DeFi pushes developers to rethink emergency controls.
Andre Cronje says that most decentralized finance is “no longer DeFi” in the strict sense, while developers argue that circuit breakers and other emergency controls are now necessary to protect users from exploitation.
Flying Tulip's founder told Cointelegraph in an interview that many protocols are no longer immutable public goods, but rather “for-profit groups” with modifiable contracts, off-chain infrastructure and operational controls.
That shift will change the security model, he said. While early DeFi protocols were mostly defined by immutable smart contracts, the new systems often rely on proxy updates, multisig, infrastructure providers, administrative processes and human response teams, Cronje said.
“I think what we have today, including Flying Tulip, is no longer DeFi, it's not decentralized finance, it's not immutable code,” Cronje said. “They are groups that run for-profit businesses.”
The comments come as April's DeFi exploits push the security narrative beyond smart contract audits and into practical risk questions. On Thursday, Flying Tulip added an exit circuit breaker designed to delay exits or queuing during irregular outflows. The move follows major events involving the relaunch of the decentralized exchange Drift Protocol and the Kelp platform, resulting in losses of $280 million and $293 million, respectively.
Andre Cronje of Flying Tulip (left) and Cointelegraph's Ezra Reguerra (right). Source: Cointelegraph
DeFi concerns go beyond smart contracts
Cronje said the industry focuses on auditing when many systems are subject to change by developers or controlled by administrative processes.
“The focus across all industries is still on the contract and not on the TradFi side,” Cronje told Cointelegraph, adding that many recent exploits have involved “traditional Web2 stuff” like infrastructure access, contracts and social engineering.
Protocols with modifiable contracts need traditional checks and balances around who can modify code, who approves changes, and proper time locks and multi-sig controls, he said.
RELATED: Ethereum Backers Pledge Up To 30,000 ETH To rETH Recovery After Bridge Trouble
Michael Egorov, founder of Curve Finance and Product Foundation, commented that the recent incidents show that they have more to do with centralization and off-site dependencies than with smart contract errors.
“The most recent DeFi exploits are not caused by bugs in the code,” Egorov told Cointelegraph. “They are caused by centralization concerns — single points of failure that live off-chain.”
Egorov argued that Aave, Kelp, and LayerZero smart contracts were not hacked in the recent rETH incident, arguing that the transaction came from the chain's infrastructure. He says DeFi protocols can be exposed to “a whole tree of risks,” with the biggest risks often tied to people rather than code.
Circuit breaker DeFi builders are divided
Cronje said the flywheel circuit breaker is not designed to permanently block discharge, but to create a response window when discharge exceeds normal parameters. “Our circuit breakers are not designed to prevent or prevent anything from happening,” he said. To give you time to respond.
The Flying Tulip system gives the team about six hours, though Cronje says more or less geographically dispersed teams may need 12 to 24 hours or more. While the tool makes sense for contracts that hold users' money, it should be seen as a layer between auditing, distributed multisig, time locks and other controls, he said.
“Security is always a layered approach,” says Cronje. “It's never ‘this one thing' that makes you vulnerable.”
Related: Aave Asks Arbitrum to Send 30K ETH from Kelp Mining to ‘DeFi United'
Egorov was more cautious. Circuit breakers can make sense in theory, but only when implemented in a way that doesn't create a new, unique attack surface, he said. “The circuit controllers are controlled by people, which means that they themselves can be vulnerable,” Egorov told Cointelegraph.
If emergency controls allow signatories to change contract codes or block exits, he warned, compromised signatories could change the insulation to a sewer or central cooling system. In his view, the best long-term answer is to design systems that can run safely without manual intervention.
“The goal of DeFi design is to reduce human-centric points of failure, not add to them,” Egorov said. “DeFi must be secure, and security comes from decentralization.”
Standard Chartered says the kelp scene shows the resilience of DeFi.
Standard Chartered framed Kelp's episode as a sign of DeFi's growing pains rather than a fatal failure.
In a Wednesday research note published by Cointelegraph, the bank said the April 18 heist exposed systemic risks after its impact spread to Ave, but after more than $300 million raised by the DeFi United consortium and structural changes such as Aave V4 and the Ethereum Economic Zone, the sector is developing strong defenses.
The DeFi United website shows more than $321 million has been raised or committed. Source: Defy United
The bank said those improvements could reduce reliance on bridges, which it has identified as a major attack vector in recent crypto hacks.
Magazine: AI-Driven Hacks Could Kill DeFi – Unless Projects Act Now
