Persistent security breaches are dampening institutional interest in decentralized finance, even as adoption of broader cryptocurrency technologies like stablecoins and tokenized assets continues to gain traction.
In an April research report, analysts at JPMorgan highlighted that securing cross-chain bridges remains a persistent hurdle for the DeFi space. This raises serious questions about whether the ecosystem can scale to accommodate major institutional players.
The recent breach of the Versus-Ethereum bridge marks the eighth significant assault on DeFi bridges so far this year, with combined damages reaching $328.6 million.
DeFi bridges continue to be top targets for cybercriminals aiming to siphon off millions. Source: PeckShield
Misha Putiatin, CEO of smart contract security company Statemind and co-founder of the DeFi protocol Symbiotic, noted that he frequently receives inquiries from large traditional financial institutions looking to explore DeFi opportunities, often at the worst possible moments.
“Right before a scheduled call with a major traditional institution, another massive hack occurs,” he shared with Cointelegraph.
“They look at me and ask, ‘Is this typical? Does this happen daily for you?'”
While institutions may eventually enter the DeFi space, the conditions under which they participate could fundamentally transform it, making it resemble traditional finance more closely than the open, permissionless system originally envisioned by its creators.
DeFi’s complexity has outpaced individual research capabilities
Earlier this month, North Korea’s Lazarus Group was linked to the $285 million Drift Protocol exploit, executed through an elaborate social engineering scheme where operatives targeted Drift contributors at a physical cryptocurrency conference.
The same group was accused of the subsequent KelpDAO breach, which resulted in approximately $290 million being drained from the protocol’s cross-chain bridge.
Total value locked in DeFi protocols dropped from nearly $100 billion to around $86 billion within two days of the April KelpDAO incident. According to JPMorgan analysts, the withdrawals affected pools with no direct connection to the compromised assets.
DeFi pools experienced approximately $14 billion in outflows following the KelpDAO attack. Source: DefiLlama
Related: Wall Street’s tokenization boom has a liquidity problem: Axis CEO
Putiatin explained that today’s DeFi landscape has become so intricate that average users cannot realistically assess their true risk exposure. “The ‘do your own research’ approach is no longer viable,” he stated. “It stopped being effective a long time ago.”
He pointed out that the ecosystem has grown too interconnected and complex to navigate safely.
For instance, even a user who simply deposits Ether (ETH) to earn yield without interacting with other tokens can still suffer losses from a bridge exploit involving a token they’ve never encountered.
The “DYOR” principle originated during Bitcoin’s early days when protocols were straightforward enough for users to review whitepapers and make informed choices.
Now, with smart contracts containing tens of thousands of lines of code, protocols built upon each other, and new services and tokens launching rapidly, that expectation has become nearly impossible to fulfill.
“I don’t expect ordinary investors to understand every layer of the technology stack,” Putiatin remarked.
“I wouldn’t dedicate two years of my life just to secure a 6% return,” he added, noting that traditional finance alternatives offer comparable yields, making DeFi’s security risks hard to justify for most investors.
Diminishing returns for unpredictable risks
Tether (USDT), the leading stablecoin globally, currently offers a 2.74% annual percentage yield on Aave’s Ethereum platform, the largest DeFi lending protocol. This falls short of the 3.57% yield available on three-month US Treasury bills. Circle’s USDC (USDC) performs slightly better at 4.14%.
Supply and borrow APY on Aave’s Ethereum market. Source: Aave
Related: Why stablecoins and SWIFT may have to coexist
Putiatin observed that institutions recognize this reality, even if they struggle to measure it precisely. The core issue is that institutions lack reliable methods to assess the hack risk underlying their investments.
“They cannot accurately price the risk,” he explained. “As a result, they significantly discount the yields we offer.”
DeFi yields have decreased as the market has matured, reducing the premium that once justified the associated risks.
Meanwhile, security breaches continue unabated. For investors accustomed to precise risk assessment, diminishing returns combined with unquantifiable threats present a challenging proposition.
The price of institutional acceptance
Putiatin believes the true turning point for DeFi will come when the ecosystem develops an onchain insurance system capable of underwriting hack risk across the entire network with the actuarial precision that institutions demand.
“Once we establish circuit breakers, curators who can conduct proper due diligence, and a comprehensive framework for these measures, we’ll achieve the fourth critical component our industry urgently needs,” he said. “We’ll have insurance.”
According to DeFiLlama data dating back to 2016, DeFi has suffered over $7.76 billion in losses from exploits. While DeFi insurance providers exist, their capacity remains insufficient to support institutional-scale operations.
Without such infrastructure, institutions that do enter the space will impose their own requirements, including full know-your-customer verification, custodial controls, and tokens that can be frozen at will.
The open, permissionless foundation that made DeFi valuable in the first place gets dismantled to meet regulatory demands.
“All the advantages we possess as an industry essentially disappear,” he noted. “Blockchain becomes merely another database.”
Putiatin finds this outcome more concerning than the hacks themselves. While security breaches represent solvable problems, a version of DeFi that institutions have stripped down to meet their compliance requirements represents a surrender of everything the technology was meant to revolutionize.
Magazine: 5 tech predictions the mainstream media got horribly wrong
