 5 of the top 25

Real-world asset protocols — Tether Gold, Circle USYC, BlackRock BUIDL, Ondo Yield Assets, and Paxos Gold — collectively hold $13.81B across 5 of the 25 largest DeFi slots by TVL. That's a notable structural shift: a year ago, RWA represented a rounding error in protocol rankings. The broader tokenized RWA market active issuance has grown 589% year-over-year per Yellow.com research, driven in part by Citi's forecast that 10% of the US Treasuries market (~$800B) will be tokenized by 2030. 3

Chain rankings: Base flips Arbitrum for the first time

Ethereum held its dominance at $39.25B (52.4% share). The more consequential shift was in the L2 segment: Base reached $4.26B, overtaking Arbitrum ($1.31B) in chain TVL rankings for the first time. Base is now the #6 chain globally and the clear leader among Ethereum Layer 2 networks for DeFi TVL. 4

Solana-native DeFi continued its split pattern: Kamino Lend fell -17.0% to $1.11B while Sanctum Validator LSTs rose +21.8% to $1.12B, reflecting rotation within the Solana ecosystem rather than net inflows. 3

Top 5 weekly gainers (minimum $50M TVL):

Protocol	TVL	7d change	Primary driver
SUNSwap V3	$210M	+102.3%	TRON incentive program (unconfirmed catalyst)
Figure Markets Democratized Prime	$135M	+54.6%	RWA lending, Provenance chain
River Omni-CDP	$120M	+52.1%	Cross-chain CDP inflows
Clearstar	$135M	+37.6%	Risk Curator inflows
OpenEden TBILL	$216M	+28.1%	Tokenized T-bill demand

Top 5 weekly losers (minimum $50M TVL):

Protocol	TVL	7d change	Notes
Tydro	$62M	-54.6%	Near-total TVL evaporation, cause unconfirmed
Hyperlane	$102M	-48.0%	Bridge sector; excluded from strict DeFi total
Felix Vaults	$67M	-21.3%	Capital reallocation
Kamino Lend	$1.11B	-17.0%	Solana ecosystem rotation
Renzo	$104M	-16.5%	57% cumulative TVL decline; Hindenrank "C" alert

Renzo's Hindenrank Early Warning classification is worth noting: the risk monitoring service flagged the protocol with a "C" alert citing the 57% cumulative TVL decline and zero GitHub commits. 5

Exploits: $36M Humanity Protocol breach leads a $39M week

Five exploits confirmed in the June 7–11 window, totaling approximately $39.2M in gross losses and ~$33M net after the Syscoin whitehat recovery. The structural signal from Cyvers security firm Meir Dolev: "infrastructure and operational failures are now the dominant attack vector in DeFi — smart-contract bugs are no longer the primary threat." 6

Humanity Protocol — $36M (June 8–9, Ethereum + BNB Smart Chain)

Humanity Protocol — a decentralized biometric identity network that raised ~$50M at a $1.1B valuation from Pantera Capital, Jump Crypto, and Animoca Brands — lost approximately $36M after an employee laptop running malware exposed three of six Gnosis Safe owner keys controlling Ethereum bridge contracts, and three of five keys on BNB Smart Chain. 6 7

With those keys, the attackers seized ProxyAdmin control and upgraded the bridge contracts to malicious implementations. Backdoor mint functions then created 200M+ H tokens on BSC; roughly 141M H were drained on Ethereum. The H token crashed ~85% within 12 hours, falling from ~$0.70 to $0.05–0.08 on thin DEX liquidity. 7

Meir Dolev, CTO of security firm Cyvers (Cyvers monitors on-chain activity for major protocols), put the root cause plainly: "The core failure is structural: one key trusted with both the funds and the power to rewrite the rules." 8 The attacker holds a large remaining H position but cannot fully exit because pool liquidity is too thin to absorb the sell pressure — the public breach alert served partly to ensure that liquidity stayed untouched. 8

On-chain investigator ZachXBT initially suggested the incident appeared staged, noting the dumps were concentrated on DEXes alongside a 266.5M H token unlock scheduled for June 25. ZachXBT later walked back the claim after further analysis: the private key compromise and suspicious market-maker activity were independent events, not a coordinated exit. 7 As of mid-June, H was trading near $0.20 — down ~73% from pre-exploit levels. Bridges remain paused, law enforcement has been engaged, and a formal post-mortem has been promised.

The architectural lesson: a 3-of-6 multisig provides no protection when the six keys share the same physical machine. The $36M figure sits against a backdrop of Q2 2026's $293M KelpDAO and $285M Drift Protocol exploits — infrastructure failures are a larger category than code bugs this quarter.

Syscoin Bridge — $8.56M minted, $0 net loss (June 7–9, Syscoin)

An attacker fed a malformed SPV proof into Syscoin's bridge relay parser on June 7, causing 5 billion unauthorized SYS tokens — worth approximately $8.56M at the time — to materialize on the UTXO chain. No private keys were stolen and no cryptography was broken. 9

Halborn Security, which published the only substantive technical breakdown, characterized the attack precisely: "The attacker didn't forge a valid proof. They forged something the parsing code would read as a valid proof, which is a fundamentally different problem." 9 The distinction matters: SPV proof parsing flaws are an implementation logic failure, the same class as the Nomad Bridge (2022) and BNB Bridge (2022) exploits.

The attacker engaged in whitehat bounty discussion and returned all 5B SYS to the official recovery address (sys1qdytsq5am9a7y6hweenl925g3yxtlrvl9fls0yg) by June 9. Actual realized loss: $0. Syscoin published a preliminary post-mortem the same evening with all three transaction hashes. No public audit record exists for the bridge relay path that failed — the wallet and governance portal had been audited, but not the relay parsing logic. 9

Raydium — $1.34M (June 10, Solana)

Raydium (Solana's largest AMM by historical volume) lost $1.34M — approximately $900K USDC, $357K SOL, and $86K RAY — when an attacker exploited five deprecated liquidity pools in the legacy AMM V3 program. The attack vector: create a fake SPL token mint, call the legacy withdraw function, and drain pools that lacked LP token validation. The vulnerable code had sat dormant on-chain for five years. 10

No active user funds were at risk — the deprecated pools were invisible in the front-end and inaccessible through normal user flows. Raydium confirmed its treasury will cover all losses in full, and the legacy AMM V3 program IDs are being formally retired. 10 Stolen funds were bridged to Ethereum and deposited into Tornado Cash; recovery is unlikely.

Smaller in-window incidents

Three additional exploits were recorded by DeFiLlama from June 7–9, all on Ethereum. Secondary confirmation is unavailable for these entries — treat the figures as provisional. 11

Protocol	Loss	Attack vector
Token of Power	$1.58M	Malicious governance proposal
Ambient	$110K	Flashloan accounting logic
NovaBox	$107K	Dividend snapshot exploit
Asterix	$40K	DN404 forge loop (same class as W24's Flooring Protocol)

The Asterix DN404 forge-loop reuse is worth flagging: it is the same vulnerability class that drained Flooring Protocol for $570K in Week 24. When attack patterns reappear within consecutive weeks across different protocols, it indicates the exploiting actor or the underlying contract template is being recycled.

Yield watch: apxUSD still depegged, Aerodrome structurally stressed

apxUSD — Day 11 depeg, $31.8M Pendle expiry imminent

apxUSD (Apyx Finance, a stablecoin backed by Strategy's STRC preferred equity rather than cash deposits) traded at $0.959 on June 15 — 4.1% below its $1.00 peg and essentially flat since the partial recovery to $0.96 following the June 4 low of $0.93. 12 13

Apyx Finance's position on the ongoing depeg remains unchanged: "This is not a bug, it is the expected behavior of a stablecoin backed by preferred equity rather than cash deposits." 13 STRC has traded below $100 par four times since August 2025 and recovered each time. Sahara Ecosystem (an Apyx ecosystem account) announced a liquidity migration from Curve to KyberSwap, citing better aggregator routing across 100+ DEXes; the official Apyx Finance channels have not confirmed this. 12

The immediate mechanical watch point: $31.8M in Pendle PT tokens tied to apxUSD and apyUSD (the yield-bearing companion token) reach their June 18 maturity — three days from this snapshot. The PT-APYUSD-18JUN2026 ($18.6M TVL) and PT-APXUSD-18JUN2026 ($13.2M TVL) both show 0% APY as they approach expiry. 14 Holders receiving face value at maturity will receive the depegged underlying, not $1.00 — the 4.1% discount is now a maturity discount, not just a market price. SpendNode noted: "Four recoveries do not guarantee a fifth; a stablecoin that absorbs 7% drawdowns during market stress is asking holders to carry equity risk in an instrument labeled 'stable.'" 13

BenQi sAVAX — W24 spike confirmed transient

BenQi sAVAX (Avalanche's liquid staking derivative for AVAX) normalized to 2.98% APY this week — a -26.89 percentage point drop from the ~30% reading in Week 24. TVL remained stable at $184.2M throughout the swing, meaning no capital flight occurred despite the APY volatility. 14 The spike was market-driven by AVAX price volatility affecting staking rewards rather than any protocol-level emission change — the return to 2.98% confirms it was transient.

Aerodrome Finance — structural revenue gap widens

Aerodrome Finance (Coinbase's Base-native DEX, built on the Velodrome ve(3,3) model) held $312M TVL as of early June, down from $501M in January 2026 — a 38% decline. The more significant metric: annualized liquidity incentives of $165M against protocol revenue of $52M — a 3.2× funding gap. Grayscale removed AERO from its DeFi Fund in May 2026, reducing institutional liquidity. 15

Despite the structural stress, Aerodrome continues to dominate Base DEX market share, processing $12.4B in 30-day volume. On June 9, Aerodrome activated AERO token emissions for a new MXNB/USDC pool — MXNB being a Mexican peso-pegged stablecoin issued by Juno, a subsidiary of Bitso (one of Latin America's largest crypto exchanges). The MXNB/USDC pool is Aerodrome's first region-specific fiat corridor, targeting on-chain USD/MXN liquidity on Base. 16

Aerodrome Finance: $12.4B 30-day DEX volume despite a 38% TVL decline since January 2026 and a 3.2× incentive-to-revenue gap. 16

Aerodrome also generated 38 of 114 yield anomalies identified this week (33% of all flagged pools), led by the USDC-NOCK pool at 440,885% APY (+434,383 percentage points over seven days, $1.3M TVL) — a memecoin incentive program where the entire yield is token-rewards, meaning it will compress sharply when the NOCK emission ends. 14 Of 16,319 pools scanned this week, 114 showed significant anomalies; 72% were incentive-driven (token rewards), 28% base-rate-driven.

StablR EURR — no recovery signal at $0.53

StablR EURR — a MiCA-compliant euro stablecoin on Ethereum that was exploited on May 26 when an attacker compromised a 1-of-3 multisig key and minted $13.5M in unbacked tokens — continued its slow deterioration to $0.5298, down from $0.548 at Week 24 close and approximately 47% below euro parity. Operations remain suspended. No recovery plan, timeline, or official update from StablR appeared in the June 9–15 window. 17

Governance: Arbitrum closes out, Aave builds a risk firewall

Arbitrum Foundation $43.5M budget — 99.8% approval, vote still active

The Arbitrum Foundation's 2027 operating budget on-chain vote — a binding Tally.xyz proposal following last week's Snapshot temperature check — stood at 104.44M ARB For (99.8%), 216.44K Against, and 7.22K Abstain across 850 addresses as of June 15. The vote remains active. 18

The proposal requests $16M in RWAs, 1,740 ETH, and 230M ARB to fund Foundation operations through 2027. Projected expenditures are $27.6M (54% for Arbitrum One and Nova technical maintenance) plus 244.9M ARB for ecosystem growth; the Foundation will cover the gap from existing balance sheet and ETH holdings. The proposal's stated aim: "We believe a sustainable future can be achieved via the DAO governance model and will continue focusing our efforts on ensuring its success." 18 The near-unanimous approval rate on the on-chain vote contrasts with the 66.7% seen on the Snapshot temp check — delegates who voted against in the advisory round largely did not carry opposition to the binding vote.

Arbitrum Foundation 2027 budget on Tally.xyz: $43.5M request at 99.8% approval, 850 addresses voting. 18

Aave DAO — three Snapshot votes closed, risk framework in pipeline

Three Aave DAO Snapshot votes closed in the June 9–13 window:

Deploy Aave V4 on Arc (June 9, unanimous): 371,839 AAVE For, 0 Against. Aave V4 will deploy on Circle's Arc blockchain at mainnet launch with initial assets USDC, EURC, and cirBTC. Circle's Arc ecosystem participants guarantee a minimum $2M/year revenue to Aave DAO for five years, covering any shortfall. 19
Launch remoteGSM on Arbitrum (June 13, unanimous): 529,506 AAVE For, 0 Against. Deploys Aave's Governance Separation Module on the Arbitrum chain. 20
Update Signers and SAFE Configuration (June 13, contested): 366,270 AAVE For (69.2%), 163,204 Against, 33 Abstain. A routine operational signer update — the 30.8% Against vote is the notable signal; routine multisig configuration changes rarely attract this much opposition. 21

More consequentially for yield farmers holding assets on Aave: LlamaRisk (Aave's risk advisory firm) submitted two Aave Request for Comments (ARFCs) on June 9 proposing a protocol-wide risk framework across all Aave V3, V4, and Horizon markets. The framework defines four layers — Asset Risk, Bridging Risk, Monitoring & Automated Risk Oracle Systems, and Chain Risk — with one-month implementation deadlines per recommendation; non-implementation auto-converts to hard constraints on exposure tiers. 22

Aave protocol-wide risk framework proposal illustration from The Defiant — Aave's LlamaRisk-authored protocol-wide risk framework ARFC, filed June 9 — direct response to the April KelpDAO exploit. 22

Aave founder Stani Kulechov confirmed the stakes on X: "Assets that do not qualify for the new standard will be off-boarded from Aave over the coming weeks." 22 The framework is a direct response to the April 2026 KelpDAO LayerZero exploit, which exposed how restaking protocol risk can propagate into lending market collateral. The second ARFC proposes migrating Pendle PT risk oracles from manual operation to Chainlink Runtime Environment (CRE) infrastructure. Both remain in community feedback stage; they require a Snapshot vote before advancing to an on-chain AIP.

Sky — USDC PSM buffer doubling in queue

Sky governance (formerly Maker) has a material parameter change in queue: BA Labs (Sky's Core Council Risk Advisor) proposed doubling the LITE-PSM-USDC-A buffer from $400M to $800M on June 11. The change would raise the pre-minted DAI buffer and the daily refresh capacity to 1.6B, with total serving capacity reaching 2.4B. The immediate trigger: USDC reserves in Sky's stablecoin system have grown 108% since the last recalibration in October 2024, and the heaviest single-day SellGem transaction was 1.75B DAI drained on May 18, 2026. The Core Facilitator team approved inclusion in an upcoming Executive Vote on June 12; the formal vote has not yet executed. 23

TON → GRAM rebrand takes effect June 15

The Toncoin (TON) community voted 81.22% in favor of renaming the native token to GRAM, with the rebrand effective June 15 at 12:00 UTC. The blockchain itself retains the TON name; only the ticker changes from TON to GRAM. All balances, smart contracts, NFTs, staking positions, and DeFi activity carry over automatically — no swap or claim required. Full ecosystem consistency across exchanges and wallets is expected by June 22. 24

The rebrand is Step 4 of the Make TON Great Again (MTONGA) roadmap and revives Telegram's original 2018 whitepaper name — before the SEC forced a $1.7B refund and shut the Gram token launch. GRAM was trading near $1.67 at time of the rebrand, down 26.5% over the prior month. 24 25

Watch list heading into Week 26

Arbitrum Foundation vote closure: The on-chain Tally vote was still active at snapshot time. Final approval margin and participation rate across the full voting window will confirm whether the 99.8% approval holds.
apxUSD Pendle maturity (June 18): $31.8M in PT-APYUSD and PT-APXUSD tokens mature in three days. Holders settling at face value receive the depegged underlying at ~$0.959. Monitor whether maturity settlement drives additional redemption pressure or re-peg support.
Aave risk framework community vote: LlamaRisk's protocol-wide risk framework ARFCs move to Snapshot next. Assets failing the four-layer standard — particularly restaking derivatives and bridged collateral — face potential off-boarding. Positions in Aave markets backed by LayerZero-bridged assets or unaudited restaking tokens are the most exposed.
Sky PSM Executive Vote: The LITE-PSM-USDC-A buffer doubling to $800M awaits formal execution. Passage would materially increase Sky's capacity for large USDC/DAI arbitrage flows.
THORChain network restart: v3.19 is live as of June 12 with the GG20 TSS library patched. An 11-stage restart is in progress; full trading resumption is approximately one week out. Monero (XMR) is confirmed as the first asset in the DEX queue once trading opens. RUNE is trading at $0.38–0.41, down ~35% over 30 days. 26
StablR EURR: The token is now 47% below euro parity with operations suspended for three weeks and no recovery signal. Without a published recovery plan or regulatory intervention from Malta's financial regulator, the probability of meaningful re-peg without restructuring appears low.
Humanity Protocol post-mortem: Founder Terence Kwok has promised a formal post-mortem. The Rekt News investigation, which typically provides the most rigorous on-chain tracing for major exploits, had not published as of June 15.

참고 출처

DeFi TVL Ranking & Protocol Anomalies

이 콘텐츠를 둘러싼 관점이나 맥락을 계속 보강해 보세요.

로그인하면 댓글을 작성할 수 있습니다.