A $292 million exploit of Kelp DAO has exposed fundamental weaknesses in decentralized finance infrastructure just as major Wall Street institutions accelerate their move into onchain markets, industry insiders told CoinDesk. The incident, which rattled crypto lending markets, is being framed by some as growing pains rather than a structural failure—but has intensified calls for the sector to adopt more rigorous security standards before larger pools of institutional capital can flow in.

Market Context

The hack arrives at a delicate juncture for DeFi. In the weeks leading up to the exploit, private credit giant Apollo Global Management, which oversees $900 billion, announced a strategic partnership with Morpho to support lending markets—with an option to acquire governance tokens of the protocol. Around the same time, BlackRock brought its tokenized money market fund onto decentralized exchange Uniswap, signaling deeper TradFi integration into onchain ecosystems.

The timing amplifies the fallout. As traditional finance pushes deeper into decentralized markets, the incident raises questions about whether DeFi infrastructure can support the risk controls and operational reliability that institutional investors require. Tokenized real-world asset markets grew sixfold since 2025, according to RWA.xyz data, suggesting accelerating capital migration toward onchain credit markets.

Analysis

Industry veterans largely dismissed the idea that this single incident would derail broader institutional adoption—but they were unanimous that DeFi must evolve. Nick Cherney, head of innovation at Janus Henderson, which manages approximately $500 billion in assets, characterized the exploit as a natural consequence of pioneering financial technology.

"DeFi platforms are pioneering new ways for investors to utilize their capital more efficiently," Cherney said. "Pioneers will always face risks." He argued that failures like this one can slow momentum but ultimately force improvements that produce stronger systems over time. "This is a speed bump for sure, but not a roadblock," he added.

Security specialists offered sharper assessments. Paul Vijender, head of security at Gauntlet, emphasized the adversarial nature of onchain asset management and the inadequacy of current defensive postures. "DeFi and onchain asset management operate in a highly adversarial environment," Vijender said. "Systems are only as secure as their weakest links." He argued that zero-trust architectures—where no component assumes safety from any other—are becoming essential rather than optional.

Evgeny Gokhberg, founder of digital asset manager Re7 Capital, pressed for elevating what the industry considers best practices into mandatory baseline requirements. "The industry needs to treat them as baseline requirements, not best practice," he said, citing timelocks on governance actions, stricter multi-signature controls, tighter collateral standards and reinforced bridge safeguards as critical upgrades.

Bhaji Illuminati, CEO of Centrifuge Labs, framed the challenge as a compression of financial evolution. "TradFi has had decades to build up layers of protections," she said. "DeFi is doing that too, but on a vastly accelerated timeline." She outlined three conditions for institutional-grade DeFi: clarity around ownership and verifiable collateral with legal structures mapping to real-world risk; reliability in smart contracts, oracles and governance processes behaving predictably and audibly; and liquidity that holds up under pressure without distorting markets.

"Being open and secure is not mutually exclusive," Illuminati said. "The goal is to make trust explicit and verifiable." She stressed that every layer of the DeFi stack must prioritize security as its number one concern, a requirement she said is becoming increasingly critical in the age of artificial intelligence.

Key Numbers

- $292 million: size of the Kelp DAO exploit, this year's largest crypto hack

- $900 billion: assets under management at Apollo Global Management, which partnered with Morpho weeks before the incident

- Sixfold: growth in tokenized real-world asset markets since 2025, per RWA.xyz data

- ~$500 billion: Janus Henderson AUM cited by head of innovation Nick Cherney

What to Watch

Market participants should monitor whether institutional partners like Apollo and BlackRock revise their DeFi strategies or timelines following the fallout. Security protocol upgrades proposed by Gauntlet and Re7 Capital—particularly around zero-trust architectures, multi-sig controls and bridge safeguards—will be key indicators of industry response. Centrifuge Labs' three-part framework for institutional-grade DeFi may serve as a benchmark for protocols seeking TradFi capital. Additionally, watch for regulatory attention as the incident coincides with increased congressional scrutiny of digital asset markets.

The longer-term trajectory appears clear: tokenized real-world assets are expected to anchor DeFi markets increasingly, bringing legal frameworks and risk controls refined over decades in traditional finance. Whether that transition accelerates or slows may depend on how decisively the industry addresses its security deficits in the coming months.