Security exploits are impacting institutional appetite for decentralized finance (DeFi), even as broader cryptocurrency adoption occurs through stablecoins and tokenized assets.

In an April report, JPMorgan analysts said bridge security remains a challenge for the industry, raising questions about whether DeFi can grow to support further institutional adoption.

The recent Versus-Ethereum bridge exploit was the eighth major attack on DeFi bridges in 2026 so far, with cumulative losses of $328.6 million.

DeFi bridges remain prime targets for hackers trying to steal millions of dollars. Source: Peck’s Shield

Misha Putiatin, CEO of sharp contract security firm Statemind and co-founder of DeFi protocol Symbiotic, said he regularly receives calls from major conventional institutions examining exposure to DeFi, often at ill-timed times.

“Five minutes before you talk to a large traditional institution is the next big hack,” he told Cointelegraph.

“They sit and look at me and say, ‘Is this normal? Is this an everyday thing for you?’

Still, institutions can get into DeFi, but the terms on which they get there could transform it into something that looks more like traditional finance than the open, permissionless system its creators envisioned.

DeFi has become too complex for DYOR

In early April, the North Korean group Lazarus was involved in the case $285 Million Drift Protocol Exploitcarried out as part of a months-long social engineering campaign, during which infiltrators approached Drift authors for personal crypto conference.

They were the same actors blamed for violating KelpDAO a few weeks later, which took approximately $290 million from the protocol’s cross-chain bridge.

The total value locked in DeFi fell to about $86 billion from nearly $100 billion in the two days after the April KelpDAO hack. JPMorgan analysts say the outflows came from pools that were not directly exposed to distressed assets.

DeFi pools lost approximately $14 billion due to the KelpDAO attack. Source: DefiLlama

Related: Wall Street’s Tokenization Boom Has a Liquidity Problem: Axis CEO

Putiatin said the complexity of modern DeFi makes it almost impossible for regular users to figure out where their risks actually lie. “In-house research doesn’t work anymore,” he said. “It hasn’t worked for a long time.”

He explained that the system had become too interconnected and complex to be traced.

For example, when a user deposits Ether (ETH) to earn without touching any other token, they could still be hit with a breach of a bridge connected to a token they haven’t even heard of.

Do Your Own Research, or DYOR, is an industry mantra born in the early days of Bitcoin, when the protocols were simple enough for a user to read the whitepaper and make an informed decision.

Today, with smart contracts consisting of tens of thousands of lines of code, protocols overlapping, and new services and tokens launching at breakneck speeds, meeting these expectations has become almost impossible.

“I don’t expect people who just want to invest their money will ever find out about each part of the stack themselves,” Putiatin said.

“I’m not going to spend the next two years of my life figuring out how to get a 6% return,” he added, arguing that traditional financial alternatives are close enough and in return, DeFi’s security risks rarely make sense for most investors.

A decreasing premium for immeasurable risk

Tether (USDT), the world’s largest stablecoin, offers a 2.74% supply APR on the Ethereum Aave marketplace, the largest DeFi lending protocol. This is below 3.57% available on three-month US Treasury bills. USDC (USDC) Circle is doing better at 4.14%.

Supply and lend APR on the Ethereum Aave marketplace. Source: Ghost

Related: Why stablecoins and SWIFT must coexist

Putiatin said institutions see this clearly, even if they struggle to quantify it precisely. The problem is that institutions do not have a reliable framework for pricing intrusion risk.

“They can’t price the risk properly,” he said. “So they significantly reduce the yield that we provide.”

DeFi yields have declined as the market has matured, eroding the premium that once justified the risk.

At the same time, hacks do not slow down. For investors accustomed to underwriting risk with actuarial precision, diminishing returns and immeasurable losses are a hard sell.

The cost of a DeFi seat at the table

Putiatin’s benchmark for where DeFi has truly broken ground is an onchain insurance system that is able to insure the risk of hacks across the entire ecosystem and price them with the actuarial precision required by institutions.

“When we have circuit breakers, curators who can do due diligence, and a framework to do that, we will have the fourth that we desperately need as an industry,” he said. “We will buy insurance.”

According to DeFiLlama, losses due to exploits amounted to over $7.76 billion data dating back to 2016. While DeFi insurance providers exist, their capabilities are still too small to secure anything approaching institutional scale.

Without this infrastructure, the institutions that emerge will do so on their own terms, demanding full know-your-customer controls, custodial controls, and tokens that can be frozen at any time.

The open, permissionless architecture that made DeFi worth building is being torn down to meet compliance requirements.

“All the benefits we have as an industry are kind of disappearing,” he said. “Blockchain is becoming just a database.”

This is a result that Putiatin finds more disturbing than the hacks themselves. At least hacks are a problem the industry can work on. The version of DeFi that institutions have hollowed out to be secure enough for their mandates means abandoning everything the technology was intended to change.

Warehouse: 5 tech predictions that the mainstream media got horribly wrong