JPMorgan: Persistent security gaps and flat growth are keeping institutions away from DeFi
Wall Street giant JPMorgan warns that lingering security weaknesses and lackluster growth are undermining decentralized finance’s (DeFi) appeal to institutional investors. The bank’s analysts, led by Nikolaos Panigirtzoglou, argue these problems are visible in both recent high-profile exploits and stagnating measures of ecosystem activity.
What’s at stake: TVL and trust
Total value locked (TVL) — the dollar value of crypto assets deposited in DeFi protocols and a key gauge of the sector’s size and health — has shown only a limited rebound. While TVL recovered somewhat in dollar terms after recent turmoil, it remains essentially unchanged when measured in ether (ETH), a sign of muted organic growth and a potential barrier to institutional adoption.
KelpDAO exploit exposed systemic risks
JPMorgan highlighted the KelpDAO incident as a case study in structural vulnerability. The attack on a cross-chain bridge resulted in roughly $20 billion of TVL evaporating within days. The attacker minted about $292 million of unbacked rsETH, used it as collateral to drain lending platforms, and left around $200 million in bad debt. Losses rippled beyond the directly targeted protocols, illustrating how interconnected DeFi can amplify shocks.
“Much as traditional investors shift towards cash in uncertain times, crypto participants have responded to recent exploits by seeking refuge in stablecoins,” the report said.
Why bridges and complexity matter
Hacks and exploits remain a central risk because they directly erode confidence in systems governed by code rather than intermediaries. Smart contract bugs, phishing and especially cross-chain bridge flaws can expose large pools of locked assets — attackers often need only a single weak link to trigger outsized losses. Bridges extend functionality across chains but also broaden the attack surface through shared infrastructure and complex validation logic, and have been behind billions in losses historically.
Broader implications
Beyond immediate financial damage, repeated exploits sap user and institutional confidence, invite tighter regulation and slow mainstream adoption. JPMorgan’s team notes that infrastructure and bridge exploits continue to be the primary vulnerability even as smart contract auditing has improved.
Flight to stablecoins
In periods of stress investors rotate into stablecoins. After the KelpDAO exploit, capital flowed out of DeFi lending and into Tether’s USDT, which the report says benefits from deeper liquidity and quicker off-ramps — reinforcing its role as a go-to flight-to-safety asset.
Bottom line: until core security gaps — especially around bridges and shared infrastructure — are meaningfully addressed, JPMorgan believes DeFi will struggle to win broad institutional trust and scale.
Read more AI-generated news on: undefined/news
