A competitor’s hack is not your problem until it becomes contagious. The moment a DeFi protocol loses tens of millions of dollars, every other protocol in the same category inherits a question: are they next? Should we worry?
When answering these questions, users don’t deliberate. They open their positions and make a decision within minutes, often not in the company’s favour. By the time your communications team drafts a statement, a significant share of your TVL may already be moving out the door.
Why Contagion Panic is a Communications Problem
In traditional finance, a bank run spreads when people decide it’s better to get out early rather than trust that everyone else will stay calm. We saw this multiple times, and the most clear example was the Silicon Valley Bank that collapsed exactly because of the contagious fear.
The same logic applies in DeFi, but much faster. When someone publishes an exploit in real time on X/Twitter, and anyone can read on-chain withdrawal flows, the decision window for a user is measured in minutes.
Research on bank run psychology shows that the content of an institution’s message matters less than its speed. It’s better to communicate quickly and show that leadership sees the situation and has a plan to prevent the downfall. As the silence usually confirms the worst assumption and lets the panic and rumours spread.
Resolv Lost the First Hours, but Won the Recovery
On March 22, 2026, an attacker obtained a privileged key used to authorise USR issuance and minted approximately 80 million unbacked stablecoins, extracting roughly $24.5 million before contracts were paused. The protocol held over $400 million at the time, and, in the end, USR fell to $0.025 within 17 minutes of the first mint.
When considering the first reaction of the project, it is a good example of what not to do. The Resolv’s failure was in the fact that the initial narrative was shaped by outside observers. Put simply, there was no proper reaction on behalf of the project. By the time the protocol’s first post appeared, Cointelegraph had already published its version, and the community had formed its theory.
What Resolv did well was everything that came after. They ran recovery communication for more than f two months and rested on a consistent message that the “collateral is safe,” ensuring investors and users.
So, even with a delayed start, the team managed to transform the dominant question from “Resolv was hacked for $25M” to “how is Resolv compensating users and rebuilding?” That shift is achievable even after losing the first window. The issue is that it just costs more effort and time than getting the first window right would have.
KelpDAO’s Language and the Dangers of Narrative War
In April 2026, due to a vulnerability in the bridge related to the LayerZero integration, about $292 million in rsETH was stolen from KelpDAO, the largest DeFi hack of the year.
In comparison with Resolv, the team reacted quickly enough: the first statement was released a few hours after the incident. However, problems appeared in how the information was submitted.
KelpDAO emphasised that the problem was not in the main protocol, but in the bridge and message transmission infrastructure. Technically, this was true, but this wording looked like an attempt to put responsibility on LayerZero.
In response, LayerZero stated that the reason was the configuration chosen by KelpDAO itself. As a result, a public dispute broke out between the partners over who was to blame.
For users, such disputes rarely end with one side winning, as they usually just lose trust in all the parties to the conflict. As a result, the reputational damage turned out to be greater than from the initial communication errors.
But at the same time, from a technical point of view, KelpDAO acted competently. The project quickly stopped the work of the affected contracts, published the results of the investigation and information on the movement of funds, and later abandoned LayerZero in favour of another infrastructure. This has helped to gradually shift attention from the hacking itself to the issue of improving security standards in the industry.
What Bystander Protocols Must Do in the First Two Hours
These two cases (and actually, there are many more) show the same logic that DeFi teams have to use: the decision to communicate or stay silent has to be made before you have enough information to be certain of anything. But the content itself is no less important.
Most communications teams tend to wait until they have complete information. But although at first sight, it might seem rational, in the end, that basic instinct turns out to be almost always wrong.
So, no matter if you are compromised or not, if your users start asking questions, you have to answer them. And to stay clear as much as possible, DeFi teams can use the following steps described below.
1. Monitor for sector incidents in real time
If your security team has its own researchers, they typically find exploits before official confirmations. A proactive approach will help you formulate a statement even before you need it.
2. Publish a brief factual statement within 90 minutes of any major sector incident
As we mentioned, there is no difference whether you have been affected or not. It’s better to do so because your users need to know whether they should be concerned.
3. Determine in advance on whose behalf you will speak
If the incident concerns you directly, communication should go through the project’s official account. If we are talking about industry or indirect influence, the message from the founder may be perceived more convincingly.
4. Be honest and clear
If you use the same contractor or infrastructure partner as the affected project, immediately explain exactly how you use this service and whether the problem affects you. Don’t wait for questions.
Conclusion
In DeFi, contagion is as much a communications risk as it is a technical one. When a major protocol is hacked, users do not wait for complete investigations or carefully weigh the facts. They make decisions quickly, often based on the first information available.
That’s why the lesson is not to wait until you have all the answers. Monitor incidents across the sector, clearly explain your exposure, and stay focused on facts. In moments of market stress, silence creates uncertainty, and uncertainty is what fuels panic.
The protocols that retain trust are not necessarily those that avoid crises. They are the ones who communicate clearly before fear fills the information vacuum.
FAQ
Should a protocol comment on a competitor’s hack if it has no direct exposure?
In most cases, yes, but the content matters more than the decision itself. A statement that says nothing specific provides no value, and it doesn’t indicate whether it is exposed. A statement that explains the specific difference between the affected protocol and the commenter performs real work for users trying to make decisions.
What is the right timing for a bystander statement?
The two-hour window from when an incident becomes public on social media is the relevant benchmark. Before two hours, the specific details of most exploits are still emerging; after two hours, the initial narrative has typically been shaped in the media.
Is there a risk in commenting too quickly?
Yes, but it is usually smaller than the risk in waiting. The biggest risk of making a statement too quickly is that new information may later prove it wrong. If you say you’re not affected, and it turns out you are, trust can be damaged. The best way to avoid this is to communicate carefully and stick to the facts you can confirm.
What role does a proof of reserves or real-time dashboard play in a sector crisis?
A significant one. The core problem during sector-wide contagion is that users are making decisions based on uncertainty. Anything that replaces uncertainty with verifiable data interrupts the decision cascade. In this case, protocols that have a standing transparency infrastructure can point users to data rather than asking them to trust a statement.
