Institutional Interest in DeFi Wanes as Security Breaches Outstrip Returns

Institutional Interest in DeFi Wanes as Security Breaches Outstrip Returns

A series of bridge compromises and declining returns are prompting institutional investors to reconsider if DeFi's potential rewards justify its security threats, according to Symbiotic's Putiatin.

Continuing security breaches are dampening institutional enthusiasm for decentralized finance (DeFi), despite the fact that wider cryptocurrency adoption persists via stablecoins and tokenized financial products.

According to a research report published by JPMorgan analysts in April, bridge security continues to present a significant obstacle for the sector, prompting concerns about DeFi's capacity to expand and accommodate additional institutional participation.

The latest breach targeting the Versus-Ethereum bridge marked the eighth significant assault on DeFi bridges during 2026 thus far, with total losses reaching $328.6 million across all incidents.

According to Misha Putiatin, who serves as CEO of smart contract security company Statemind and co-founder of the DeFi protocol Symbiotic, he frequently receives inquiries from large traditional financial institutions interested in DeFi participation, though the timing is often unfortunate.

"Five minutes before I have a call with a big traditional institution, another big hack. They sit there looking at me like, 'Is this normal? Is this every day for you?'"

Misha Putiatin, CEO of Statemind

Nevertheless, institutional players might eventually enter DeFi, though the conditions under which they participate could transform it into something resembling traditional finance far more than the open, permissionless infrastructure its creators originally imagined.

DeFi has become too complex for DYOR

In early April, North Korea's Lazarus Group was identified as the perpetrator behind the $285 million Drift Protocol breach, executed through an extended social engineering operation in which infiltrators made contact with Drift contributors at a physical crypto conference.

These same threat actors were held responsible for the KelpDAO compromise several weeks afterward, which resulted in approximately $290 million being extracted from the protocol's cross-chain bridge infrastructure.

The total value locked throughout DeFi declined to approximately $86 billion from nearly $100 billion within just two days after the KelpDAO breach in April. According to JPMorgan analysts, these withdrawals originated from pools that had no direct connection to the compromised assets.

According to Putiatin, contemporary DeFi has grown so intricate that average users cannot reasonably identify where their actual exposure lies. "Do your own research doesn't work anymore," he stated. "It hasn't been working for a really long time."

His explanation highlighted that the ecosystem has evolved into something too interconnected and complicated to properly audit.

To illustrate, when someone deposits Ether (ETH) for yield generation without interacting with any other asset, they remain vulnerable to a security compromise on a bridge linked to a token they may have never encountered before.

The phrase "do your own research," abbreviated as DYOR, emerged as a foundational principle during Bitcoin's early era, when protocols maintained enough simplicity that users could review a whitepaper and reach an educated conclusion.

In the current landscape, where smart contracts can contain tens of thousands of lines of code, protocols are stacked upon one another, and new platforms and tokens emerge at an accelerating pace, meeting that expectation has become virtually unfeasible.

"I'm not ever expecting people that just want to invest their money to ever figure out every part of the stack themselves," Putiatin said.

"I'm not going to spend the next two years of my life trying to figure out how to get a 6% yield," he added, claiming that traditional finance alternatives are close enough in return that the DeFi's security risk rarely makes sense for most investors.

A shrinking premium for an unquantifiable risk

The world's largest stablecoin, Tether (USDT), provides a supply APY of 2.74% on Aave's Ethereum market, which represents the largest DeFi lending protocol. This return sits below the 3.57% yield available through a three-month US Treasury bill. Circle's USDC (USDC) performs more competitively at 4.14%.

According to Putiatin, institutional investors recognize this disparity clearly, despite their difficulties in quantifying it with precision. The fundamental challenge is that institutions lack a dependable methodology for accurately pricing the hack exposure that exists beneath their investments.

"They can't price risk properly. So they discount the yield we provide by a lot."

Misha Putiatin

Returns in DeFi have contracted as the sector has evolved, diminishing the risk premium that previously made the exposure worthwhile.

Simultaneously, security breaches have maintained their frequency. For investors accustomed to evaluating risk with actuarial exactitude, diminishing potential gains combined with immeasurable potential losses presents a challenging proposition.

The cost of DeFi's seat at the table

For Putiatin, the true indicator that DeFi has successfully reached a turning point will be the establishment of an onchain insurance infrastructure capable of underwriting hack exposure across the complete ecosystem and pricing it with the actuarial rigor that institutional participants demand.

"When we have circuit breakers, curators that can do due diligence, and a framework for that — we will get the fourth one that we desperately need as an industry. We will get insurance."

Misha Putiatin

Based on DeFiLlama data extending back to 2016, DeFi has sustained more than $7.76 billion in losses due to exploits. While DeFi insurance providers do exist, their coverage capacity remains insufficient to backstop anything approaching the scale required by institutional participants.

In the absence of such infrastructure, institutions that eventually participate will impose their own conditions, requiring comprehensive know-your-customer verification, custodial oversight and tokens that can be frozen whenever necessary.

The transparent, permissionless framework that made DeFi valuable to develop gets dismantled to meet regulatory and compliance obligations.

"All of the benefits that we have as an industry, they kind of go away. Blockchain becomes just a database."

Misha Putiatin

This represents an outcome Putiatin considers more concerning than the security breaches themselves. The breaches, at minimum, constitute a challenge the sector can address. A modified version of DeFi that institutions have restructured to achieve acceptable safety levels for their mandates represents an abandonment of everything the technology was designed to revolutionize.