BroadChain learned that at 00:16 on April 24, JPMorgan's latest report pointed out that recent DeFi security incidents, including those involving Kelp DAO, and the prolonged stagnation of Total Value Locked (TVL) denominated in Ethereum, continue to dampen institutional interest in DeFi.
The report disclosed that in the cross-chain bridge attack related to Kelp DAO, hackers minted approximately 292 million rsETH out of thin air and used it as collateral on Aave to borrow real ETH, resulting in about $230 million in bad debt. This also triggered capital outflows from pools not directly associated with the attacked assets, highlighting the vulnerability of DeFi's high interconnectedness. Analysis shows that the scale of losses from crypto hacker attacks this year is similar to that of 2025, with bridge security remaining a weak link.
During risk events, capital tends to flow out of DeFi and into Tether USDT, which has deeper liquidity and more direct redemption paths, forming a "risk-off" pattern. However, this advantage has not yet been clearly reflected in the growth of USDT's market capitalization. JPMorgan concluded that ongoing security vulnerabilities and stagnant TVL together suppress DeFi's institutional appeal.