Ask AI TO SUMMARIZE ThIS ARTICLE

On 27 May 2026, The Big Whale hosted the second Future of Finance event, focused on DeFi risk, resilience, and the institutional playbook.

Your 2 free articles this month are up

The research your peers are already leveraging

The Big Whale gives financial institutions the market intelligence, network, and platform to move with confidence in digital assets. Trusted by 150+ firms.

TL;DR

  • April 2026 hacks (Drift, KelpDAO) didn't kill institutional appetite — they reinforced the view that DeFi infrastructure works, but needs TradFi-grade risk management on top.
  • Formal verification is the primary defense against AI-powered exploits; Morpho's approach: immutable, minimal code (~600 lines), 2+ years of development per protocol.
  • Morgan Stanley exploring DeFi lending not to replicate existing products, but to build new ones — tokenized RWAs as collateral for lending models that don't exist in TradFi.
  • Programmable compliance (whitelisting/blacklisting gates) is the answer to AML/KYC, not walled gardens — but formalized, comparable KYC across protocols is needed to defragment liquidity.
  • First proof point: Coinbase integrated on-chain crypto-backed loans via Morpho at near-SOFR rates (vs. SOFR +300–400bps centralized), powered by global cross-platform capital competition.

Speakers:

  • Amy Oldenburg – Morgan Stanley, Head of Digital Assets
  • Paul Frambot – Morpho, CEO (one of the largest DeFi protocols)
  • Aleksandar Bukovski – The Big Whale, Host & moderator

AI, Security & the DeFi Attack Surface

Composability is both DeFi's superpower and its curse: exposure multiplies across a wide range of dependencies and open-source contracts. AI gives attackers asymmetric power to find vulnerabilities cheaply and at scale.

The defense is formal verification — mathematical proof that code cannot be broken regardless of attacker intelligence or economic power. AI also makes formal verification significantly easier to perform.

Morpho's coding philosophy: protocols must be immutable, extremely simple, and easy to formally verify. Morpho's core code is ~600 lines. Three PhDs work exclusively on formal verification. Each protocol ships every ~2 years — deliberately slow for a startup, but necessary for infinite-horizon security.

Paul: "Until AI breaks math, in which case we have much bigger problems than DeFi… formal verification lets you be 100% sure your code is safe."

Amy: "Every time we see a new market entrant that looks like a potential threat, people find reasons it won't survive. First it was quantum, now it's AI… the industry will continue to grow and get stronger."

Institutional Reaction to April 2026 Hacks

DeFi TVL dropped ~$18B (from ~$100B to ~$82B) in April following Drift, KelpDAO, and other exploits. Paul called ~10 institutions immediately after to gauge sentiment.

Key finding: institutions now understand the distinction between technology risk (smart contract failure) and operational/human risk (social engineering, mismanagement). Most major hacks traced to human error or poor OPSEC, not protocol-level infrastructure failure.

The hacks were not an FTX-level trust reset — instead they reinforced the argument that DeFi infrastructure needs to be operated by professionals with institutional-grade risk management, not crypto-native DAOs.

Paul: "The key takeaway from this quarter is that the future of on-chain finance won't be operated by crypto natives. It's gonna be either crypto natives that grow into institutional mode, or institutions that come on-chain."

Amy: "A lot of times it's not the technology. It's the humans… classic social engineering. We see the same thing in traditional finance."

DeFi as Infrastructure, Not Asset Management

Morpho positions itself purely as permissionless infrastructure — it externalizes all risk management to non-custodial asset curators. The platform hosts ~2,000 vaults with vastly different risk profiles, from conservative treasury-backed repos to high-risk meme-coin leverage. Morpho has no opinion on what the market should underwrite.

When KelpDAO was hacked, users on isolated Morpho vaults (e.g., Coinbase) were unaffected — they had full control over their exposure. Modularity and isolation are the architectural answer to contagion.

Amy sees DeFi not as competitive threat but as a technology partnership: Morgan Stanley retains risk ownership, client relationships, and distribution — DeFi provides software infrastructure that enables more customization and scalability than legacy systems.

Amy: "This DeFi infrastructure is software provided to us that we use, but we still own the risk… there's a partnership here, not a competition."

Morgan Stanley's DeFi Due Diligence & Strategy

Morgan Stanley is not yet live with DeFi lending, but is actively exploring it. The most promising angle: using tokenized real-world assets as collateral to create entirely new lending models that don't exist in traditional markets.

The bar is high — compliance, cybersecurity, and non-financial risk teams all need high confidence of no client-facing failure. New products need multi-year, cycle-tested track records before scaling — even with strong early performance.

Amy: "If you're just creating a product clients can get in the traditional markets and it's a little more painful and harder to understand, that's not the value add. We need to deliver unique products that we can't deliver in the old world."

Programmable Compliance: AML/KYC Without Walled Gardens

Permissionlessness ≠ free-for-all. Morpho's protocol provides configurable "access gates" — operators can whitelist or blacklist counterparties based on arbitrary conditions, including regulatory KYC, credit criteria, or any compliance constraint.

The vision: a world where users hold multiple comparable KYCs, maximizing liquidity connectivity while satisfying local compliance. Matching engines can defragment liquidity across different regulatory regimes.

Amy warned that fragmented regulation across jurisdictions is a major threat to the liquidity unification promise — the more jurisdictions diverge, the more code and complexity is required to navigate.

Paul: "The future is letting you express your preference, including excluding people, and then having a matching engine sufficiently smart to map everyone's intents and connect liquidity that wasn't possible before."

Amy: "If we have super-fragmented regulation across jurisdictions… it's not going to make it easy to navigate."

Emerging Markets: The Leapfrog Opportunity

Tokenized assets offer massive potential in emerging markets — populations that skipped fixed-line phones for mobile are now skipping traditional finance for fintech and on-chain rails. Asia and the Middle East are already embracing the technology.

Tether's explosive growth is cited as proof: adoption driven by EM populations with no access to traditional financial tools. Local equity markets are losing liquidity as startups list on NASDAQ instead of home exchanges — tokenization could reverse this by opening global capital pools to local markets.

Amy: "How did Tether get as large as it did? It's taken liquidity and users from all over the emerging markets… people that don't have any other options."

Composability Risk & the Path Forward

Open, composable systems are economically efficient long-term but create brutal short-term contagion risk. Individual hacks can cascade through dependency chains. The crypto ecosystem needs guardrails, more formal verification, and significantly more technical talent — Paul noted that talent density in crypto is weaker than in other tech industries, partly due to the speculation stigma repelling engineers.

Open-source code that survives the test of time is a compounding net positive for the ecosystem. The path to safe, composable financial systems is real but slower than expected.

Paul: "The promise of an open financial system that is composable is too big to fail. It will happen. It's just the path to get there is gonna be tough."

Morpho Midnight: Next-Gen Protocol Engineering

Morpho Midnight is a fixed-rate, fixed-term obligations protocol — closer to TradFi bond mechanics, but on-chain, permissionless, and configurable. It has been in development for 2.5 years (~1.5 years of pure design before any code was written).

Process: formal verification specifications are written before the code itself. Sub-1,000 lines of code. Multiple audit rounds with every major smart contract audit firm, audit competitions with white-hat hackers, bug bounties, staged releases. Morpho Blue was the most audited smart contract per line of code in the EVM ecosystem.

Paul: "Every team we've seen taking shortcuts has been punished pretty heavily."

What Unlocks Institutional Capital into DeFi

Two conditions must be met: (1) DeFi products must offer usability advantages that don't exist in TradFi — superior collateral management, liquidity, 24/7 access; and (2) higher-yielding products that meet fiduciary standards.

The first real proof point: Coinbase moved crypto-backed loans on-chain via Morpho. Borrowing rate fell to near SOFR (vs. SOFR +300–400bps on the centralized version) because on-chain lending pools aggregate global capital — lenders from Kraken, Binance, and competitors compete to provide the best rates.

Next step: replicate this model across asset-backed loans, securities-backed loans, and alternative-asset-backed loans.

Paul: "This was the first time ever DeFi was able to provide a financial product that was strictly better than CeFi… not by taking more risk, but by having a global, competitive cost of capital."

Amy: "We need the benefit of DeFi products to be higher than what we deliver in the traditional space. That's possible — it's just going to take time to prove it."

Format
Takeaways
Aleksandar Bukovski

Aleksandar Bukovski is Lead Analyst at The Big Whale, where he specializes in decentralized finance and crypto-assets. His published work at The Big Whale covers topics including stablecoins, tokenized finance, DeFi protocols, Bitcoin mining, and institutional adoption of digital assets. He also hosts the Market Call, a recurring market analysis format produced by The Big Whale.

Prior to joining The Big Whale in February 2025, Bukovski spent five months as a Research Analyst at The Block, a crypto-focused information services firm, where his stated focus was tokenization. He holds an Engineer's degree in Finance and Financial Management Services and a Master's degree in Investment Management, both from the Faculty of Technical Sciences at the University of Novi Sad, Serbia.

See all articles ↗
Subscribe to The Drop
The leading weekly briefing on digital assets for financial institutions: independent analysis, reports, benchmarks and exclusive events, delivered to your inbox.
Read by 30,000 professionals
November 12–13, 2026

The Geneva Summit

The Corporate Gateway: where the future of onchain finance is decided. 300 handpicked decision-makers. One shared mandate.
300
Decision-makers
2 days
Intensive program