The $292 million Kelp DAO mining and its consequences for crypto lending markets have hit decentralized finance (DeFi) at a pivotal moment.
Just as Wall Street firms have delved deeper into onchain markets, the incident revealed how fragile elements of the system remain and how much work remains to be done before institutions can increase their exposure.
In the weeks leading up to the hack, private lending giant Apollo Global Management (APO), which oversees $900 billion, signed a strategic partnership with Morpho to support lending markets with the ability to also acquire governance tokens from the protocol. Around the same time, the world’s largest asset manager, BlackRock (BK), listed its tokenized money market fund on the decentralized exchange Uniswap.
This feat is unlikely to derail traditional finance (TradFi), which is moving deeper into on-chain finance, industry insiders argued, but highlighted what DeFi needs to fix before larger pools of capital can enter.
“A speed bump, not a roadblock”
“DeFi platforms are opening new avenues for investors to use their capital more efficiently,” said Nick Cherney, head of innovation at Janus Henderson, an asset manager that oversees around $500 billion in assets. “Pioneers will always face risks.”
Failures like the Kelp DAO exploit can slow momentum, Cherney said, but they also force improvements. Over time, these pressure points tend to produce stronger systems, he argued.
“It’s definitely a speed bump, but not a roadblock,” Cherney said.
According to him, the longer-term transition is already taking shape. Real-world tokenized assets – such as funds, bonds and credit – are beginning to anchor DeFi markets, bringing legal frameworks and risk controls that traditional finance has refined over decades.
Episodes like this could accelerate that transition, Cherney said.
Increase the level of security
For security specialists, the lesson is more direct: the current configuration is not good enough.
“DeFi and onchain asset management operate in a high-conflict environment,” said Paul Vijender, head of security at Gauntlet. “Systems are only as secure as their weakest links.”
This reality is pushing the industry toward more comprehensive defenses. Zero trust architectures – in which no part of the system is considered secure – are increasingly difficult to avoid, he argued.
In practice, this means layering protections: continuous monitoring, stricter controls, built-in redundancies. Don’t rely on just one warranty.
Evgeny Gokhberg, founder of digital asset manager Re7 Capital, said many of the industry’s “best practices” must now become baseline requirements.
This includes deadlines for key governance actions, stricter multi-signature controls, stricter collateralization standards, and stricter safeguards around bridges – one of the most common failure points in DeFi.
“The industry needs to treat these as basic requirements and not best practices,” he said.
Towards institutional-grade DeFi
Bhaji Illuminati, CEO of Centrifuge Labs, sees this shift as part of a broader squeeze in financial evolution.
“TradFi has had decades to put layers of protection in place,” she said. “DeFi is doing this as well, but on a significantly accelerated schedule.”
For institutions to allocate capital at scale, she argued, certain conditions must be met.
The first is clarity: investors must know exactly what they own, with verifiable guarantees and legal structures adapted to real risks.
Second, reliability: smart contracts, oracles and governance processes must behave in a predictable and verifiable manner.
Third, there is liquidity that resists pressure, allowing capital to flow in and out without distorting markets.
“Being open and secure are not mutually exclusive,” Illuminati said. “The goal is to make trust explicit and verifiable.”
“Going forward, every layer of the DeFi stack must make security its number one priority,” she said. “This is becoming increasingly important in the age of artificial intelligence.”
Read more: AI further worsens crypto security problem, warns Ledger CTO
