JPMorgan says persistent security flaws curb DeFi’s institutional appeal
A $20 billion hit from the KelpDAO exploit highlights systemic risks, while flat ETH-denominated growth and a shift to stablecoins point to ongoing fragility in DeFi.
By Will Canny, AI Boost|Edited by Sheldon Reback Apr 23, 2026, 2:38 p.m. Make preferred on
What to know:
- JPMorgan said hacks and stagnant capital levels in decentralized finance continue to weigh on DeFi’s institutional appeal, highlighted by a $20 billion hit from the KelpDAO exploit.
- Bridge and infrastructure exploits remain the main risk, with losses tracking 2025 levels and undermining trust.
- Investors are rotating into stablecoins like USDT as a flight to safety during stress, the bank said.
Persistent security vulnerabilities and stagnant total value locked (TVL) are weighing on decentralized finance’s (DeFi) institutional appeal, according to Wall Street investment bank JPMorgan (JPM).
TVL refers to the total value of crypto assets deposited in DeFi protocols, and is commonly used as a gauge of the size, usage and overall health of the ecosystem.
The KelpDAO exploit, which the bank said erased about $20 billion in TVL within days, exposed structural risks.
An attacker breached a cross-chain bridge, minted $292 million in unbacked rsETH and used it as collateral to drain lending protocols, leaving roughly $200 million in bad debt. Contagion spread beyond directly affected platforms, underscoring how DeFi’s interconnectedness can amplify shocks.
"Much as traditional investors shift towards cash in uncertain times, crypto participants have responded to recent exploits by seeking refuge in stablecoins," wrote analysts led by Nikolaos Panigirtzoglou in the Wednesday report.
Hacks and exploits remain a central risk for crypto because they directly undermine trust in systems that rely on code rather than intermediaries. Smart contract bugs, phishing and cross-chain bridge flaws can expose large pools of locked assets, with attackers often needing to exploit just a single weak point to trigger outsized losses.
These vulnerabilities are amplified by the complexity and interconnectedness of blockchain infrastructure. Cross-chain bridges, for example, expand functionality but also increase the attack surface, and have been responsible for billions of dollars in losses because they rely on complicated designs, shared infrastructure and sometimes weak validation mechanisms.
Beyond the immediate financial damage, repeated exploits erode confidence across the ecosystem. Each major hack can drive users and institutions away, prompt stricter regulation and slow adoption, making security a foundational constraint on crypto’s growth.
The bank's analysts noted hack losses this year are tracking 2025 levels, with infrastructure and bridge exploits still the primary vulnerability despite gains in smart contract auditing.
Growth also remains muted. While TVL has partially recovered in dollar terms, it is largely unchanged in terms of ether (ETH), suggesting limited organic expansion and raising questions about DeFi’s ability to scale for institutional use, the report said.
In periods of stress, investors continue to rotate into stablecoins. Following the exploit, capital flowed from DeFi lending into Tether’s USDT, which benefits from deeper liquidity and faster off-ramps, reinforcing its role as a preferred flight-to-safety asset, the report said.
DeFiHackJPMorganAI Disclaimer: Parts of this article were generated with the assistance from AI tools and reviewed by our editorial team to ensure accuracy and adherence to our standards. For more information, see CoinDesk's full AI Policy.More For You
Cardano builder seeks smaller funding slice of $46.8 million for scaling and Bitcoin DeFi
By Shaurya Malwa|Edited by Omkar Godbole9 hours ago
The engineering organization behind Cardano submitted nine proposals totaling $46.8 million for the 2026 voting cycle, down from $97.5 million last year.
What to know:
- Input Output, the main engineering firm behind Cardano, has cut its 2026 funding request from the community treasury to $46.8 million, about half of last year’s $97.5 million ask, as it begins phasing out reliance on community money.
- The company is seeking support for nine proposals centered on a major...
Tether freezes $344 million in USDT on Tron tied to 'illicit activity'
7 minutes ago
BIS warns cryptocurrency exchanges are becoming ‘shadow banks,’ and why that's a risk
25 minutes ago
The $145 billion math: Why bitcoin’s quantum threat is manageable, not existential
1 hour ago
Ripple-linked XRP slips amid bitcoin profit-taking, ETF delay
1 hour ago
CoinDesk 20 performance update: Uniswap (UNI) drops 3.9%, leading index lower
1 hour ago
More than 90% of Web3 games failed after $15 billion boom as gamers never showed up: Caladan
1 hour agoTop Stories
More than 100 crypto firms urge Senate to move on U.S. market structure bill
4 hours ago
The DAT collapse: Pantera wants Satsuma to dump its bitcoin as shares crash 99%
4 hours ago
U.S. military runs Bitcoin node, sees crypto as power projection versus China
3 hours ago
Bitcoin slips from near $80,000 as oil price increase weighs on risk assets
4 hours ago