TL;DR:
- Curve Finance’s founder questioned DeFi security standards after the sector recorded losses exceeding $750 million in 2026.
- Michael Egorov argued that recent exploits are the predictable result of building with centralized single points of failure without adequate planning.
- Egorov called on the Ethereum and Solana foundations to develop shared security principles for the entire ecosystem.
Last weekend, many users were unable to withdraw their funds from Aave. Not because the protocol had been compromised, but because every layer of the stack —Aave, rsETH, LayerZero— pointed to the next one as responsible. Nothing failed, yet users still couldn’t access their money. Faced with that scenario, Michael Egorov, founder of Curve Finance, issued a statement calling out the DeFi sector.
Egorov’s position goes beyond the specific exploit on rsETH. His argument is structural: the more than $606 million in losses recorded in April 2026 alone —including the $292 million exploit on Kelp DAO and the $285 million Drift exploit— are not bad luck. They are the direct consequence of an industry that accumulates centralized single points of failure without evaluating what happens when one of them collapses.
So let me start. DeFi is the future of the World Financial System. That's my belief, and this is why we are here.
This amount of absolutely preventable hacks we see in DeFi (with root causes attributable to CENTRALIZED points of failure) is enormous recently. This damages out…
— Michael Egorov (@newmichwill) April 21, 2026
DeFi Must Take its Role More Seriously
“All problems like this must be prevented BEFORE they happen, not AFTER,” the founder wrote. “The number of single points of failure should be reduced, not increased. When those points are unavoidable, trust must be distributed.”
His distinction is crucial: Egorov is not asking the DeFi sector to abandon its decentralized nature. He is demanding that it take that nature seriously.
The Ethereum and Solana Foundations Need to Step Up
Egorov explicitly called on the Ethereum Foundation and the Solana Foundation to convene the projects within their ecosystems in order to develop shared security principles. Those principles should cover how to build securely, how to verify security, and how to correctly configure the infrastructure that other protocols depend on.
He also noted that the industry has something to learn from traditional finance, which has spent decades managing centralized points of failure and developing frameworks to protect them.
When a follower asked whether Curve would publish its own standards and risk management practices first, Egorov replied: “The ruleset needs to be formalized, but yes, it’s possible.” The protocol could become one of the first major DeFi market players to publish its own security criteria —a first step toward the collective framework its founder is calling for.
