The War Room Notes: Running Katana Through DeFi’s Worst Week Since FTX 

By Matthew Fisher, CEO, Katana

“DeFi is not dead. DeFi is United.” is the rallying cry following the resolution of the $292 million Kelp exploit on April 19 that renewed the spotlight on DeFi’s most seasoned enemy: Lazarus Group, whose estimated 2025 earnings of $1.5bn account for a few percent of North Korea’s GDP.

AI companies had to learn that they weren’t just building software – they were building systems with real-world consequences. The regulatory and reputational pressure that followed changed how the best ones operated. DeFi is having the same reckoning, faster, and without a regulatory forcing function. It has to come from the founders. Beyond recovery funds, we need to unite on baseline security requirements that allow institutions to underwrite the risk of interacting on-chain. 

DeFi’s composability is a blessing and a curse. Whether it’s through technical security failures or  governance attacks, sometimes all it takes is one piece of infrastructure to fail and trigger cascading liquidity stress tests across the entire ecosystem. The transparency in DeFi makes these events public, and the settlement finality makes it near instant. TradFi credit markets, on the other hand, are resolved over months, with covenant renegotiations and off-chain legal recourse handled privately.   

By Sunday April 19th, public announcements circulated that KelpDAO had lost $292 million to an attack on its LayerZero bridge. Lending markets from Aave to Spark to Fluid were frozen, and the entire industry was staring at the same question: what’s actually still standing?

To find an answer to that, we need to look back at what those 72 hours really looked like from inside Katana.

The easy call

By 3:30 PM EST Saturday, most of the team was monitoring the situation. And by 7 PM EST Saturday, our security team had paused LayerZero integrations across our stack out of an abundance of caution. We don’t use 1/N DVNs in our LZ operations, but we paused anyway. That was before anyone outside a small group of teams knew what had gone wrong. We didn’t know either. We knew enough.

The lesson isn’t “we made a great call.” It’s that having secure processes in place to pause something at 7 PM on a Saturday has to exist before Saturday. If the default setting is “wait for consensus,” you lose the window.

Liquidity under pressure

Once LayerZero was paused, the next 48 hours were about liquidity.

A lot of DeFi is in the business of optimizing for yield. Curators compete on APY, LPs chase APY, the whole system runs on rates. The problem is that yield-optimized capital is, by definition, parked in whatever was paying the best last week. When stress hits and LPs want out, yield-optimized vaults can’t meet all withdrawals, because their capital isn’t sitting where withdrawals happen. It’s sitting where the yield was.

We optimized for liquidity last week. We worked to actively tune Morpho vault parameters on the  Katana and Vault Bridge vaults so our institutional partners and retail distributors could pull size if they needed to. Some of them did. They got served in hours, not days. Some didn’t need to, but knowing they could was part of why they didn’t. We believe this approach reflects the kind of operational reliability that institutional partners value.

Elsewhere in DeFi, Aave paused its rsETH markets during this period. Euler was reported to be operating at capacity. A lot of venues that looked fine on a chart a week ago turned out to be running thin enough that they couldn’t absorb this shock.

The curation call we made months ago

We had no exposure to rsETH, as it never met our internal standards for institutional-grade markets. And that was the call we made months ago, consciously. 

This is the part that doesn’t show up in a postmortem. Curation isn’t exciting. It’s a series of small, boring decisions about what not to include, made long before anyone knows why they mattered. The venues that survive this kind of week are mostly the ones that said no to things  last October that would have blown them up on 10/10.

Morpho’s design on Katana helps too. Markets are isolated. A problem in one doesn’t propagate to the others. Contrast that with a pooled design like Aave V3, where this week’s rsETH exposure ended up pressuring markets that had nothing to do with KelpDAO. Architecture shapes what contagion can do.

The foundation that held

Katana uses Vault Bridge to connect to Ethereum and the rest of the Agglayer ecosystem. While a committee exists for bridge upgrades, it doesn’t rely on a committee of signers for transaction verification. Instead, it uses onchain ZK proofs as its verification mechanism. The math is the verification. Agglayer’s pessimistic proof layer is designed so that a chain can only withdraw what’s actually been deposited. Infinite mint, the failure mode behind the KelpDAO exploit and other prior high-profile bridge incidents involving Polkadot, BNB and Wormhole, is structurally designed to be prevented by this architecture. As with any technology, no architecture can guarantee immunity from all attack vectors, but we believe this design meaningfully reduces the attack surface compared to multisig and committee-based alternatives. 

That architecture signifies a higher degree of confidence under stress. Many institutions wanted to immediately derisk, and re-underwrite later. When I told institutional partners this week that Katana was open and their funds were accessible, that was true because the infrastructure underneath us was designed to hold up under pressure, not because we were relying on an offchain setup to hold up under pressure.

The duct tape I mentioned at the top – by which I mean one-of-one verifiers, two-of-three signers, and multi-layer RPC dependencies that much of the industry still relies on – is the opposite of this. The reason it keeps failing isn’t that the teams running it are bad. It’s that the model is wrong for the environment we’re in now.

What this week actually taught us

Curation discipline is the single highest-leverage thing an operator can do. The decisions made six months ago about what to include and what to reject are the reason we had a calm weekend instead of a catastrophic one. And the institutional relationships we have developed over the past six months are a reason Katana began the week as a liquid venue and continued servicing 8 figure redemptions throughout the week. The immediate impact is outflows and loss of TVL, the longer term impact is increased trust in Morpho on Katana and gains in TVL. 

Liquidity is a posture, not a number. A venue is only as liquid as its willingness to hold capital where redemptions actually happen, which is almost never the same place as where yield happens.

The duct tape has been tearing at an accelerating rate for eighteen months. Any operator still building on top of it is betting the attackers will stay away from their specific corner. I wouldn’t take that bet.

What must change now

The industry isn’t just diagnosing the problem. Some are already building the fix. All have decisions to make. 

It is obvious that one-of-one DVN verifiers are a thing of the past. Less obvious how asset issuers implement guard rails. Among others things, you could imagine only needing 1-of-N signers to pause a contract, but 5-of-6 signers to unpauase. Ethena’s has a Layer Zero implementation that utilizes custom rate limits that throttle cross chain transfers at $10m per hour for every DVN, and have a $10m per block rate limit on the mint contract. 

A core decision founders have to make is the trade-off between user experience and safe guarders. As the founder of Ethena remarks, “Yes it’s a slightly annoying inconvenience for users 99% of the time, but a worthwhile trade off to avoid going to zero.” 

Curation tiers will formalize and become more clear to the market. The distinction between prime and high-yield DeFi exposure — which sophisticated curators have been making informally for a while — will become more explicit and legible to institutional allocators. 

Innovation in institutional insurance products is coming soon. One implementation may be to build insurance into lending venues that force users to opt-out of insurance, rather than forcing them to go to a third party with expensive rates covering a minimal surface area. 

The founder base will consolidate around people who understand what they’re actually building. There’s a version of this industry where DeFi is treated as a software problem. Ship fast, iterate, patch later. The model doesn’t work when you’re building finance. Finance runs on trust and security is a core part of it. The obligations are different. The cost of being wrong isn’t a rollback – it’s permanent loss, at scale, with no recourse. The protocols still standing in two years will be run by founders who internalized that distinction early. 

The KelpDAO team is making progress and working through this situation with the support from broader industry participants. I hope they land well. But the next Kelp-level incident is already being planned somewhere, and the operators still standing a year from now will be the ones who took this week seriously.

We took it seriously. We’ll keep taking it seriously.