Repeated bridge hacks and declining yields are leading institutional investors to question whether decentralised finance (DeFi) offers returns that justify the risks.

According to a recent Cointelegraph report, JPMorgan analysts said in an April research note that bridge security remains an industry challenge and questioned whether DeFi can expand institutional adoption. In 2026, there have been 8 major attacks targeting DeFi bridges, with cumulative losses reaching $328.6 million.

Misha Puchiatin (미샤 푸치아틴), CEO of smart contract security firm StateMind and a co-founder of the DeFi protocol Symbiotic, said, "Another major hack breaks out 5 minutes before calls with institutions." He added, "They are taken aback, asking, 'Is this normal? Does this happen every day?'"

In early April, North Korea's Lazarus Group stole $285 million from Drift Protocol, and a few weeks later about $290 million was drained from a KelpDAO bridge. Two days after the KelpDAO hack, total value locked (TVL) in DeFi fell by about $14 billion, to $86 billion from about $100 billion. JPMorgan said funds also left pools not directly related to the compromised assets.

Puchiatin said modern DeFi is so complex and interconnected that it is nearly impossible for ordinary users to identify where the risks lie.

He said, "You can deposit ETH and not use other tokens, yet suffer losses due to a bridge breach linked to a token you've never even heard of."

Yields are also a problem. USDT, the world's largest stablecoin, offers an annual yield of up to 2.74 percent in the Ethereum market of Aave, the largest DeFi lending protocol. That is lower than the 3.57 percent yield on U.S. 3-month Treasury bills. Puchiatin said, "With alternative yields in traditional finance at similar levels, DeFi security risks are not reasonable for most investors."