It's been a black Wednesday for Solana DeFi. Drift, the blockchain's largest perpetuals protocol, suffered this year's biggest exploit, losing over $280 million in deposits.
What appears to be another successful North Korean attack was likely not a hack in the classical sense. The attacker neither stole private keys nor exploited vulnerabilities in the smart contracts.
Instead, they managed to trick at least two of five Security Council members into pre-signing powerful admin transactions, allowing them to pledge worthless tokens as collateral and borrow massive amounts of real assets (USDC, SOL, wrapped BTC, etc.) from Drift's vaults and pools.
The exact method remains unclear, but the damage is done. Drift's TVL plunged 50%, from $550 million to $225 million, likely only not falling further because deposits and withdrawals remain suspended.
It's a setback for a Solana DeFi ecosystem that was just beginning to attract institutional interest, much of which has historically gravitated toward the more battle-tested protocols on Ethereum.
But the challenge extends beyond Solana. For DeFi broadly, it's another painful reminder that operational security has to be held to a higher standard than in traditional finance. When assets move instantly and irreversibly, the margin for human error is essentially zero. Speed is DeFi's selling point. It's also its biggest vulnerability.
In today’s Briefing:
Coinbase receives conditional OCC approval
RWA & Vault Summit: All eyes on onchain asset management
HIGH SIGNAL NEWS
Aave v4 goes live on Ethereum Mainnet. The upgrade marks the lending protocol’s most significant architectural evolution to date, introducing distinct lending markets with tailored collateral configurations, all while drawing from a shared, unified liquidity pool. 👻
CoinShares starts trading on the Nasdaq. The move comes nearly three and a half years after Europe’s largest digital asset manager listed on Nasdaq Stockholm. As reasons for the change, the company points to improved access to institutional capital, as well as broader sell-side analyst coverage and increased research visibility. 🇺🇸
Coinbase receives conditional OCC approval. Through the charter as a national trust company, Coinbase gains federal regulatory uniformity for its custody and market infrastructure business. ✅
Ethereum Economic Zone (EEZ) gets introduced. Developed by crypto firms Gnosis and ZisK, with co-funding from the Ethereum Foundation, the new framework aims to enable seamless interoperability between Ethereum’s Layer-1 and its Layer-2 networks. 🌐
Aztec launches Alpha Network. The Layer-2 network supports a full execution environment for private smart contracts, where all accounts, transactions, and execution itself can be completely private. 🔒
Ramp introduces Stablecoin Accounts. This means that customers of one of the fastest-growing money operations platforms can hold stablecoins on the platform, earn rewards on their balances, and pay vendors and employees worldwide. For now, the feature remains in public beta. 💸
SoFi launches Big Business Banking. The new offering enables enterprise partners to manage both fiat and crypto banking through a single nationally chartered bank, which serves 13.7M members and holds over $50B in assets. Initial participants include firms such as Cumberland, Fireblocks, Galaxy, and Mastercard. 🏦
TOP STORY
Two Days in Cannes: All Eyes On Onchain Vaults
Boots on the ground: This week, our team was on the ground at three major events during this year’s EthCC in Cannes. While part of the team attended Kaiko’s inaugural The Agora event (see our recap in yesterday’s Institutional Briefing), others spent two days at the RWA Summit at the iconic Palm Beach and the Vault Summit, hosted by lending protocol Morpho at the Hôtel Majestic Barrière.
DeFi meets TradFi: Across both events, more than 80 speakers took the stage, spanning DeFi and fintech leaders such as Circle, Stripe, Aave, and Morpho, alongside TradFi executives from Apollo Global and Baillie Gifford. What follows is our summary of the conversations, arguments, and insights that shaped those two days.
Onchain vaults take center stage: The defining theme across both events was the rise of onchain vaults: smart contracts that pool capital from depositors and deploy it according to a strategy set by a curator, an entity that decides which assets to lend against, sets risk parameters, and manages the allocation.
Growing category: Over the past two years, vaults have grown from a niche DeFi primitive into a category attracting serious institutional attention. Firms like Bitwise and CoinShares have recently entered as vault curators, and the model is increasingly seen as the infrastructure through which tokenized assets will reach onchain capital at scale.
Bitwise and Apollo see the opportunity
Catalysts: Two forces are driving this growth. First, the rapid expansion of stablecoin supply and the onchain economy it enables. Second, a broader strategic imperative to future-proof existing asset management business models.
"Onchain asset management is, to a large extent, stablecoin asset management. As dollars move into onchain wrappers, you need to serve them where they are, and that ultimately means vaults," said Hong Kim, CTO of Bitwise.
Christine Moy, Head of Digital Assets at the $900 billion asset manager Apollo Global Management, described the firm's recent investment in Morpho as a strategic necessity: "Given the ongoing technological shifts, we think the way Apollo has been successful in the past three and a half decades is absolutely not how we're gonna be successful in the next decades. That is why we're embracing the disruption.”
Unlocking new opportunities: Moy also explained how onchain infrastructure can open up entirely new lending categories, sharing the example of credit card receivables: today, Apollo structures these as multi-billion dollar deals with a single counterparty over multi-year terms, because the operational cost only makes sense at that scale. Onchain, smart contracts can aggregate many smaller borrowers into one facility.
"That opens up entirely new types of lending that were previously not viable or economical for us," Moy explained.
Lawyers and risk managers address the gaps
A lot of open questions: Before this transformation can scale, however, key questions around onchain vaults remain unresolved, most of which were directly addressed at both events.
Proper risk management: A recurring theme across panels was the need for robust risk management by vault curators, brought into sharper focus by last week’s $25 million exploit of DeFi protocol Resolv, which resulted in losses for several curators.
Regulatory gray zone: Some panelists linked these shortcomings to the absence of clear regulatory standards and oversight. Tuongvy Le, former SEC lawyer and General Counsel at vault infrastructure provider Veda, reiterated the need for defined rules to ensure investor protection:
"Recent events have made clear that not all vaults meet the standards investors should expect. Security and investor protection depend on how these systems are designed, governed, and constrained. If our recently proposed SEC framework is adopted, it would mark the first time investor protection is achieved through non-custodial, programmable systems rather than institutional intermediation."
Not covered by MiCA: A similar challenge exists in the EU. As Stéphane Daniel, partner at French law firm d&a partners, noted in his keynote, the curator role did not exist when MiCA was drafted. As a result, curators operate in a regulatory gray zone, where activities such as selecting collateral or setting risk parameters could be interpreted as regulated services like portfolio management or advisory.
Regulatory outlook: Daniel also pointed to ongoing discussions around a potential MiCA 2 or DeFi-specific additions to the current framework. He urged the industry to use this window to engage with policymakers and advocate for a tailored regulatory status that reflects how vaults function in practice, rather than having legacy frameworks applied retroactively, while still ensuring strong depositor protections.
Missing infrastructure pieces: Regulation is not the only gap. On the infrastructure side, speakers highlighted three concrete challenges:
the mismatch between DeFi’s real-time liquidity expectations and longer-duration RWAs such as private credit,
the need for new oracle designs that account for offchain trading hours and corporate actions,
and the complexity of liquidating permissioned collateral.
Waiting and warning on private credit
Bringing more assets onchain: As long as these gaps persist, the investible onchain asset base remains limited, which in turn reduces the incentive for institutions to build meaningful onchain operations.
"If all curators are allocated to the same basket of five to ten assets, you end up with the same yields and the same risks," noted Jeroen Offerijns, Co-Founder and CTO at Centrifuge Labs. "Without a broader range of assets, it’s difficult to create differentiated products or meaningful choices across vaults."
Short-duration assets: One possible path forward is to bring assets onchain that better align with DeFi’s structural requirements. Rather than long-duration private credit, whose liquidity profile clashes with instant redemption expectations, some panelists highlighted shorter-duration instruments such as invoice receivables as a more natural fit.
"We focus on asset-backed finance, primarily short-duration credit like invoices and receivables with 30, 60, or 90-day terms. Because the liquidity is self-amortizing, we can match it more effectively to DeFi and bring it onchain," said David Vatchev, Head of Tokenization at UK asset manager Fasanara Capital.
A word of caution: Not everyone shared the optimism around bringing more real-world assets onchain. Mehdi Lebbar, co-founder of Yo Labs, warned that some of the private credit entering DeFi vaults may represent adverse selection: assets that failed to find buyers through traditional channels:
“What I see around in this industry is more and more private credit that could be an adverse selection case where they couldn’t sell it in TradFi. BlackRock is closing on redemptions and all of a sudden we’re receiving all these RWAs with private credit. We’re probably going to see problems with redemptions on private credit, which are the problems that already exist in traditional finance.”
Our takeaway: Despite the clear focus on current challenges, the mood at both events was one of excitement. It reminded us of the early DeFi days in 2020 and 2021, with one stark difference: the conversations were grounded in reality, with almost everyone acknowledging the gap between ambition and operational readiness.
Andrew O’Neill, is Managing Director and Digital Assets Analytical Lead at S&P Global Ratings.
Andrew, we saw you at both the RWA Summit and the Vault Summit. What stood out to you from the discussions on onchain vaults?
"There was strong excitement in Cannes around the potential of vaults to enable a new generation of financial instruments. But the vertical still needs to mature across two key dimensions before it can scale meaningfully.
First, at the curator level. The Resolv exploit and its knock-on effects were on everyone’s mind. Stronger risk management is needed, both in operational security and the controls curators apply to their strategies. Over time, institutional adoption may also mean institutions acting as curators themselves, or being heavily involved in setting the risk frameworks.
Second, at the asset level. The range of real-world assets available onchain is still narrow, and compliance tooling is still being built. There is also an important distinction: a vault holding crypto holds the actual asset, whereas a vault holding RWAs inherits all the legal and operational risk of whatever sits underneath it. That is a meaningfully different risk profile.
This all shows how early the vault space really is. And because these things need time to mature, we don’t expect an imminent inflection point, but rather continued experimentation from the institutions most actively engaged in these discussions."
Centrifuge: Investment Operations Associate - Tokenized Products, Europe 🇪🇺
Circle: Director Partner Management Europe, Dublin 🇮🇪
Digital Asset: Principal Product Manager Stablecoins & Payments, Zurich 🇨🇭
Keyrock: VP Capital Markets, Amsterdam 🇳🇱
Kraken: Senior Sales Manager, Europe 🇪🇺
Morpho: Head of Product, Paris 🇫🇷
Securitize: Operations Officer, Spain 🇪🇸
Spiko: Crypto GTM Lead, Paris 🇫🇷
OpenFX | $94 million | Series A : Cross-border payment infrastructure provider, enabling institutions and enterprises to move money globally via stablecoins.
Midas | $50 million | Series A : Institutional-grade tokenization platform.
Valinor | $25 million | Seed : Infrastructure provider for tokenized private credit.
The Better Money Company | $10 million | Unknown : Clearinghouse infrastructure for stablecoins.
Kulipa | $6.2 million | Seed : Stablecoin card issuing platform.
Keyrock | Undisclosed | Series C : Crypto investment firm offering solutions in market making, OTC, asset management and options for digital assets.
Disclaimer: The information provided in the Crypto Briefing by Blockstories does not constitute investment advice. Accordingly, we assume no liability for any investment decisions made based on the content presented herein.
