Standard Chartered expects assets locked in decentralized finance (DeFi) to grow 37-fold to $2.7 trillion by the end of 2030.

The expansion would be driven by both tokenized real-world assets (RWAs) and crypto-native assets moving through onchain protocols, Geoff Kendrick, head of digital assets research at Standard Chartered, said in a research note on Monday. 

“I think the next opportunity for generational wealth in digital assets is going to come via the DeFi protocols,” Kendrick said. “I estimate that the amount of tokenized assets active in DeFi will 37x by the end of 2030.”

According to Kendrick, only 3% of stablecoins and 10% of tokenized RWAs are currently used in DeFi. He projected the share of tokenized assets used in DeFi to rise to 30% by the end of 2030, from about 3.5% today.

The forecast underscores growing institutional expectations that tokenization could channel more capital into DeFi. However, reaching $2.7 trillion would require onchain assets to grow rapidly and the share of tokenized value used in DeFi protocols to rise nearly ninefold.

Decentralized finance’s total value locked. Source: DefiLlama

Standard Chartered previously forecast that non-stablecoin tokenized RWAs would grow to $2 trillion by the end of 2028, with tokenized money-market funds and US equities accounting for most of the projected market.

While Standard Chartered expects tokenized assets to drive significantly more activity into DeFi, some researchers have cautioned that tokenization does not guarantee deep or unified markets. 

Axis CEO Chris Kim previously told Cointelegraph that issuing the same asset across multiple blockchains and formats can create siloed liquidity, pricing gaps and higher costs, limiting how easily tokenized assets can be traded even as their overall market value grows.

Oya Celiktemur, Ondo Finance’s sales director for Europe, the Middle East and Africa, also said at Paris Blockchain Week in April that tokenizing an illiquid asset does not “magically” make it liquid. 

Uniswap seen as a potential hub for tokenized markets

Kendrick said Uniswap could emerge as a key trading venue as more tokenized assets move onchain. He highlighted the decentralized exchange’s scale, brand and history of operating through multiple crypto cycles. 

Related: Botanix to shut down after 4 years, cites weak demand for Bitcoin DeFi

Kendrick added that those attributes could be particularly important to traditional financial institutions, which are likely to prioritize security and reliability when bringing tokenized RWAs to DeFi. 

“If Uniswap can commercialise enough and create significant enough TradFi partnerships to scale, its market cap-to transaction fees multiple is likely to increase, narrowing the gap with Coinbase,” he wrote. 

Magazine: Does ‘Paper Bitcoin’ mean there’s an unlimited supply of BTC?

Aztec Connect, a deprecated decentralized finance platform, was drained of around $2.1 million in crypto on Sunday after an attacker exploited its verification function.

Aztec Labs posted to X on Sunday that it was “investigating a potential exploit affecting Aztec Connect,” adding that around $2.1 million was transferred from the platform’s smart contract, which did not affect users or assets on the current Aztec network.

The exploit is the latest in the $44 million worth of crypto that has been stolen so far this month from at least 12 other exploits, according to DeFiLlama. 

A private key compromise on the Humanity Protocol has been the largest so far in June, with $30 million lost on June 8, followed by the Syscoin Bridge, which saw $8 million swiped in a fake proof exploit the previous day.

Crypto security firm BlockSec said that an attacker exploited a mismatch in how the platform verified transactions and settled them on Ethereum.

It said that verified transactions on Aztec Connect’s contract were “not effectively bound to the transaction set enforced by the ZK proof,” allowing its verification path and settlement logic on Ethereum “to interpret the transaction list differently.”

The attacker could then place transactions where the contract credited value without validating it on Ethereum, which created unbacked balances that could then be withdrawn. The attacker did this seven times across seven different assets.

The attacker made off with 909 Ether (ETH), 270,000 Dai (DAI), 167 of wrapped staked ETH and a handful of other cryptocurrencies.

Some of the assets stolen in the exploit. Source: CertiK

Aztec Network is a privacy-focused layer-2 zero-knowledge (ZK) rollup on Ethereum. Aztec Connect was the previous version of the platform that launched in 2022 as a DeFi bridge.

Related: Crypto exploit losses in May fall 90% over month to $68M: CertiK

Aztec Connect was deprecated in March 2023, with deposits halted and the team shifting resources to the next-generation Aztec Network.

“Aztec Labs holds no admin keys or control over the system; it cannot be paused or upgraded by us,” the team said. 

Crypto developer “Param” said Aztec Connect’s smart contracts became “fully immutable” and could no longer be upgraded or paused.

“The incident is another reminder that abandoned DeFi contracts can still become targets years later,” they said. 

Magazine: OpenAI files for IPO, SEC scraps 611 rule and Hungary overhauls crypto: Hodlers Digest

Zcash founder Zooko Wilcox said a security audit by Anthropic’s Claude Mythos artificial intelligence model found no serious vulnerabilities in the privacy-preserving cryptocurrency’s protocol.

Requested by Shielded Labs, a Swiss-based non-profit supporting the development of Zcash, the AI security audit did not find “any more serious bugs” in the Zcash protocol, according to a Saturday X post by Wilcox.

On June 3, Zcash developers temporarily suspended Orchard transactions after discovering a vulnerability in the shielded pool. Functionality was restored later that day through an emergency upgrade.

The issue stemmed from a four-year-old forgery bug in the Orchard shielded pool that was discovered by security researcher Taylor Hornby with the help of Anthropic’s Claude Opus 4.8 model. The Zcash Foundation said there was no evidence that the vulnerability was exploited, nor was there any unauthorized value creation detected, while user privacy was unaffected.

Source: Zooko Wilcox

AI models spark crypto security concerns

While developers are using new AI models to identify vulnerabilities, the technology is simultaneously raising security concerns across the crypto industry.

On Tuesday, Anthropic released the first public version of its Claude Mythos model, Fable 5. The company said last month that the Mythos model uncovered more than 10,000 high or critical-severity vulnerabilities in “systemically important software,” leading to concerns about whether it should be publicly released.

The company said users that Fable 5 was “made safe for general use” and has safeguards that reroute some topics, such as cybersecurity, to a different model, Claude Opus 4.8.  

On Friday, Anthropic said it suspended access to its Fable 5 and Mythos 5 AI models due to a US government export control directive citing national security concerns.

Related: Recovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds 

The proliferation of these new AI models has shifted the cybersecurity playing field in favor of the threat actors, causing a “vulnerability apocalypse” that is fueling a resurgence in decentralized finance (DeFi) hacks, Mitchell Amador, the CEO of bug bounty platform Immunefi, told Cointelegraph in a recent interview.

Crypto hacks surged to $634 million in April, the highest monthly value since the Bybit hack led to about $1.4 billion in losses in February 2025, according to DefiLlama data. 

Magazine: The legal battle over who can claim DeFi’s stolen millions 

Unverified smart contracts were linked to at least $36.7 million in losses across four DeFi exploits over the past six months, as attackers increasingly target protocols whose source code is not publicly available, according to Chainalysis.

The largest incident involved Truebit, which lost $26.2 million after an attacker exploited an integer overflow vulnerability in a contract that had remained unverified on Ethereum since 2021. The other incidents involved Trusted Volumes, Aperture Finance and Ekubo, according to the report.

In each case, the exploited contract had not been verified on a blockchain explorer, meaning its source code was not publicly available for review. According to Chainalysis, that limited scrutiny from security researchers and excluded the contracts from many bug bounty programs despite controlling user funds.

Protocols saw exploits on unverified smart contracts. Source: Chainalysis

Chainalysis attributed the trend in part to advances in decompilation tools and artificial intelligence, which can help attackers reverse-engineer smart contract bytecode and identify vulnerabilities even when source code is not publicly available. According to the report, what once required “a skilled reverse engineer spending days on a single contract” can now be partially automated across large numbers of unverified contracts.

The report challenges a longstanding assumption in DeFi that keeping smart contract code private provides an additional layer of security. According to Chainalysis, protocols relying on hidden code are increasingly depending on “obscurity as a security measure,” an approach the company said is rapidly losing effectiveness. 

Chainalysis recommended source code verification, broader bug bounty coverage and real-time monitoring tools as safeguards against future exploits.

Related: Humanity Protocol token falls 85% amid $30M private key exploit

DeFi security concerns persist after record April losses

The report comes amid a broader rise in crypto exploits. According to DeFiLlama, hackers stole $629.7 million in April alone, the highest monthly total since February 2025.

Two incidents accounted for most of the losses. KelpDAO lost $293 million and Drift Protocol suffered a $280 million exploit, together representing more than 80% of the month’s stolen funds.

Although losses fell sharply in May, with CertiK reporting $68.3 million stolen from cryptocurrency exploits, the fallout from April’s largest attacks continued. In June, blockchain intelligence platform Arkham reported that the attacker behind the KelpDAO exploit had laundered nearly all of the roughly $220 million in unfrozen stolen funds.

Kelp DAO Hacker-tagged wallet, total balance. Source: Arkham

The KelpDAO exploit also prompted several DeFi protocols to review their security infrastructure, with projects including Solv Protocol announcing plans to migrate to Chainlink’s crosschain infrastructure following internal security reviews.

This month, Anthropic said 560 of the 832 accounts it banned for policy violations over a one-year period had used AI to help prepare cyberattacks, including writing malware and identifying vulnerabilities.

Magazine: The legal battle over who can claim DeFi’s stolen millions

New artificial intelligence (AI) models have shifted the cybersecurity playing field in favor of attackers, causing a “vulnerability apocalypse” that led to the resurgence in decentralized finance (DeFi) hacks, according to Mitchell Amador, the CEO of bug bounty platform Immunefi.

The proliferation of new AI models, such as Claude Opus 4.8 and ChatGPT 5.5, is the main reason that led to the resurgence in crypto hacks in 2026, Amador told Cointelegraph at the recent WAIB Summit in Monaco.

Hacking activity across the industry surged in April 2026, with illicit actors stealing more than $634 million from cryptocurrency platforms, the highest monthly total since the Bybit hack helped drive losses to roughly $1.4 billion in February 2025, according to DefiLlama data.

Total crypto hacks by monthly sum, all-time chart. Source: DefiLlama

Crypto needs to survive the next three to four years

The next three to four years will be a crucial survival period for the crypto industry, until cybersecurity teams harness the defensive capabilities of these same AI models to build “impregnable” codebases that attackers won’t be able to breach, said Amador.

This timeline could shrink to less than two years if the industry adopted more “crowdsourced security solutions” until cybersecurity researchers turn these AI models to their advantage, he added.

Amador’s comments followed the release of Anthropic’s latest Claude Mythos model, Fable 5, which sparked industry concerns over its potential ability to accelerate cryptocurrency exploits.

Anthropic said on Tuesday that Fable 5 has safeguards that reroute topics such as cybersecurity to a different model, Claude Opus 4.8.

Related: Recovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds

The industry has become increasingly sensitive to security risks after a string of major DeFi exploits renewed concerns about protocol vulnerabilities.

On April 19, an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.

LayerZero said Kelp DAO’s 1/1 decentralized verifier network (DVN) setup created a single point of failure by relying on a single verifier path for cross-chain messages. LayerZero said it had previously advised against that configuration.

Magazine: The legal battle over who can claim DeFi’s stolen millions 

The team said that investor and treasury allocations have not been touched, sharing on-chain records for community verification.

Sahara AI’s SAHARA token crashed by roughly 60% on June 9, triggering over $23 million in liquidations.

The incident caused speculation across crypto markets, especially since it happened right around the time another protocol, Humanity, reported a breach that cost it $30 million and led to its native H token losing nearly 90% of its value.

What the Team Said, And What On-Chain Data Shows

After SAHARA suddenly plunged from around $0.034 to $0.014, per CoinGecko data, the team put out a post on X saying they were “aware of unusual market volatility” and that they had found no security issues in the platform’s token contracts or products. Further, they said they would provide more updates as additional information becomes available following an internal investigation.

However, after some on-chain observers questioned a transfer of 600 million SAHARA tokens, suggesting it may have caused the unusual price movement, the team had to make a follow-up post explaining that the large token transfer was a pre-planned fill of a Chainlink CCIP bridge contract done to provide liquidity for its recently launched cross-chain bridge.

Just as importantly, they stated that team and investor wallet allocations had not been touched on-chain and that “no team and investor tokens have been sold or moved.”

The team also provided a link to an Etherscan address so that those interested could verify that what they were saying was true, adding that they were still investigating the actual cause of the market movement separately from the bridge transfer.

Whether that explanation holds up to community scrutiny is another question. Data from CoinGlass shows that in the last 12 hours, $22.9 million in long positions were liquidated against only $354,000 in shorts, meaning that the vast majority of losses fell on traders who had been betting on the price going up.

You may also like:

Sahara Down 90% From its Peak

The SAHARA token got listed on Binance in June 2025, and went on to hit an all-time high of $0.1605 the following month. But at the time of writing, it was trading almost 90% below that all-time high and was down over 50% in the last seven days and almost 54% over the past month.

The misfortune that hit it happened just a week after EDGE, the native token of the edgeX decentralized exchange, suddenly dropped by 71% and hit a new all-time low. And just like the Sahara team has done, the people behind edgeX also denied any security breach and, in their case, pointed to external manipulation, a claim that on-chain investigator ZachXBT publicly disputed.

In a subsequent report, edgeX noted that some of the centralized exchanges where EDGE is listed blamed the token’s collapse partly on thin liquidity conditions and not large-scale selling by the team.

The European Union should focus on a broader digital asset framework covering real-world assets and tokenization instead of regulating decentralized finance through a second version of the Markets in Crypto-Assets Regulation (MiCA), an adviser at the European Commission said.

The European Commission launched a public consultation on MiCA in May, seeking feedback through Aug. 31.

“I do not believe that [MiCA] is outdated now. That’s my personal opinion, but it does not matter. That’s why we have this consultation,” Peter Kerstens told Cointelegraph during a fireside chat at WAIB Summit Monaco 2026.

Kerstens, one of MiCA’s architects, said that the feedback received during the European Commission’s current review period will help shape the bloc’s next regulatory steps.

MiCA is approaching the end of its transitional period on July 1, after which crypto asset service providers will be required to hold a MiCA license or stop servicing EU clients.

Related: Crypto firms face July 1 EU cutoff as MiCA grace period ends

EU doesn’t need to regulate DeFi, says MiCA architect

Decentralized finance (DeFi) protocols were included among the emerging risk areas examined in the consultation, even though they are largely outside MiCA’s current scope.

An excerpt from the public consultation on the MiCA review. Source: European Commission

However, Kerstens said regulating DeFi would be difficult because laws can be applied to people and organizations, but not directly to computer networks. He said lawmakers would need a new legal doctrine to regulate non-entities.

Kerstens added that he doesn’t see a need to regulate DeFi, which he described as a “movement” that has “no representatives.”

“I don’t see what the problem is. And if there is no problem, why should it be regulated?”

Earlier in March, a working paper from the European Central Bank questioned whether decentralized autonomous organizations (DAOs) are decentralized enough to remain outside MiCA’s scope. Looking at Aave, MakerDAO, Ampleforth and Uniswap, the paper found that the top 100 governance token holders controlled over 80% of the supply in each protocol, based on holdings snapshots from November 2022 and May 2023.

The authors said these findings question whether DAOs are inherently decentralized and whether they should remain outside of the MiCA regulation as “fully decentralized” services.

Magazine: Crypto wanted to overthrow banks, now it’s becoming them in stablecoin fight

The pool closed with over $25M in four-month volume and had already hit double-digit fixed XRP rates by May, as seen on historical charts.

Flare Network’s XRP-based decentralized finance ecosystem reached a new milestone with an automated liquidity rollover. The process moved over $4 million in capital between fixed-term yield markets without disrupting trading activity.

The rollover took place on June 4, 2026, when the largest stXRP fixed-term pool on Spectra Finance reached maturity. Managed through GamiLabs’ FXRP MetaVault, the process automatically transferred liquidity into successor pools expiring on August 27 and November 26, 2026.

How MetaVaults Managed the stXRP Liquidity Transition

MetaVaults were introduced in February 2026 to address operational challenges associated with fixed-term yield tokenization. The system uses a single smart contract to monitor expiries, select new markets, and route liquidity according to predefined on-chain rules.

Under the model, liquidity providers deposit assets once and receive a vault token representing their position. The vault then manages future rollovers automatically, removing the need for users to manually withdraw and redeploy funds whenever a market expires.

The transition addresses a long-standing issue in fixed-term DeFi markets known as the expiry cliff. In many cases, maturing pools lead to fragmented liquidity and reduced market activity as participants move capital into new pools.

During the June rollover, liquidity was already available in the replacement markets before the original pool matured. This helped maintain continuous market depth and avoided the disruption often associated with fixed-term expiries.

The significance of the rollover was amplified by the scale of the maturing market. The stXRP pool recorded more than $25 million in lifetime trading volume during its four-month duration. By May, it was delivering double-digit fixed rates, reflecting sustained activity ahead of expiry.

You may also like:

Spectra Finance Yield Infrastructure

Spectra Finance remains one of the most active yield trading platforms on Flare, supporting structured yield products through FXRP. FXRP serves as a trustless and overcollateralized representation of XRP within Flare’s FAssets framework.

GamiLabs oversees the FXRP MetaVault, while Firelight issues stXRP used within the ecosystem. Together with Spectra’s protocol infrastructure, these components support a growing market for XRP-denominated yield strategies.

The operational impact of this structure is highlighted by comments from Spectra Finance co-founder Gaspard Peduzzi. According to him, the MetaVault framework turns expiry events into continuous market transitions. He added that this approach could support deeper and more efficient XRP yield markets by reducing operational friction linked to fixed-term maturities.

South Korean prosecutors charged a group in an alleged rug pull involving the Solana-based memecoin Catpie, or CATFI, in what local media described as the country’s first decentralized exchange (DEX) rug-pull prosecution.

The group was reportedly apprehended by the Seoul Southern District Prosecutors’ Office’s Virtual Asset Crime Joint Investigation Division. The main suspect, surnamed Park, allegedly posed as “Eth Father” on social media platforms and falsely promoted CATFI as an independent third-party before executing a rug pull that caused about 900 million won ($599,000) in financial damage to at least 256 investors, local news outlet Digital Asset Works said Wednesday.

Prosecutors allege the group promoted CATFI on social media, drove the token’s price up more than 1,000-fold within 26 hours and then sold their holdings for about 400 million won ($260,000) in illegal profit.

The move marks South Korea’s first arrest tied to a memecoin rug pull under the Virtual Asset User Protection Act and signals that authorities are taking steps against coordinated crypto price manipulation. 

Rug pulls are deceptive exit scams where the token deployers promote a project to attract outside investment before suddenly abandoning it and selling their funds, causing significant financial losses to later buyers.

Cointelegraph reached out to the Supreme Prosecutors’ Office for comment but had not received a response by publication.

KOSPI trading volume versus volume on won-based domestic South Korean exchanges. Source: Digital Asset Works

The development comes amid a significant contraction of South Korea’s domestic digital asset trading market, which saw trading volume on major won-based cryptocurrency exchanges decline to just 8% of the KOSPI stock market’s trading volume, Digital Asset Works reported earlier on Wednesday.

Related: Bubblemaps flags MYSTERY token over 90-wallet launch sniping cluster

CATFI token crashes 99% after rug pull

Following its initial surge to an $8.99 million market capitalization in February 2025, the CATFI token has since crashed by 99% to an $57,000 market capitalization at the time of writing.

Despite the crash, 1,512 investors were still holding the token in hopes of recovery, with the largest holder, wallet “5Q54,” holding 18% of the token’s total supply, data from Pump.fun shows.

The X account that previously promoted the project has since been deleted.

CATFI/USD, all-time chart. Source: Pump/fun

Rug pulls and coordinated manipulation attempts continue threatening the wider cryptocurrency space.

Earlier in May, a Solana memecoin linked to Keith Gill’s Roaring Kitty X account suffered a similar rug pull, as the anonymous developer cashed out about $729,000 while the token lost most of its value, Cointelegraph reported.

One unfortunate cryptocurrency trader lost nearly $190,000 on the memecoin within an hour, underscoring the risks of memecoin trading.Magazine: Bitcoiners eye ‘sell in May,’ SBF’s bid for new trial shut down: Hodler’s Digest, April 26 – May 2

Decentralized exchange edgeX has attributed a more than 40% collapse in its EDGE token to ‘deliberate’ market manipulation by an unnamed external party, a claim that onchain investigator ZachXBT has dismissed.

Data from CoinMarketCap shows edgeX (EDGE) plunged from roughly $1.20 to an intra-day low of $0.3663 on Tuesday, a drop of around 70%. The token is currently trading at $0.6474, down by around 45% over the past day.

In a post on X, the edgeX team acknowledged the sudden collapse in its native token, telling its community it had “observed a sudden and irregular price movement” and was actively investigating.

In response, ZachXBT claimed edgeX’s supply had been controlled by a small number of insiders operating with a low float, making the token inherently vulnerable to these types of events. He also demanded that the project publicly disclose the counterparties and market-maker agreements that contributed to the crash.

Only 350 million EDGE tokens are currently in circulation out of a maximum supply of 1 billion, meaning more than two-thirds of the total supply has yet to hit the market. A low circulating float can make a token more vulnerable to sharp price moves, especially if liquidity is concentrated or large holders sell into thin order books.

Related: Verus bridge exploiter returns $8.5M after bounty offer

EdgeX says project not hacked

In a follow-up statement, edgeX said the platform had not been compromised in any way. “What we have identified so far suggests deliberate attempts by certain external party to manipulate the market price of EDGE,” the project wrote, calling it a market integrity issue.

However, ZachXBT was unconvinced. “We investigated ourselves and did not find ourselves guilty even though we control nearly the entire supply,” he sarcastically wrote.

Source: CoinMarketCap

EdgeX is the 16th largest DEX in terms of trade volume over the past day, according to data from DefiLlama. The project has a total value locked (TVL) of $137 million.

Related: Recovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds

DEX trading volume declines

DEX trading volume across all chains has also pulled back sharply from its peak levels.

The broader pullback in DEX activity can make thinly traded tokens more vulnerable to sharp moves, though EDGE’s crash also involved project-specific questions over supply, market makers and insider control.

After hitting a spike close to $45 billion in early 2025, aggregate decentralized exchange volume has trended lower and largely stabilized in the $5 billion to $20 billion daily range through the first half of 2026, with a secondary peak around $30 billion in October 2025 before fading again, according to data from DefiLlama.

DEX trade volume. Source: DefiLlama

The cooling activity reflects a broader retreat in onchain trading appetite following the frenzy of early 2025, leaving DEX markets thinner and more vulnerable to outsized price impacts.

Magazine: The legal battle over who can claim DeFi’s stolen millions