Decentralized finance is a game that anyone can play. Hosted on a level playing field, it’s a sport that doesn’t discriminate. Rich or poor, professional or amateur, consumer or institution: It makes no difference.

Given the rich opportunities available within DeFi — attractive yields, liquidity, global accessibility and round-the-clock availability — it’s worth pondering what’s preventing bigger fish from entering. Particularly those with the technical means and the money to extract the most value out of decentralized finance — institutions.

What’s keeping TradFi away?

In the wake of the first bitcoin ETF, institutional interest in crypto is riding high. Major players like BlackRock are eyeing asset tokenization, further legitimizing crypto as an asset class. Real-world assets (RWAs) have become a multi-billion dollar industry and ambitious Wall Street players like JPMorgan are experimenting with blockchain, albeit on private networks.

All of which raises the question: What’s preventing traditional finance from doing DeFi? After all, trading firms have a mandate to make money, and goodness knows there’s enough of it swilling around in decentralized finance to turn wealthy investors into on-chain whales. DeFi activities such as lending, collateralization and staking could potentially all be countenanced by forward-thinking institutions.

Unfortunately, traditional finance’s hands are tied on account of two major concerns: security and compliance. Identifying these impediments is easy. Solving them will be harder, but is nevertheless achievable. As history has shown, where there’s a will, there’s a way.

Before we can set about fixing these problems, first we must acknowledge the extent to which they’re keeping the great traditional finance crossover on ice. It all starts with security.

How secure is secure enough?

Layer-1 blockchains like Bitcoin and Ethereum are highly secure. The protocols built upon them, not so much.

When you introduce smart contracts, you introduce attack vectors, and that’s where things start to go wrong. $1.7 billion in crypto was stolen last year, much of it through smart contract vulnerabilities. While lower than 2022’s record of $3.7 billion, the number of incidents in 2023 was actually higher. That’s not progress. Nor is it a ringing endorsement of DeFi.

Read more from our opinion section: DeFi degens and finance bros: Let’s be friends

Of course, no system, be it blockchain or legacy, is 100% secure. If enterprising attackers can swipe $200 million Hong Kong dollars through elaborate deepfakes, it’s churlish to take shots at DeFi for the occasional loss. But that’s the problem: DeFi losses are anything but rare. Each year, around 3% of DeFi TVL is stolen, a level that’s simply unacceptable for traditional finance firms contemplating entering the space.

Then there’s the risk of fatal user error to factor in, like accidentally sending funds to the wrong address. Crypto has no back button and while DeFi users will say this is a feature, not a bug, Traditional finance will differ.

What needs to change? Since smart contract risk is impossible to eliminate, even with multiple audits, there needs to be other ways to mitigate this. Traditional finance players need access to blockchains with failsafes baked in at the protocol level: insurance and optional private transactions.

But won’t this ruin the entire value proposition of open finance? Not necessarily. It’s possible to legitimize DeFi without lobotomizing it. One of the most powerful features of blockchain is the freedom for anyone to build upon it without requiring permission to do so. This essential characteristic will be retained on any chain that incorporates institutional safeguards.

We need to talk about compliance

We’ve already identified the two elephants in the room preventing traditional finance from barging in. The first is security and the second, no less gargantuan, is compliance. This is about know-your-customer (KYC), of course, but that’s not all. Implementing verification at wallet or protocol level is a relatively simple affair, and a number of DeFi projects are currently pursuing this.

But even with user verification built in, there are other compliance concerns when trading on a public network. Take the potential BlackRock-sponsored Ethereum ETF by way of example. If approved, the wallet addresses of trading firms will be visible, and it probably won’t take long before some prankster dusts them with crypto from an OFAC sanctioned address.

Despite not having proactively done anything wrong, a company could fall afoul of financial regulators simply for having black market money on its balance sheet. There are various solutions to this problem, and not all of them are technical in nature: Better regulations would go a long way towards distinguishing legitimate financial crime from on-chain tomfoolery.

Until then, institutions are compelled to err on the side of caution, given the potential risks of being held liable for non-solicited funds. Ultimately, the only way to prevent anonymous internet trolls from holding companies hostage is to enforce KYC at protocol level, ensuring that the source of every transaction is known.

But more importantly, verification is the only way for traditional finance to trade with counterparties. Without it, they’re stuck to transacting with a handful of known entities on private chains, which adds scant benefits compared to using traditional infrastructure.

Finally, compliance doesn’t just apply to a blockchain’s users: It can also apply to the assets that are tradeable on it. With particular tokens, like RWAs, it may be necessary to encode transfer restrictions to ensure that the parties trading them are permitted to do so. This will permit different entities, like consumers and accredited investors, to use the same chain but for different purposes.

Gradually, then suddenly

Just as it took time for the first bitcoin ETF to receive approval, the infrastructure for institutions to use DeFi at scale requires time and ingenuity. This isn’t just a job for Web3 builders, incidentally: Traditional finance also needs to exit the walled garden that is private chains.

DeFi players must refine the tools that will support compliant and secure money markets while traditional finance needs to be bold, working with regulators to iron out pain points, and actively exploring blockchain solutions that can serve the world, not just a handful of accredited investors.

Rome wasn’t built in a day, the Sistine Chapel wasn’t painted in a weekend, and traditional finance isn’t about to descend on DeFi overnight. But behind the scenes, at the protocol level, real progress should be made encoding the permissions, protections and privacy tech for institutions to arrive.


Ramon Recuero is cofounder and CEO at Kinto. Previously, he founded Babylon.finance, a DeFi protocol that reached more than $50M in AUM. Before that, he worked at Y Combinator, building products and helping founders, and built apps and games for Moz, Google and Zynga. Earlier in his career, he founded Netgamix, a user generated trivia platform that reached more than 100K MAU.