The AAVE-led response and new safeguards underscore the sector's maturity as the bank maintains its $2 trillion RWA outlook.
Despite the shock, tokenized real-world assets are still expected to reach a $2 trillion market cap by end-2028, driven by continued growth in DeFi lending and stablecoin liquidity, the report said.
We still project that tokenised real-world assets (RWAs) will reach a market cap of $2 trillion by end-2028, up from $35 billion in October 2025," wrote Geoff Kendrick, head of digital assets research at Standard Chartered, in the Wednesday report.
Hacks and exploits remain a core risk in crypto, undermining trust in systems built on code rather than intermediaries. Smart contract bugs, phishing and cross-chain bridge flaws can expose large pools of locked assets, where a single weak point can trigger outsized losses.
These risks are amplified by the complexity and interconnected nature of blockchain infrastructure. Cross-chain bridges, while expanding functionality, also widen the attack surface and have accounted for billions in losses due to intricate designs, shared systems and, in some cases, weak validation.
Beyond the immediate damage, repeated exploits erode confidence across the ecosystem. Major hacks can push users and institutions to the sidelines, invite tighter regulation and slow adoption, making security a key constraint on crypto’s growth.
AAVE and a coalition of DeFi firms moved quickly, committing more than $300 million to stabilize the system. According to the report, the intervention helped normalize conditions, with yields easing and deposits recovering
The bank added that the incident is accelerating structural upgrades. AAVE’s V4 upgrade and the forthcoming Ethereum Economic Zone aim to reduce reliance on cross-chain bridges, a frequent target in major crypto hacks, including this one.
Wall Street bank JPMorgan (JPM) said hacks and stagnant capital levels in decentralized finance continue to weigh on DeFi’s institutional appeal, highlighted by a $20 billion hit from the KelpDAO exploit.