Michael Egorov, founder of Curve Finance, has called for the development of industry-wide security standards in decentralized finance (DeFi) amidst a rise in recent hacks linked to centralized single points of failure.

The KelpDAO exploit is among the largest DeFi breaches in recent months, undermining the confidence of market participants.

DeFi Security Overhaul

In his latest tweet, Egorov explained that many of these incidents are utterly preventable and increasingly damage trust within the sector. He highlighted a recent scenario involving Aave, where users could not withdraw their funds after the exploitation of rsETH, despite multiple parties—including the protocol and infrastructure providers—claiming their systems were functioning properly.

Egorov contended that this blame-shifting reveals a more profound structural issue in DeFi; reliance on interrelated systems can leave users vulnerable if any single component fails. He advocated for minimized risk associated with centralized dependencies and suggested that when they are unavoidable, trust should be distributed instead of concentrated.

“We should probably come together and develop safety standards for DeFi. How to build safely and how to verify safety. Everyone should share their best practices, and projects, auditors, and risk assessment groups should be aware of them.”

He proposed that prominent ecosystem organizations, like the Ethereum Foundation and the Solana Foundation, could facilitate collaboration among developers, auditors, and risk experts to establish common safety principles. The Curve founder also indicated that the industry could learn from traditional finance in managing unavoidable centralized risks, while still striving for a more decentralized structure.

DeFi Under Pressure

The KelpDAO exploit caused a notable downturn in DeFi, with reports indicating that total value locked (TVL) dropped across several networks, including significant declines on Cosmos Hub.

Funds stolen during the exploit are currently being transferred, as revealed by findings from ZachXBT and Arkham Intelligence. Data showed that two major Ethereum transactions were executed during European trading hours on Tuesday, and part of the stolen cryptocurrency is already being moved between blockchains.

A portion of the assets was bridged to Bitcoin utilizing Thorchain, while a smaller quantity was sent through Umbra, a privacy-focused protocol. The laundering techniques appear similar to previous activities linked to the Lazarus Group, which has been known to employ similar methods before.