JPMorgan Cautions That Security Weaknesses Undermine DeFi Growth

TLDR

• JPMorgan indicated that ongoing security vulnerabilities keep restricting DeFi’s attractiveness to institutional players.
• The KelpDAO hack wiped out approximately $20 billion in total value locked over a few days.
• A bad actor created $292 million worth of unbacked rsETH tokens and left almost $200 million in non-performing debt.
• JPMorgan noted that hack-related losses this year are on par with 2025 figures.
• The bank stated that cross-chain bridge weaknesses remain a major area of vulnerability.

---

(SeaPRwire) –   JPMorgan stated that continuous security breaches and stagnant total value locked are hindering the growth of decentralized finance. The bank connected frequent hacks to reduced institutional trust and slower expansion of the ecosystem. Analysts also mentioned that recent attacks have caused capital to shift into stablecoins like USDT.

JPMorgan Highlights Structural Risks Following KelpDAO Breach

JPMorgan noted that the KelpDAO hack wiped out roughly $20 billion in total value locked in just a few days. The bank characterized the event as proof of structural vulnerabilities across linked protocols.

A hacker compromised a cross-chain bridge and generated $292 million in unbacked rsETH. The hacker then utilized these tokens as collateral to siphon funds from lending platforms, leaving almost $200 million in bad debt.

The bank explained that the impact spread beyond the initial targets due to protocols sharing liquidity and collateral connections. Consequently, losses affected platforms that had no direct involvement with the original hack.

Analysts headed by Nikolaos Panigirtzoglou stated: “Crypto users have reacted to recent hacks by taking shelter in stablecoins.” They drew a parallel between this shift and traditional investors moving to cash during times of uncertainty.

JPMorgan indicated that hack incidents are still matching 2025 levels. The report noted that infrastructure and bridge hacks remain the main weak spots, even with improved smart contract audits.

The bank clarified that cross-chain bridges enhance functionality but also widen the attack surface. It further noted that complex validation systems and shared infrastructure increase the likelihood of significant losses.

Stablecoin Inflows Increase as TVL Growth Stagnates

JPMorgan noted that total value locked has bounced back in dollar terms but stays flat when measured in ether. The bank stated this trend points to limited organic growth across DeFi platforms.

The report mentioned that slow growth casts doubt on DeFi’s ability to scale for institutional use. Analysts said institutional involvement requires more robust safeguards and consistent system performance.

After the hack, capital shifted from lending protocols to Tether’s USDT. JPMorgan explained that USDT advantages include deep liquidity and quicker off-ramps during market turmoil.

The bank observed that stablecoins frequently serve as a defensive investment during volatile periods. It stated that users move their funds into dollar-pegged assets when protocol risks increase.

JPMorgan further stated that repeated hacks undermine trust in systems dependent on automated code. The report noted that attackers often take advantage of a single vulnerability to access large asset pools.

The bank also mentioned that phishing attacks and bridge weaknesses put locked funds across chains at risk. It explained that DeFi’s interconnected structure magnifies losses once an exploit starts.

JPMorgan concluded that security is still a key barrier to DeFi adoption. The report verified that recent hack losses are consistent with levels seen earlier in the year.