“Are We an Industry of Clowns?” Curve Founder Blasts DeFi Security Failures

Egorov said that different DeFi platforms keep pointing to each other during exploits, even as they claim everything is working, while users remain unable to access their funds.

Michael Egorov, founder of Curve Finance, has called for the development of industry-wide security standards in decentralized finance, amid a surge in recent hacks originating largely from centralized single points of failure.

The KelpDAO exploit is one of the latest examples and ranks among the largest DeFi breaches in recent months, shaking the confidence of market participants.

DeFi Security Overhaul

In his latest tweet, Egorov went on to explain that many of these incidents are “absolutely preventable” and are increasingly damaging trust in the sector. He pointed to the recent scenario involving Aave, where users were unable to withdraw funds following the exploitation of rsETH, despite multiple entities in the stack, including the protocol itself and infrastructure providers, stating that their systems were functioning as intended.

Egorov argued that such blame-shifting highlights a deeper structural issue in DeFi, where reliance on interconnected systems can leave users exposed when any single component fails. He said that risks tied to centralized dependencies should be minimized wherever possible, and when unavoidable, trust should be distributed rather than concentrated.

“We should probably come together and develop safety standards for DeFi. How to build safely, and how to verify safety. Probably everyone should bring their best practices, and the projects, auditors, and risk assessment groups should know them.”

He proposed that leading ecosystem organizations such as the Ethereum Foundation and the Solana Foundation could play a role in bringing together developers, auditors, and risk experts to establish common safety principles. The Curve founder also suggested that the sector could draw lessons from traditional finance in managing unavoidable centralized risks, even as it continues working toward a more decentralized architecture.

DeFi Under Pressure

The KelpDAO exploit triggered a significant DeFi downturn, as CryptoPotato previously reported that total value locked plunged across multiple networks within a day, including steep drops on Cosmos Hub.

The stolen funds are now being moved, based on findings from ZachXBT and Arkham Intelligence. Data revealed that two major Ethereum transactions were carried out during European trading hours on Tuesday. Part of the stolen crypto is already being transferred between blockchains.

You may also like:

A portion was bridged to Bitcoin using Thorchain, while another small share was sent through Umbra, a privacy-focused protocol. The laundering methods resemble past activity linked to the Lazarus Group, which has used similar routes before.