JPMorgan says lingering security weaknesses and flat growth are denting DeFi’s appeal to institutions
Persistent security vulnerabilities — and a lack of meaningful growth in total value locked (TVL) — are undermining decentralized finance’s bid to attract institutional capital, according to a report from Wall Street bank JPMorgan.
Why TVL matters
- TVL measures the total crypto assets deposited in DeFi protocols and is a common gauge of the sector’s size, usage and health. JPMorgan says recent events have exposed structural risks that make institutions wary.
The KelpDAO shockwave
- The bank highlights the KelpDAO exploit as a stark example. Within days the incident wiped about $20 billion from DeFi’s TVL. An attacker compromised a cross-chain bridge, minted roughly $292 million of unbacked rsETH, and used it as collateral to drain lending platforms — leaving around $200 million in bad debt.
- The fallout didn’t stay isolated. Contagion spread beyond the directly hit platforms, emphasizing how DeFi’s interconnectedness can magnify losses.
Institutions flee to safety
- “Much as traditional investors shift towards cash in uncertain times, crypto participants have responded to recent exploits by seeking refuge in stablecoins,” wrote analysts led by Nikolaos Panigirtzoglou in the Wednesday report. JPMorgan notes capital flowed out of DeFi lending and into Tether’s USDT, which offers deeper liquidity and quicker off-ramps — reinforcing its role as a flight-to-safety asset.
Why hacks keep happening
- Hacks and exploits remain a core risk because DeFi depends on code, not intermediaries. A single flawed smart contract, phishing attack or cross-chain bridge vulnerability can expose large pools of funds.
- Cross-chain bridges are singled out: they expand functionality but also increase attack surface. Complex designs, shared infrastructure and weak validation have made bridges responsible for billions in losses.
Broader consequences
- Beyond immediate financial damage, repeated exploits erode user and institutional confidence, invite tighter regulation and slow mainstream adoption — making security a foundational constraint on crypto’s growth.
- JPMorgan’s analysts say hack losses this year are tracking 2025 levels, with infrastructure and bridge exploits still the primary weakness despite advances in smart-contract auditing.
Growth remains muted
- Although TVL has partially recovered in dollar terms, it is largely unchanged when measured in ether (ETH), indicating limited organic expansion and raising questions about DeFi’s ability to scale for institutional use.
Bottom line
- JPMorgan’s take: until DeFi can shore up its most exposed components — especially bridges and core infrastructure — persistent security risks plus stagnant underlying growth will continue to curb institutional interest and slow the ecosystem’s path to wider adoption.
Read more AI-generated news on: undefined/news
