The DeFi hack shakes institutional confidence because the yield outweighs the risk
Security exploits are weighing on institutional appetite for decentralized finance (DeFi), even as broader crypto adoption continues with statscoins and tokenized assets.
In a research note in April, JPMorgan analysts noted that bridge security remains a challenge for the industry, raising questions about whether DeFi can grow to support more institutional adoption.
The most recent exploit on the Versus-Ethereum bridge was in 2015. It was the eighth largest attack on Daffy Bridges in 2026, with total losses of $328.6 million.
DeFi bridges remain prime targets for hackers looking to steal millions of dollars. Source: PeckShield
Misha Putiatin, CEO of smart contract security firm and co-founder of the DeFi protocol symbiotic, said he regularly fields calls from major traditional institutions regarding DeFi vulnerabilities.
“Another big hack with five minutes left to call with a big cultural institution,” he told Cointelegraph.
“Is this normal sitting there staring at me? Is this everyday for you?”
Still, institutions can get into DeFi, but the terms they reach could turn it into something more like traditional finance than the open, permissionless system its developers envisioned.
DeFi has become too complex for DYOR.
At the beginning of April, the North Korean Lazarus group in $285 Million Drift Protocol ExploitationHackers approached Drift contributors in a months-long social engineering campaign. In person crypto conference.
They were the same actors Responsible for KelpDAO violation A few weeks later, that had flowed to $290 million from the protocol's cross-chain bridge.
The total value locked in DeFi has dropped from under $100 billion to around $86 billion. The outflows came from pools with no direct exposure to distressed assets, JPMorgan analysts said.
Diffie Pools lost around $14 billion after the attack on KelpDAO. Source: Depilama
Related: Wall Street's token boom has a liquidity problem: Axis CEO
Putiatin says the complexity of modern defy makes it nearly impossible for ordinary users to know where their risks lie. “Your own research doesn't work anymore,” he said. “It really hasn't been working for a long time.”
He explained that the system is becoming more interconnected and complex to trace.
For example, when a user deposits Ether (ETH) to get a product without touching another token, they may still be hacked on a bridge connected to a token they've never heard of.
Do your own research or DYOR is an industry mantra born in the early days of Bitcoin, when protocols were simple enough that a user could read a white paper and make an informed decision.
Today, with smart contracts running up to tens of thousands of lines of code, protocols overlapping each other, and new services and tokens being launched at breakneck speed, this expectation has become nearly impossible to meet.
“I never expect people who want to invest their money to know every part of the stack themselves,” Puttin said.
“I'm not going to spend the next two years of my life trying to figure out how to get a 6% yield,” he said, adding that traditional financing options are close enough that the security risk of DeFi means little to most investors.
A decreasing premium for uninsured risk
Tether (USDT), the world's largest stablecoin, offers a 2.74% supply API on Aave's Ethereum market, the largest DeFi lending protocol. That's it. Below 3.57% on the three-month US Treasury bill. Circle USDC (USDC) price is 4.14% better.
Submit APY and borrow on Aave's Ethereum marketplace. Source: Spirit
Related: Why stablecoins and SWIFT should coexist
Putiatin said the institutions clearly see this, though they struggle to measure it accurately. The problem is that organizations don't have a reliable framework to estimate the value of the underlying hacking threat.
“You can't afford risk,” he said. “So they're going to cut down on what we have to offer.”
As the market matures, Diffie's yields have been squeezed, eroding the premium that once justified the risk.
At the same time, the abductions did not decrease. For investors used to writing off risk with objective precision, the upside and undetectable low risk is a tough sell.
The price of a seat at the table
Putiatin standard Diffie truly turns the corner when an onchain insurance system is able to underwrite the risk of hacking across the entire ecosystem and value it with the precision that institutions demand.
“When we have circuit breakers, regulators who can do due diligence and a framework for that – we get the fourth thing that we really need as an industry,” he said. “We get insurance.”
DeFi has lost more than $7.76 billion to exploitation, according to DeFillama Data Back to 2016. Even if there are defiant insurance providers, they have very little capacity to prevent anything approaching institutional scale.
Without that infrastructure, inbound institutions will demand full checks of your client, retention controls, and tokens that can be blocked at any time.
What makes building DeFi worthwhile is its open, license-free architecture to satisfy compliance requirements.
“All our advantages as an industry are gone,” he said. “Blockchain will just be a database.”
It is this result that worries Putiatin more than his enemies themselves. The hacks, at least, are a problem the industry can work on. The DeFi version of the technology had to change to make the institutions secure enough for their responsibilities, giving away everything.
Magazine: 5 Technology Predictions The Mainstream Media Got Horribly Wrong
