The $292 million Kelp DAO breach and subsequent impact on the crypto lending market has hit decentralized finance (DeFi) at a critical time.
As Wall Street firms move further into on-chain markets, the incident exposed how fragile some parts of the system remain and how much more work institutions have to do before they can expand their exposure.
In the weeks leading up to the hack, private credit giant Apollo Global Management (APO), which manages $900 billion in assets, signed a strategic partnership with Morpho to support the lending market and have the option to acquire the protocol’s governance token. Around the same time, BlackRock (BK), the world’s largest asset manager, introduced its tokenized money market fund to decentralized exchange Uniswap.
Industry insiders believe that this vulnerability is unlikely to disrupt the in-depth development of traditional finance (TradFi) into on-chain finance, but it highlights the problems that DeFi needs to solve before larger capital pools can enter.
“Speed bumps, not roadblocks”
“DeFi platforms are opening up new ways for investors to use their money more efficiently,” said Nick Cherney, head of innovation at Janus Henderson, an asset management firm that manages about $500 billion. “There are always risks for pioneers.”
Failures like the Kelp DAO flaw may slow momentum, but they also force improvements, Cherney said. He believes that these pressure points tend to produce stronger systems over time.
“It’s definitely a speed bump, but it’s not an obstacle,” Cherny said.
In his view, a long-term shift is already underway. Tokenized real-world assets—such as funds, bonds, and credits—are beginning to anchor the DeFi market, bringing with them the legal framework and risk controls that traditional finance has perfected over decades.
Cherny said events like this could accelerate that shift.
Improve safety bottom line
For security experts, the lesson is more immediate: The current setup isn’t enough.
“DeFi and on-chain asset management operate in a highly adversarial environment,” said Paul Vijender, head of security at Gauntlet. “A system is only as secure as its weakest link.”
This reality is pushing the industry to take more comprehensive defensive measures. He believes that zero-trust architecture, where no part of the system is considered secure, is becoming increasingly difficult to avoid.
In practice, this means layered protection: continuous monitoring, tighter controls, built-in redundancy. Do not rely on a single safeguard.
Evgeny Gokhberg, founder of digital asset management company Re7 Capital, said many of the industry’s “best practices” now need to become benchmark requirements.
This includes time locking of key governance actions, tighter multi-signature controls, stricter collateral standards, and stronger safeguards around bridges – one of the most common failure points in DeFi.
“Industry needs to view them as baseline requirements rather than best practices,” he said.
Towards Institutional-Grade DeFi
Centrifuge Labs CEO Bhaji Illuminati sees this shift as part of a broader financial evolution.
“TradFi has spent decades building layers of protection,” she said. “DeFi is doing this too, but in a much faster timeframe.”
She believes that for institutions to allocate capital on a large scale, certain conditions need to be met.
The first is clarity: Investors need to know exactly what they own, with verifiable collateral and a legal structure that corresponds to real-world risks.
Second is reliability: smart contracts, oracles, and governance processes must operate in a predictable, auditable manner.
Third, liquidity remains stable under stress, allowing capital to move in and out without distorting markets.
“Openness and security are not mutually exclusive,” says the Illuminati. “Our goal is to make trust explicit and verifiable.”
“Going forward, every layer of the DeFi stack needs to have security as its top priority,” she said. “This is becoming increasingly important in the era of artificial intelligence.”
Read more: Ledger CTO warns that artificial intelligence is making cryptocurrency security concerns worse