A recent $292 million hack targeting Kelp DAO has cast a spotlight on the vulnerabilities within decentralized finance (DeFi), occurring just as Wall Street firms were increasing their involvement in on-chain markets. This incident underscores the fragility of certain aspects of DeFi and the significant work required before institutions can scale their engagement.
Prior to this exploit, Apollo Global Management, which manages $900 billion, had announced a strategic partnership with Morpho to support lending markets, including acquiring governance tokens from the protocol. Concurrently, BlackRock, the world’s largest asset manager, launched its tokenized money market fund on decentralized exchange Uniswap.
Despite these developments, industry insiders believe this hack won’t stop traditional finance (TradFi) from entering on-chain finance, though it does highlight DeFi’s need for improvements to accommodate larger capital inflows. “DeFi platforms are innovating new methods for investors to optimize their capital,” said Nick Cherney, head of innovation at Janus Henderson, which oversees $500 billion in assets. “Pioneers naturally encounter risks.” While incidents like the Kelp DAO hack may slow progress, they also drive enhancements, ultimately leading to more robust systems, according to Cherney.
“This is a speed bump rather than an impediment,” he noted. The longer-term trend, he added, involves tokenized real-world assets such as funds, bonds, and credit anchoring DeFi markets, bringing in legal frameworks and risk controls honed by traditional finance over decades.
For security experts, the message is straightforward: current systems are insufficient. “DeFi and on-chain asset management exist within a highly adversarial environment,” said Paul Vijender, head of security at Gauntlet. “The system’s strength is determined by its weakest link.” This understanding is propelling the industry towards more comprehensive defenses, including zero-trust architectures where no part of the system is inherently secure.
This means implementing layered protections: continuous monitoring, stricter controls, and built-in redundancies. Reliance on a single safeguard is inadequate.
Evgeny Gokhberg, founder of Re7 Capital, emphasized that many industry ‘best practices’ must become fundamental requirements. These include time locks on governance actions, enhanced multi-signature controls, tighter collateral standards, and improved safeguards around bridges, often DeFi’s weakest links.
“These should be baseline requirements rather than best practices,” he stated. Bhaji Illuminati, CEO of Centrifuge Labs, views this evolution as part of a broader compression in financial development. “TradFi has developed numerous protections over decades. DeFi is accelerating this process but on a much faster timeline,” she said.
For institutions to invest at scale, Illuminati pointed out three conditions: clarity (investors must understand their holdings with verifiable collateral and legal structures), reliability (smart contracts, oracles, and governance processes should be predictable and auditable), and stable liquidity that maintains integrity under stress. “Openness and security are not mutually exclusive,” she said. “The objective is to make trust explicit and verifiable.” Illuminati stressed the importance of prioritizing security across all DeFi layers, especially with advancing artificial intelligence technologies.