The $292 million exploit of Kelp DAO and the subsequent fallout across crypto lending markets hit decentralized finance (DeFi) at a pivotal moment.

Just as Wall Street firms pushed deeper into onchain markets, the incident has exposed how fragile parts of the system remain and how much work is left before institutions can scale their exposure.

In the weeks leading up to the hack, private credit giant Apollo Global Management (APO), which oversees $900 billion, inked a strategic partnership with Morpho to support lending markets with an option to acquire governance tokens of the protocol, too. Around the same time, the world's largest asset manager BlackRock (BK) brought its tokenized money market fund onto decentralized exchange Uniswap.

The exploit is unlikely to derail traditional finance (TradFi) pushing deeper into onchain finance, industry insiders argued, but highlighted what DeFi needs to fix before larger pools of capital can move in.

'Speed bump, not roadblock'

"DeFi platforms are pioneering new ways for investors to utilize their capital more efficiently," said Nick Cherney, head of innovation at Janus Henderson, an asset manager that oversees about $500 billion in assets. "Pioneers will always face risks."

Failures like the Kelp DAO exploit can slow momentum, Cherney said, but they also force improvements. Over time, those pressure points tend to produce stronger systems, he argued.

"This is a speed bump for sure, but not a roadblock," Cherney said.

The longer-term shift, in his view, is already taking shape. Tokenized real-world assets — such as funds, bonds and credit — are starting to anchor DeFi markets, bringing legal frameworks and risk controls that traditional finance has refined over decades.

Episodes like this one could accelerate that transition, Cherney said.

Raising the security floor

For security specialists, the lesson is more direct: the current setup is not enough.

"DeFi and onchain asset management operate in a highly adversarial environment,” said Paul Vijender, head of security at Gauntlet. “Systems are only as secure as their weakest links."

That reality is pushing the industry toward more comprehensive defenses. Zero-trust architectures — where no part of the system is assumed safe — are becoming harder to avoid, he argued.

In practice, that means layering protections: continuous monitoring, stricter controls, built-in redundancies. Not relying on a single safeguard.

Evgeny Gokhberg, founder of digital asset manager Re7 Capital, said many of the industry’s "best practices" now need to become baseline requirements.

That includes timelocks on key governance actions, stricter multi-signature controls, tighter collateral standards and stronger safeguards around bridges — one of the most common points of failure in DeFi.

"The industry needs to treat them as baseline requirements, not best practice," he said.

Toward institutional-grade DeFi

Bhaji Illuminati, CEO of Centrifuge Labs, sees the shift as part of a broader compression of financial evolution.

"TradFi has had decades to build up layers of protections," she said. "DeFi is doing that too, but on a vastly accelerated timeline."

For institutions to allocate capital at scale, she argued, a few conditions need to be met.

First is clarity: investors need to know exactly what they own, with verifiable collateral and legal structures that map to real-world risk.

Second is reliability: smart contracts, oracles and governance processes must behave in predictable, auditable ways.

Third is liquidity that holds up under pressure, allowing capital to move in and out without distorting markets.

"Being open and secure is not mutually exclusive," Illuminati said. "The goal is to make trust explicit and verifiable."

"Going forward, every layer of the DeFi stack needs to make security their number one priority,"she said. "This is becoming increasingly important in the age of artificial intelligence."

Read more: AI is making crypto's security problem even worse, Ledger CTO warns