JPMorgan says persistent security flaws curb DeFi’s institutional appeal
A $20 billion hit from the KelpDAO exploit highlights systemic risks, while flat ETH-denominated growth and a shift to stablecoins point to ongoing fragility in DeFi.
What to know:
- JPMorgan said hacks and stagnant capital levels in decentralized finance continue to weigh on DeFi’s institutional appeal, highlighted by a $20 billion hit from the KelpDAO exploit.
- Bridge and infrastructure exploits remain the main risk, with losses tracking 2025 levels and undermining trust.
- Investors are rotating into stablecoins like USDT as a flight to safety during stress, the bank said.
The KelpDAO exploit, which the bank said erased about $20 billion in TVL within days, exposed structural risks.
An attacker breached a cross-chain bridge, minted $292 million in unbacked rsETH and used it as collateral to drain lending protocols, leaving roughly $200 million in bad debt. Contagion spread beyond directly affected platforms, underscoring how DeFi’s interconnectedness can amplify shocks.
“Much as traditional investors shift towards cash in uncertain times, crypto participants have responded to recent exploits by seeking refuge in stablecoins,” wrote analysts led by Nikolaos Panigirtzoglou in the Wednesday report.
Hacks and exploits remain a central risk for crypto because they directly undermine trust in systems that rely on code rather than intermediaries. Smart contract bugs, phishing and cross-chain bridge flaws can expose large pools of locked assets, with attackers often needing to exploit just a single weak point to trigger outsized losses.
