Following a recent security breach involving Kelp rsETH, Curve creator Michael Egorov is advocating for unified security protocols across all of decentralized finance (DeFi). The incident highlighted how vulnerabilities in centralized parts of these systems can still cause major problems, even in platforms designed to be decentralized.
Summary
- Curve’s Michael Egorov says many DeFi hacks stem from avoidable centralized weak points.
- He cites the KelpDAO rsETH exploit and Aave’s response as a systemic warning.
- Egorov wants Ethereum and Solana foundations to help lead common security standards.
Michael Egorov, the founder of Curve, is urging the DeFi industry to create common security standards. He believes recent hacks were preventable and stem from centralized weaknesses within systems that are meant to be decentralized.
Egorov explained in a lengthy post that many security problems in DeFi happen because systems rely on single, vulnerable points of control. He believes teams should build systems *without* these weaknesses from the start, instead of trying to fix things *after* a security breach occurs, which harms the entire industry.
I firmly believe that Decentralized Finance, or DeFi, represents the future of our global financial system, and that’s why we’re focused on it. However, we’ve recently seen a huge number of hacks that could have been avoided. These hacks almost always stem from centralized weaknesses within these systems, and they’re seriously harming the progress of DeFi.
— Michael Egorov (@newmichwill) April 21, 2026
These remarks come after a recent security breach affecting KelpDAO, where approximately $292 million worth of rsETH was stolen. The attacker tricked the system using a forged message sent between blockchains, then used the stolen funds as collateral on Aave, which worsened the financial impact due to the interconnected nature of DeFi platforms.
Aave, rsETH and preventable ‘single points of failure’
KelpDAO experienced a security breach because its messaging system, provided by LayerZero, relied on a single point of failure. Specifically, Kelp used only one DVN verifier without any backups, which is a vulnerability that the founder of Shade, Egorov, believes should be avoided in today’s decentralized finance systems.
As an analyst, I observed that after successfully pushing through a fraudulent message, the attacker exploited Aave V3 using rsETH to borrow significant amounts of wrapped ether. This immediately caused a massive wave of withdrawals – over $10 billion – as users lost confidence and rushed to secure their funds. Aave responded by halting trading of rsETH on both V3 and V4 to limit potential losses.
Experts believe the Kelp incident caused roughly $293 million in losses across the industry. As a result, nine related platforms stopped or limited activity involving rsETH, and Arbitrum’s security team took control of approximately 30,766 ETH connected to the person responsible.
Egorov explained that this situation shows how seemingly decentralized systems – like lending platforms and automated market makers – can still rely on central points of control, such as bridges, data feeds, and administrative keys, even if the core code itself is open source and checked for security flaws.
He also mentioned past incidents involving bridges and liquidity, like attacks on CrossCurve—a system built with multiple security layers to prevent single points of failure—to illustrate how the way these systems are designed can determine the extent of the damage when a problem occurs.
Egorov suggests that developers, security experts, and those who assess risk should collaborate and share proven methods for securing decentralized finance (DeFi). This includes things like verifying transactions across different blockchains, setting limits on transaction speeds, establishing secure multi-signature policies, and implementing emergency shutdown mechanisms. The goal is to create a common set of DeFi security standards that can be used consistently across all blockchains.
He proposed that the Ethereum and Solana Foundations collaborate on developing guidelines. While not official rules, these guidelines could serve as a standard for developers, making it more difficult to create systems with easily controlled, centralized weaknesses.
According to one industry analysis, recent incidents like the rsETH exploit and the problems it caused for Aave are reinforcing the idea that DeFi isn’t solving the problem of centralized weaknesses – it’s simply recreating them. This threatens DeFi’s promise of being a more reliable and transparent alternative to traditional financial systems, which are often unclear and prone to failure.
Read More
- Gear Defenders redeem codes and how to use them (April 2026)
- Last Furry: Survival redeem codes and how to use them (April 2026)
- Brawl Stars April 2026 Brawl Talk: Three New Brawlers, Adidas Collab, Game Modes, Bling Rework, Skins, Buffies, and more
- All 6 Viltrumite Villains In Invincible Season 4
- Annulus redeem codes and how to use them (April 2026)
- The Real Housewives of Rhode Island star Alicia Carmody reveals she once ‘ran over a woman’ with her car
- Clash of Clans: All the Ranked Mode changes coming this April 2026 explained
- The Mummy 2026 Ending Explained: What Really Happened To Katie
- Beauty queen busted for drug trafficking and money laundering in ‘Operation Luxury’ sting
- Total Football free codes and how to redeem them (March 2026)
2026-04-21 20:58