The $292 million Kelp DAO exploit and subsequent fallout in crypto lending markets hit decentralized finance (DeFi) at a crucial time.
Just as Wall Street firms have moved deeper into on-chain markets, the incident has highlighted how fragile parts of the system remain and how much work remains to be done before institutions can scale their exposure.
In the weeks leading up to the hack, private credit giant Apollo Global Management (APO), which oversees $900 billion, signed a strategic partnership with Morpho to support credit markets with the option to also acquire governance tokens of the protocol. Around the same time, the world’s largest asset manager, BlackRock (BK), brought its tokenized money market fund to the Uniswap decentralized exchange.
The exploit is unlikely to derail traditional finance (TradFi), which delves into on-chain finance, industry experts argued, but they highlighted what DeFi needs to fix before large pools of capital can come in.
‘Speed bump, not obstacle’
“DeFi platforms are pioneering new ways for investors to use their capital more efficiently,” said Nick Cherney, head of innovation at Janus Henderson, an asset manager that oversees about $500 billion in assets. “Pioneers will always face risks.”
Bugs like the Kelp DAO exploit can slow momentum, Cherney said, but they also force improvements. Over time, those pressure points tend to produce stronger systems, he argued.
“This is certainly a hurdle, but not a hindrance,” Cherney said.
In his opinion, long-term change is already taking shape. Real-world tokenized assets such as funds, bonds, and credit are beginning to anchor DeFi markets, bringing legal frameworks and risk controls that traditional finance has perfected for decades.
Episodes like this could speed up that transition, Cherney said.
Raising the safety floor
For security specialists, the lesson is more direct: the current configuration is not enough.
“DeFi and on-chain asset management operate in a highly contentious environment,” said Paul Vijender, head of security at Gauntlet. “Systems are only as secure as their weakest links.”
That reality is pushing the industry toward more comprehensive defenses. He argued that zero-trust architectures, where no part of the system is assumed to be secure, are increasingly difficult to avoid.
In practice, that means layers of protection: continuous monitoring, tighter controls, built-in redundancies. Do not depend on a single safeguard.
Evgeny Gokhberg, founder of digital asset manager Re7 Capital, said many of the industry’s “best practices” must now become basic requirements.
That includes time locks on key governance actions, tighter multi-signature controls, stricter collateral standards, and stronger safeguards around bridging, one of the most common points of failure in DeFi.
“The industry needs to treat these as basic requirements, not best practices,” he said.
Towards institutional level DeFi
Bhaji Illuminati, CEO of Centrifuge Labs, sees the shift as part of a broader understanding of financial evolution.
“TradFi has had decades to build layers of protections,” he said. “DeFi is doing that too, but on a very accelerated timeline.”
He argued that for institutions to allocate capital at scale, some conditions must be met.
First, there is clarity: investors need to know exactly what they own, with verifiable collateral and legal structures that match real-world risk.
Second is reliability: smart contracts, oracles, and governance processes must behave in a predictable and auditable manner.
Third is liquidity which is kept under pressure, allowing capital to flow in and out without distorting the markets.
“Being open and safe are not mutually exclusive,” the Illuminati said. “The goal is to make trust explicit and verifiable.”
“Going forward, every layer of the DeFi stack must make security its number one priority,” he said. “This is increasingly important in the era of artificial intelligence.”
Read more: AI is making cryptocurrency security problem even worse, warns Ledger CTO
