JPMorgan: Security gaps and stale growth dent DeFi’s appeal to institutions
Persistent security weaknesses and lackluster growth are undermining decentralized finance’s bid for institutional capital, according to a new report from JPMorgan. The bank highlights that recurring exploits and a flatlining measure of activity known as total value locked (TVL) are making DeFi a tougher sell to risk-conscious investors.
TVL — the dollar value of crypto assets deposited in DeFi protocols and a common gauge of ecosystem size and usage — plunged after the KelpDAO attack, which JPMorgan says wiped out roughly $20 billion in TVL within days. In that exploit, an attacker breached a cross-chain bridge, minted about $292 million of unbacked rsETH, and used it as collateral to drain lending platforms, creating roughly $200 million in bad debt. The fallout didn’t stop at the directly hit platforms: contagion spread across the interconnected DeFi web, illustrating how a single weak link can trigger outsized system-wide damage.
“Much as traditional investors shift towards cash in uncertain times, crypto participants have responded to recent exploits by seeking refuge in stablecoins,” wrote analysts led by Nikolaos Panigirtzoglou. JPMorgan’s team notes that this flight-to-safety trend accelerated after the KelpDAO incident: capital moved out of DeFi lending and into Tether’s USDT, which benefits from deeper liquidity and quicker off-ramps.
Hacks remain a central risk because DeFi systems rely on code instead of intermediaries. Smart contract bugs, phishing, and especially cross-chain bridge vulnerabilities can expose large pools of locked assets — and attackers often need to exploit just one weak point. Bridges, while enabling cross-chain functionality, widen the attack surface: their complex designs, shared infrastructure, and sometimes fragile validation processes have been blamed for billions in losses.
Beyond immediate financial damage, JPMorgan warns that repeated exploits erode confidence, drive users and institutions away, invite tighter regulation, and slow broader adoption. The bank also observes that while TVL has partially recovered in dollar terms, it remains largely unchanged when measured in ether (ETH), suggesting limited organic growth and raising doubts about DeFi’s scalability for institutional use.
Even with improvements in smart-contract auditing, JPMorgan says infrastructure and bridge exploits remain the primary vulnerability. The report frames security as a foundational constraint: until systemic weak points are addressed, DeFi’s institutional runway will likely stay constrained.
Read more AI-generated news on: undefined/news
