The $292 million Kelp DAO exploit and the subsequent fall across crypto-lending markets hit decentralized finance (DeFi) at a crucial time.
Just as Wall Street firms pushed deeper into onchain markets, the incident has exposed how fragile parts of the system remain and how much work remains before institutions can scale their exposure.
In the weeks leading up to the hack, private credit giant Apollo Global Management (APO), which oversees $900 billion, entered into a strategic partnership with Morpho to support the lending markets with an option to also acquire governance tokens of the protocol. Around the same time, the world’s largest asset manager BlackRock (BK) brought its tokenized money market fund to the decentralized exchange Uniswap.
The exploit is unlikely to derail traditional finance (TradFi) pushing deeper into onchain finance, industry insiders argued, but highlighted what DeFi needs to fix before larger pools of capital can move in.
‘Danger bump, not roadblock’
“DeFi platforms are pioneering new ways for investors to use their capital more efficiently,” said Nick Cherney, chief innovation officer at Janus Henderson, an asset manager that oversees about $500 billion in assets. “Pioneers will always face risks.”
Mistakes like the Kelp DAO exploit can slow momentum, Cherney said, but they also force improvements. Over time, these pressure points tend to produce stronger systems, he argued.
“This is definitely a speed bump, but not a roadblock,” Cherney said.
In his view, the longer-term shift is already taking shape. Real-world tokenized assets—such as funds, bonds, and credit—have begun to anchor DeFi markets, bringing legal frameworks and risk controls that traditional finance has refined over decades.
Episodes like this could accelerate that transition, Cherney said.
Raising the safety floor
For security specialists, the lesson is more direct: the current setup is not enough.
“DeFi and onchain asset management operate in a highly adversarial environment,” said Paul Vijender, head of security at Gauntlet. “Systems are only as secure as their weakest link.”
That reality is pushing the industry towards more comprehensive defense. Zero-trust architectures — where no part of the system is assumed to be secure — are becoming harder to avoid, he argued.
In practice, this means layering protection: continuous monitoring, tighter controls, built-in redundancies. Not to rely on a single protection.
Evgeny Gokhberg, founder of digital asset manager Re7 Capital, said many of the industry’s “best practices” must now become basic requirements.
It includes time locks on key governance actions, stricter multi-signature checks, tighter security standards and stronger safeguards around bridges – one of the most common points of failure in DeFi.
“The industry needs to treat them as basic requirements, not best practices,” he said.
Towards institutional-grade DeFi
Bhaji Illuminati, CEO of Centrifuge Labs, sees the shift as part of a broader compression of financial development.
“TradFi has had decades to build layers of protection,” she said. “DeFi is doing it too, but on a greatly accelerated timeline.”
For institutions to allocate capital on a large scale, she argued, a few conditions must be met.
First is clarity: investors need to know exactly what they own, with verifiable security and legal structures that map real-world risk.
Second is reliability: smart contracts, oracles and governance processes must behave in predictable, controllable ways.
Third is liquidity, which remains under pressure, allowing capital to move in and out without distorting markets.
“Being open and safe are not mutually exclusive,” Illuminati said. “The goal is to make trust explicit and verifiable.”
“Going forward, every layer of the DeFi stack must make security their number one priority,” she said. “This is becoming increasingly important in the age of artificial intelligence.”
Read more: AI makes crypto’s security problem even worse, warns Ledger CTO
