Senior executives from global banking and asset management firms delivered a stark warning at the Proof of Talk conference in Paris: decentralized finance (DeFi) will fail to attract institutional capital until it resolves its chronic security vulnerabilities. In April alone, hacking incidents or exposures occurred on 27 out of 30 days, a record that CertiK CEO Ronghui Gu called DeFi’s worst month in four years. Two major exploits involving North Korean cybercriminals drained nearly $600 million from lending protocols Drift Protocol and Kelp DAO.
“I don't think you see a growth in DeFi until we fix the first problem... which is the hacks,” said Maja Vujinovic, CEO of OGroup. “I think it's an absolute problem until we solve the bridges. I don't think that DeFi grows outside of the DeFi degen community... until they fix probably a whole stack.” Her remarks echoed criticism from Ben Nadereski, co-founder of Solana-based DeFi yield protocol Solstice, who blamed developers for prioritizing innovative code over the core responsibility of capital defense.
The security gap undermines the promise of blockchain to streamline back-office operations like settlement, collateral management, and cross-border payments. Stéphanie Cabossioras, chief strategy officer at Societe Generale Forge, noted that her firm had to issue its own regulated stablecoins, EURCV and USDCV, to bridge the missing cash leg for tokenized securities. Institutional clients, she emphasized, still demand the safety of a trusted, regulated custodian — not the anonymous, non-custodial ethos of many DeFi protocols.
The message from Wall Street is clear: until DeFi demonstrates rigorous code auditing, robust incident response, and a culture shift among builders, the multi-trillion-dollar institutional wave will remain on the sidelines, confining the sector to retail speculation.
