DeFi hacks and flat TVL sour institutional appetite

JPMorgan analysts told The Block that “frequent security incidents in DeFi and the stagnation of total locked value (TVL) in ETH terms continue to limit institutional interest in DeFi,” highlighting how repeated exploits are eroding confidence at scale.

JPMorgan flags DeFi security drag on institutions

Citing the latest cross-chain bridge incident involving Kelp DAO’s rsETH, the bank said the episode “led to a loss of approximately $20 billion in DeFi TVL within a few days,” underscoring just how quickly nominal liquidity can evaporate when trust breaks.

In their note, the analysts described how attackers “minted about $292 million in unsecured rsETH and borrowed real ETH on Aave using it as collateral, resulting in approximately $230 million in bad debt,” turning what began as a smart contract loophole into a systemic hit across blue-chip lending markets.

Flight to USDT and stalled growth

JPMorgan also argued that these blow‑ups are changing user behavior, writing that “after security incidents, users tend to turn to Tether’s USDT for safety,” as capital rotates from riskier protocol-native assets and yield strategies into perceived stable harbors.

The bank pointed to the stagnation of DeFi TVL when measured in ether, rather than in dollar terms, as another structural warning sign, noting that flat or declining ETH-denominated TVL suggests “underlying activity is not growing even when token prices rise.”