“Are we an industry of clowns?” Curve founder blasts DeFi security flaws

According to Egorov, despite claims that everything is working, different DeFi platforms point to each other during exploits, claiming that users have not been able to access their funds.

Michael Egorov, founder of Curve Finance, has called for the development of industry-wide security standards in decentralized finance amid the recent proliferation of hacks originating from centralized single points of failure.

The KelpDAO exploit is one of the biggest DeFi breaches in recent months, shaking the confidence of market participants.

Defy security update

In his latest tweet, Egorov said many of these incidents were “absolutely preventable” and were damaging confidence in the sector. He pointed to a recent situation involving Aave where users were unable to withdraw their funds following an rsETH exploit by several parties, including the protocol itself and infrastructure providers.

Egorov says such blame-shifting highlights a deeper structural issue in DeFi, where reliance on interconnected systems can leave users vulnerable when any single component fails. He said that the risks associated with centralized dependence should be reduced where possible, and if unavoidable, trust should be distributed rather than concentrated.

“Maybe we should get together and develop security standards for DeFi. How to build safely and ensure security. Maybe everyone should bring their best practices, and the projects, auditors, and risk assessment teams should know them.”

He proposed that leading ecosystem organizations such as the Ethereum Foundation and Solana Foundation should play a role in establishing common security principles by bringing together developers, auditors and risk experts. The Curve founder suggested that even as the sector works towards a decentralized architecture, it can learn from traditional finance to manage unavoidable centralized risks.

DeFi under pressure

The KelpDAO exploit led to a significant DeFi crash, as CryptoPotato previously saw its total value locked in a single day drop across multiple networks, including steep drops on the Cosmos Hub.

According to findings by ZachXBT and Arkham Intelligence, the stolen funds have now been moved. According to data, two major Ethereum transactions took place during European trading hours on Tuesday. A portion of the stolen crypto is already being transferred between blockchains.

You may also like:

A portion was transferred to Bitcoin using Thorchain, while another small portion was sent via Umbra, a privacy-focused protocol. Laundry methods seem to be a past activity related to the Lazar group, which used similar methods before.