JPMorgan: DeFi hackers are increasingly common, and interest in compression mechanisms to address TVL stagnation is drawing capital into USDT

According to a 4/23 report by The Block on JPMorgan Chase’s latest crypto industry research, the firm believes that ongoing hacking incidents, along with stagnant total value locked (TVL), jointly compress DeFi’s appeal to institutional investors—and that some investment capital has been redirected to the USDT stablecoin issued by Tether. CoinDesk, on the same day, described the report’s argument with the headline “persistent security flaws curb DeFi’s institutional appeal.”

Key points of the report

JPMorgan’s analyst team continues a more cautious stance toward DeFi and tokenization progress than it has had since last year, and lists the recent frequent cross-chain bridge and protocol-layer attacks as one of the main factors hindering institutional involvement in DeFi. According to The Block’s summary, the behavior on the funding side is as follows: institutions and some retail participants are withdrawing funds from DeFi protocols and moving them into Tether USDT, which has high liquidity and whose issuer enforcement capabilities have already been validated.

Recent DeFi attack events fit this narrative

In the week prior to the report’s release, the DeFi ecosystem had just suffered two major incidents back-to-back—typical examples of the “persistent security flaws” JPMorgan pointed to:

Kelp DAO hacked for $292 million: LayerZero cross-chain bridge messages were forged, the largest DeFi incident in April 2026.

Rhea Finance Oracle attack: $18.40 million lost; Tether then coordinated to freeze 4.34 million USDT.

Both incidents exposed DeFi protocols’ excessive reliance on oracles and cross-chain bridges—exactly the kind of non-quantifiable risk that institutional risk-management teams have long flagged.

Why USDT became the beneficiary

As risk events in DeFi protocols have been occurring frequently, Tether’s USDT has instead built trust differentiation through its on-chain enforcement capabilities. In a recent $344 million freeze action conducted in collaboration with U.S. law-enforcement units, Tether demonstrated the infrastructure for coordinating with OFAC—this kind of controllable centralized characteristic precisely meets the core needs of institutional compliance departments for “traceable, recoverable” outcomes.

Signals for DeFi players

For DeFi protocols, JPMorgan’s report indirectly points to two structural challenges: first, long-term protocol security track records are difficult to fix on their own through insurance and governance mechanisms; second, even though permissioned pools with a compliance-oriented design and KYC treasuries have been rolled out over time, traditional institutions still prefer using centralized stablecoins and custodians to handle large capital. For users, this means DeFi liquidity may struggle to return to the TVL peak of 2021 in the near term, while the stablecoin supply will continue to concentrate among a small number of centralized issuers.

This article JPMorgan: DeFi hackers keep coming and TVL stagnation compresses institutional interest, with the earliest sign that funds are shifting to USDT appearing on ABMedia.