Curve Finance founder Michael Egorov has publicly called for industry-wide safety and security standards in DeFi, criticizing a recent wave of absolutely preventable hacks rooted in centralized single points of failure.
In a detailed post on X, Egorov expressed frustration that these incidents are damaging the sector’s credibility at a time when DeFi aims for mainstream adoption. He used a vivid example: an average grandma depositing life savings into Aave; one of the largest DeFi protocols, only to face withdrawal issues after an exploit involving rsETH linked to Kelp DAO that reportedly spread through dependencies like the LayerZero bridge.
Each party claimed their part was operating as intended, highlighting fragmented accountability. Over-reliance on centralized elements like multisigs, admin keys, oracles, bridges, or infrastructure configs creates avoidable risks that compound across protocols. He referenced roughly $750 million in DeFi hacks and exploits in a short period, many tied to such single points of failure rather than novel smart contract bugs.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Proposed Solution
The industry should collaboratively develop shared safety standards—a rulebook covering: How to build safely. How to verify safety beyond one-off audits. Best practices for configuring critical infrastructure. Reducing or distributing unavoidable single points of failure; drawing lessons from traditional finance’s handling of centralized risks.
He specifically suggested the Ethereum Foundation and Solana Foundation convene projects, auditors, risk teams, and developers to establish common principles and recommendations. When asked if Curve would publish its own formalized security and risk management practices first, Egorov replied that they need to formalize their rules but indicated it’s possible—positioning Curve as a potential early mover.
Egorov framed this as essential because DeFi is the future of the global financial system, but repeated lapses erode trust needed for mass adoption. He emphasized prevention over post-incident fixes and encouraged sharing best practices across teams rather than siloed learning. DeFi has long relied on independent audits, bug bounties, and protocol-specific risk management, but exploits often stem from interconnected dependencies or misconfigurations that audits miss.
A shared baseline could reduce repetition of common failures without stifling innovation or introducing heavy centralization, a concern raised in past regulatory debates. Egorov has previously advocated for high code quality standards comparable to space or nuclear industries, where failure is not an option.
This isn’t a new conversation—discussions around continuous monitoring, economic risk tools from firms like Gauntlet and better infrastructure configs have been ongoing—but Egorov’s high-profile call, tied to current incidents affecting major protocols like Aave, adds momentum. Whether foundations or the broader community act on it remains to be seen, but the push for collective standards reflects growing maturity in the space.
DeFi’s permissionless nature makes enforcement tricky, so any standards would likely be voluntary best practices rather than mandates. DeFi is the future of the World Financial System. Egorov ighlighted the damage from recent incidents; the rsETH exploit via LayerZero that froze withdrawals on Aave, with each party claiming operating as intended. This amount of absolutely preventable hacks we see in DeFi with root causes attributable to CENTRALIZED points of failure is enormous recently.
This damages our industry… Imagine an average grandma putting her life savings on Aave. And then BOOM, she cannot withdraw her funds… Are we industry of clowns? His solution is proactive and collective: Reduce single points of failure (SPOFs) wherever possible. Split trust when SPOFs are unavoidable.
Share best practices for infrastructure configuration and code verification. Develop unified DeFi safety standards — principles, rules, and recommendations for safe building and verification. He suggested the Ethereum Foundation and Solana Foundation could lead by convening ecosystem projects, auditors, and risk teams and even draw lessons from traditional finance on protecting unavoidable centralized elements.
