Bankless - The $280M DeFi Exploit That Changes Crypto Forever | Dan Elitzer & Odysseus
Episode Date: April 23, 2026A $280M DeFi exploit exposed the hidden fragility of crypto’s most trusted systems. Dan Elitzer and Odysseus break down how the attack happened, why bridge risk and protocol composability made the... damage so severe, what Arbitrum’s intervention means for immutability, and why DeFi now needs an aerospace-grade security mindset to survive the AI era. ------ 📣SPOTIFY PREMIUM RSS FEED | USE CODE: SPOTIFY24 https://bankless.cc/spotify-premium ------ 🔮POLYMARKET | #1 PREDICTION MARKET https://bankless.cc/polymarket-podcast 🦊 METAMASK | DOWNLOAD NOW https://go.metamask.io/BL-Pod-Download 🌐BRIX | EMERGING MARKET YIELD https://bankless.cc/brix 🧭OKX | TRADE, EARN, PAY https://bankless.cc/OKX 💰NEXO | YIELD + CREDIT LINE https://bankless.cc/nexo 🎯THE DEFI REPORT | ONCHAIN INSIGHTS https://thedefireport.io/bankless ------ TIMESTAMPS 0:00 Intro 0:57 Worst DeFi Hack Ever? 7:01 What Happened? 10:11 How Sophisticated? 11:42 Explaining the Hack to TradFi 16:51 Who’s to Blame? 22:13 L2 Architecture Consequences 28:17 How Does it Get Resolved? 31:46 Circuit Breakers & Rate Limiters 34:05 AAVE V4 34:51 Arbitrum Intervention Implications 42:02 Code is Law vs Human Governance 51:59 Stage 1 vs Stage 2 Rollups 55:29 Post-Hack DeFi 1:03:05 Aerospace Level Security 1:09:49 Will DeFi Survive? 1:14:33 Closing & Disclaimers ------ RESOURCES Dan Elitezer https://x.com/delitzer Odysseus https://x.com/odysseas_eth Odysseus Article https://x.com/odysseas_eth/status/2019833220431507504 Phylax Systems https://phylax.systems/ ------ Not financial or tax advice. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
Security is not an issue in Trotify more than it is an issue in, you know, most other services
because of the long settlement, right? You can go back, as we said. Do a couple of meetings,
pay a couple of, you know, millions or tens of millions, but you can fix the damage.
In crypto, a hack is a physics event. It's closer to an aerospace, right? Because if you have
an issue in an airplane, people die. In crypto, okay, if you have an issue, people don't die.
but it's still very severe, right?
And you have this irreversible damage,
and now we see it like systemic even.
Bankless Nation, welcome to the podcast.
We're here with Dan Alitzer from Nacent
and also Odysseus from Phylax Systems.
Guys, it's great to have you on,
although the circumstances are not fantastic.
We're talking about a hack today.
How are you guys doing, though?
Doing well. Thanks for having us.
Thank you for having us, yes.
Let me give us a sit-rep just so we can kind of just move
forward through some of the details and then we'll kind of dive in a little bit deeper on
some of the important details here. So April 18th, we had a hack in Defi, likely North Korea's
Lazarus Groups, kind of who everyone is assuming is behind this attack, exploited Kelpdao's
layer zero powered bridge to create 116,000 RS-Eth tokens, that is the restaked East token out of
Kelpdao without any backing. So extra tokens minted, they then deposited those tokens into Avevvvv.
across Arbitrum and Ethereum Mainnet to borrow $236 million in wheat.
So unbacked RS-Eth tokens deposited into ABE allowed them to withdraw real ETH from the AVE system,
leaving AVE with about $280 million in bad debt that it cannot recover.
As a result, some panic withdrawals have followed $5 billion in ETH outflows,
with Justin Sun pulling out $150 million just alone.
In response to this attack, Avey paused the RS-Eath markets,
and the weath reserves across multiple chains
just to kind of constrain the damage.
Now it's got $180 million in bad debt.
The TVL and Ave plunged from $26 billion
to $17 billion, kind of as like panic withdrawals,
happened.
Interestingly, turn of events,
the Arboretum Security Council
recovered $70 million in Eath
in a pretty unprecedented violation of chain state,
basically seizing the stolen assets by Dow governance vote,
kind of opening up Pandora's box
about what immutability means on layer two's.
there are a ton of conversations that kind of sprawl out from this.
And maybe just to add some context,
this hack doesn't actually even break into the top 10
in terms of dollar value lost,
but it seems that this hack is a top three,
if not a number one hack,
in terms of just this significance of some of the implications
of the future of the defy industry
and the security of on-chain assets.
Dan, I want you to check me in that statement.
and talk to me about why this event specifically,
why this nature of this hack is so significant for the state of defy?
There's a number of reasons.
I think one is that we're seeing such major protocols.
I wouldn't help actually had a lot of value in it,
but layer zero is widely used across the ecosystem.
And AVE is frequently held up as one of the most trusted names in Defi,
obviously the largest in terms of TVL.
And so to see them affected in this way,
exploit really shakes people. And I think it also is really significant because this is due to
the composability that we've all been so excited about with Defi. And here we're seeing the downsides
of composability when you have not just ETH, but you've got like staked Eith in a liquid staking
form, deposit into Egan layer. So it's restaked there. You've got a liquid restaking wrapper. You're
bridging that to other chains. You're using that as collateral. It's,
you've got these levered loops going.
There's just so many things happening here.
And there's a lot of things that had to go wrong for us to be in the state.
A lot of people have been playing the blame game saying, like, you know, who's responsible here?
And I think the answer is if any of these parties had been more buttoned up, everybody from Kelp to layer zero to Avey to Avey to Avey borrowers, potentially even the EF, like there's so many different places that you can point.
fingers, but if anybody had really, really done their job, the damage would have been less than it was.
When the market pulls back, most people just wait. They hold cash, hoping things stabilize.
But there's another move, and that's where Nexo comes in. Nexo is a platform built to help keep your
digital assets productive. You can earn daily interest on supported crypto assets through their
yield product or get funds through a crypto-back credit line without having to sell any of your assets.
So if you want optionality, Nexo gives you both size of the equation. You can put your assets to work
or borrow against them when you need flexibility.
Nexzo has been around since 2018
and has over $8 billion in assets on the platform
and it's paid out more than $1.3 billion in interest to clients globally.
So if you're a new U.S. user,
there's a welcome incentive waiting for you when you sign up.
Check it out at the link in the show notes.
And as always, this is not investment advice.
In 2024, emerging markets generated over $115 billion
in annual yield for investors,
with yields ranging between 10 to 40%.
These are some of the highest, most persistent yields on earth.
Earth. The problem, Defi can't access them. Bricks changes this. Built on Mega-Eath,
Bricks takes emerging market money markets and sovereign carry and turns them into composable
primitives you can access straight from your wallet. While defy investors earned 3 to 6% on
stable coins and T-bills, institutions have been harvesting 10 to 50% yields backed by sovereign monetary
policy. Bricks connects these worlds with institutional gray tokenization, local banking rails,
compliance across jurisdictions, and real-time stable coin settlement. Bricks does the heavy lifting
so Defi can finally access real collateral and structured products on top of real world yield.
Even the best carry trades can be within reach.
Bricks brings DeFi's promise to the emerging world and brings the emerging market yield to your wallet.
Let the yield flow with Bricks.
Some exciting news.
We are launching a new podcast to help people figure out the crypto cycle, how to navigate it.
The best crypto cycle investor I know, his name is Michael Nato.
He runs the Defi report.
This is the guy that sent me a sell alert before the 1010 price drop happened.
His cycle analysis has been absolutely on point.
I've been following him for years.
And this year, we started recording weekly podcast episodes.
Each one we get into his portfolio, what he's holding, the market structure, entry targets, fair market value of Bitcoin and Ether.
And where we are in the cycle, there's new episodes that are released every Wednesday.
They're 30 minutes.
They're short.
They're punchy.
I think this crypto cycle is harder to navigate than most.
So let's do it together.
Go subscribe to this podcast.
Search the DeFi report.
wherever you get your podcast, YouTube, Apple, Spotify,
or find a link in the show notes.
There's a new episode waiting for you now.
Yeah, there's also just a nature of just like the level of sophistication
because it required the threading of a needle across like three needles, right?
You needed to have exploited layer zero,
and then that had to align with the risk management in Avey
and also with Kelpdow's utilization of layer zero.
All of these things kind of had to align,
and then for the attacker to attack all of them at once.
Odysseus, maybe we can get in.
to what I hope is like the most technical part of this episode,
but also keeping at high level because me, Ryan,
we're not technical.
We have a lot of non-technical listeners.
So while also doing a technical job, keeping at high level,
can you just inform us about how this exploit actually happened?
How did this work?
Yeah, so we're still getting information.
We still don't know how the attackers were able to actually get access to layer zero systems,
but they seem to be able to have pretty deep access into the systems.
And what they did basically was to replace the RPC nodes they have deployed with a malicious RPC node,
which showed fake data, right?
And this fake data were piped into the validator network, which was not a network,
which was just one node, was a one of one.
And basically on this fake data, it said, oh, there is a deposit on unit chain of this amount of restrict eth, of kelpdows if.
So what I should do is to send a message.
to the receiving end on Ethereum
through withdrawal now
the eth, right? So on the receiving
side, it received this message,
validated it, and then
released all this
eth that were then used
in AVE to be able to exchange them
for ETH, right?
Well, to be very clear, released the RSEath
so the RSEth could be deposited
in DaVe. Yeah, exactly.
Yeah. Okay, so
layer zero, cross-chain
messaging protocol, part
of this industry is we have networks upon networks. You want these things to kind of like work
as a seamless experience. Layer Zero is in pursuit of that allows for messages to be passed
across chain and from the user experience that it looks like assets can go across chain because
layer zero will lock up assets on one chain, mint IOUs on another chain. And so far as
layer zero protocol works, those IOUs are equivalent if in the best case. That part is what failed.
and then you also, Odysseus, you said the DVN, the one of one, there's the layer zero protocol,
and then there's like a surrounding validator layer, validity layer, that audits everything and
passes, you know, verification saying like, hey, this is working as intended.
That surrounding layer is what got exploited.
It should have said, hey, this is not working as intended, but it's instead, because
there was weak security, Kelped Dow only used one DVN, that one DVN, that one DVN,
was the target of the exploit and the DVN passed a message of, you know, thumbs up when it should
have passed a message of thumbs down, which is what allowed North Korea to withdraw excess
RSE tokens that it shouldn't have. All of this checks out, right? Yeah, exactly. How sophisticated
was this exploit? Like, in the grand scheme of how difficult it was to do, the number of moving
parts, how difficult of an exploit was this? Probably one of the most sophisticated
Exploids we have seen, I would say, the level of access they had into layer zero systems,
because not only they replaced the, you know, the RPC nodes with a malicious version,
but after performing the attack, they also replaced them again with the original binaries.
And also they basically cleared up all the evidence in logs such that the alerting systems
of layer zero would not go off, right? So it's a very sophisticated attack because of the level of
access they had. It's actually very scary. And what are the takeaways? What do we
need to know because it's so sophisticated, what lesson does that teach us or what worry should
we have? I think as at the space, we have focused a lot on the smart contract level security,
which has a lot developed and I would say we're in a very, we're in a good spot in terms of
sophistication as, you know, the previous bridge attacks were smart contract level vulnerabilities.
But now with this attack, with drift before, we're actually seeing the social layer being
the actual attack vector where they
manage to get access to people,
their computers, and
through the, probably through
to the systems, right?
So it's the human link
that is actually now the weakest.
As you guys were talking about that,
like, you know, David, you're talking about this
and Dan and Odysseus and
we were saying we have got Kelpedow
and we've got Layer Zero and we've got RSEath
and the RSEth was the thing that was hacked.
It wasn't Eath.
I'm trying to like,
it's so much to track, right?
So even for myself, being just like ameshed in Defi,
it took a little bit for me to put together all the pieces.
I'm wondering, how in the world would you explain this to a Normie?
How would you explain this to like your parents or your grandma in terms of what happened?
Because something like this is inconceivable in Tradfai, right?
It's almost like you'd have to explain and you have to say, okay, mom, dad, so you want to know what happened to this, defy?
imagine Bank of America.
They have a balance sheet
and they have a bunch of
mortgage loan obligations
and a nation state like North Korea,
Kim Jong-un was able to reach in there
and steal all the houses.
And so a portion of their debt
on their balance sheet was bad debt.
You know, $280 million worth.
And that's the problem we're facing.
We've got kind of a balance sheet issue.
You'd have to explain it like something like that
because this just can't happen
in TradFi. I'm almost asking for like, what's your best explanation of what happened to a normie, Dan?
Like, how would you tell this to someone on the street that's just like, oh, I heard there was a hack in Defi and it was
kind of bad. What was it? Can you explain this in simple terms? Yeah. I mean, I think you, honestly,
you really can't. That's the main issue here. Is it like, it's not understandable by Normies.
I do want to push back a little bit on the idea that like this is inconceivable in Tradfif.
We've also seen massive levels of fraud in Tradify and even things like the Swift network, right, for transferring money where we had that case where I think it was the Bank of Bangladesh.
There were all these like fake messages to the Fed trying to transfer like a billion dollars doing that.
We have absolutely seen incredibly large compromises and issues in the traditional financial system as well.
The difference, and I think Odysseus did a great job calling this out, is that.
this is fundamentally different in that when we mess up in Defi, the money is gone.
And with the possible exception of things like the action, the arbitrage from Security Council took,
where we're able to fight back in some cases, there's, I think, a lot of pros and cons to actions like that that we need to talk about and go deeper on.
But in Tradfai, there's potentially at least a window of recovery and correction.
and here where it's also really bad is the trickle through to individual users.
So frankly, we just need to fix this.
We need to, I think, every single party involved and not just involved here.
Across the ecosystem, everybody needs to step up their game because, yeah, it was
layer zero and Kelp Dow and Avey involved this time.
There are absolutely things they could do better, but I don't think there's any team
in the ecosystem that could say
nothing like this could ever happen to us
so we just all need to level up.
And that's the answer.
It's like it just needs to be safer
so that we can have grandma use it
and not have to understand these things
because these things really aren't possible
because of the layers of security
that we build into the system at every level.
And that's what I mean by this being inconceivable and trad-fi.
It's not that fraud doesn't exist
or bad assets that aren't really backed
in the way that we think they're backed it.
You know, that stuff all exists and stratify.
What doesn't exist is instant settlement and bearer assets that once you take them,
they're gone.
So even the example I gave of, you know, suddenly all the North Korea stole all of the mortgages.
You can't really steal a mortgage.
It's just like an IOU.
In this case, they're literally, it's like they're literally stealing all of the assets.
They're literally stealing all of the houses.
So Odysseus, I know you've thought about this.
You know, how would you underscore for people outside?
of defy and crypto, how this is different than TradFi?
Well, in crypto, you know, a transaction, a hack is a physics event.
I think it goes back to whether you can club out or not, whether you can undo history, right?
The main difference is that in Tradfi, you can have all these issues, but at the end of the day,
you do a couple of meetings.
It's expensive, but because of this long settlement, you can sort of circle back and fix it, right?
here you can't.
The ledger is a truth and the ledger is immutable by design.
So this amazing thing that brings the capital efficiency,
which is why Tradfi is adopting crypto,
is because it's more capital efficient,
is also the same thing that creates these problems right now
and so much pain, right?
It's like a double ed sword.
I want to ask another question because we mentioned three parties in particular,
and maybe there's more than three involved here,
but we mentioned layer zero,
We mentioned AVE and we mentioned Kelpdal
and they're the protocol group behind the RSEath
that was actually minted and actually stolen and taken.
So there's been a lot of blame going around.
And I'm curious from you guys, like,
who's responsible for this?
Whose fault is it?
Everybody's, right?
Everybody involved has some amount of fault.
Where should the buck stop?
I think that's for each of them to individually determine.
So within, I think the big question has been the kelpdow team basically has the ability to decide,
hey, we've got this eth backing.
Are we going to treat the bridged RS-Eath and the native RSEth on Ethereum as exactly the same
and give everybody equivalent haircuts if we need to haircut this?
or are we going to say that really this was a bridge exploit,
we're actually going to push all of the haircut to the L2s
and say that we're going to fully back the L1 RSETH,
and that has ripple effects for A in terms of how they need to handle this.
What I will say is we're all speculating right now.
None of us, as I believe, are in the rooms where there are, I'm sure,
negotiations and deals and capital injections and things like this that are being discussed.
I think it's unfortunate that whatever those discussions are taking as long as they have,
but I do expect that at least a couple of the parties involved will have some form of
deal or injection or negotiated thing happening to help them be less impacted, but they're
ultimately responsible for their own users and the decisions that led to those users being
hurt. So everyone's at fault, but I wonder if we could be more granular because they're at fault in
different ways, I would say, right? So I'm going to simplify this and then you guys, you know,
correct me or tell me where I got things wrong, right? So obviously layer zero, they got infiltrated
somehow. So whether this was some kind of a sophisticated nation state social engineering hack to,
you know, give North Korea access their servers, you know, there's obviously an issue there.
They also let their customers configure things in a way that was like a one of the, you know,
one DVN kind of validator.
I mean, that shouldn't have been
the default configuration.
There were some security issues
with respect to that.
So there's a set of things
that Layer Zero could have done differently.
Kelped out, to your point,
I suppose they shouldn't have configured things
and trusted Layer Zero in the way that they did
without really investigating,
okay, like, how could this bridge fail?
And in what ways?
Because ultimately, it's their customers
that were affected, all of the RSEath holders.
And then I guess on the AVE side, they let this collateral into their global shared risk platform for all collateral.
So they looked at RSETH and they didn't discount it from a risk perspective in the way maybe they should have.
Maybe they let too much in, for instance.
Maybe they didn't assign a risk profile that would say like, okay, this is significantly more risky because we've daisy chained all of these different bridges and layer two together.
It's more risky than just plain old vanilla wrapped teeth,
which is what a lot of their depositors actually have as wrapped teeth.
So AVE should have risk assessed this more, layer zero,
should have had more security, better defaults,
particularly with this amount of money.
Kelp Dow shouldn't have used layer zero in this way.
Is that roughly fair in terms of Odysseus
where you design the detailed blame here?
I would totally agree with how you position
it is, of course, layer zero got infiltrated.
It's problematic that we're suggesting default configs
that were not secure enough.
My assumption is that, you know,
they want to allow their customers
to go to market very quickly
and as, you know, easy as possible.
So they were, you know, doing that
and then they never circled back
to these default configurations as the team grew
and their ability to execute better grew.
They didn't circle back to say,
okay, now we need to step it up, right?
because they were offering it as a service, right?
It's not Kelp Data who's running the servers, right?
And then Kelp, of course, should have investigated or understood better.
And I think that's, there's like, I think two reasons why bridge hacks have historically
being the worst.
On one side, you have bridges being a huge pile of money sitting in one contract.
But on the other side is that the mental models are very weird.
It's not easy to reason about IU's and, you know, where, where, where,
the attack vectors are and who you need to trust, which I think also is what resulted to
have maybe not a risk assessing it properly. I'm sure that for a lot of users, they don't know
they have IOUs. There's another party that maybe we can assign some blame, or maybe this is a
system or structure problem. And you just mentioned that so many of these are bridge hacks, and the
thing that we just saw this week was yet another bridge hack. Maybe it's the fault of the architecture
and the system that we've built on top of defy and Ethereum
that we have to depend on all of these bridges in the first place.
And you could say, and I've seen some make this argument,
that this is downstream a result of the layer two roadmap, for instance,
where the hack didn't happen on layer one main net.
It happened because we had bridges to different L2 type systems.
And you could also say, well, maybe it's the fault of the technology.
We've relied on these optimist.
roll-up seven-day withdrawal-type bridges.
The U.S. and the friction behind that has been so terrible that we've had to rely on.
Maybe I'm oversimplifying this, but like multi-sig style, weaker bridge type configurations
of the type that layer zero put in place.
And we just had to do that or else what, or else defy wouldn't grow, or else we'd have
no new users.
And that was downstream of Ethereum layer one, not having the technology or a scaling strategy.
And so we've pushed things into more rickety.
less secure solutions just for UX and for users.
Do you think that's a credible charge that just like the architecture is to blame here?
Yeah, I think it's just a result of the same reason why relops are not great, the same reason
why bridging sacks, why even a counter-abstruction is not great, is because the protocol was
unable to coordinate and make decisions about these things, right?
And it just passed back to the app layer to coordinate and then things had to be bolted on
in weird ways, right?
And because the protocol couldn't offer better assurances,
people just regressed to the quickest, easiest, cheapest,
better U.S. solution,
which is you just have a multisic that decides things, right?
I want to push back a little bit on the blame here going to the architecture.
Like, could the architecture have been better to give us better options
within Ethereum and Ethereum's L2 ecosystem?
Absolutely.
But I think it's also unrealistic to say that we're going to have,
even if we, Ethereum had executed perfectly, right?
We scaled L1 much better.
We actually have canonical bridges with all these L2s on Ethereum and like we got all the stuff
we want from that roadmap.
There are still going to be other chains, right?
There are, there's too much incentive to have multiple L1s that are making different design
tradeoffs and different go-to-market trade-offs, different trust trade.
rate-offs, and because we're going to have meaningful assets on multiple chains, there's going to
need to be some way to connect those. Could we connect them better? Yes, but it's not all going to
happen natively within one L1 plus its own native L2 ecosystem. We have to have solutions that are
reasonable solutions to use to bridge assets across much more kind of varied chains.
But Dan, doesn't that mean that if we had a environment in which we had real-time ZK proving,
which is somewhat recent in terms of the tech tree that we have in crypto,
but we do have it now.
And the Ethereum Economic Zone out of the Nosis end of things and the Zisk side of things
is like a possible way to have these much more performant canonical bridges
that wouldn't need a third-party bridge.
it would actually be part of the actual protocol.
And so, well, I'll take your point.
No one's just going to stop the perpetual incentive
to build another layer one.
Nonetheless, they're with a real-time ZK-proving ecosystem
inside of Ethereum's own network.
Wouldn't that have actually solved that component
of the exploit stack?
Like the famous Elon Musk quote is the best component is no component.
Yeah, yeah.
But I think even that, though,
it's not guaranteed free from failure, right?
There could be problems in the ZK cryptography
or in the implementation.
Any additional layer of complexity,
more things can break.
And so I think we just need to do a better job
of both pricing that risk that's coming in
and also building in layers of redundancy, right?
One of the things that the Athena team did,
they are also using layer zero.
They have a more secure.
They had a two of two.
they just announced they've updated it to, I think, a four or four when they turned it back on.
But they also had rate limits, essentially.
I think it was like 10 million per hour as the max that could be moved via layer zero across chains.
So there are different things that you can do, rate limits, circuit breakers that say,
we are going to assume at some point any of our trust assumptions can break.
right? And so if you build your system with the assumption that any individual component can break,
and ideally that like maybe two different components, three different, however many components
break, that you still can limit the damage, right? I think everybody has to assume both in the
crypto ecosystem more generally, you are going to get hacked at some point. Some level of your
personal security, your infrastructure is going to get exploited at some
point and you need to have a plan for what to do when it happens and to limit the damage that
can be created in that event. And I think too many teams have been like, we're just going to do
everything we can to like stop anything bad from happening. Guess what? You can't. Something bad is
going to happen and needed to make sure that you've eliminated the damage that will occur when that happens.
Let's talk about who got hurt in all of this and also just the current state of things because
things are not completely resolved as it stands.
So just to kind of list off the parties that are taking haircuts, that's the AVE-E ether
depositors.
There's now not enough ether in the AVEA system to return all the deposited ether to
everyone who deposited it.
So there is some amount of under-collateralized amount of ETH in the Avey system.
R-S-Ether holders broadly, this is the Kelp Dow restaked token.
R-S-Eth is now 15% unbacked because that amount got minted.
or released by the layers of your bridge when it shouldn't have.
There's also the AVE Dow umbrella stakers.
That's kind of like the AVE Insurance Fund.
We don't really know the outcome of this,
but the whole point of the umbrella insurance fund
is meant to insure against bad debt.
Avey now has bad debt.
Likely wiping out the stakers, we don't know how much
or who are the stakeholders who are involved.
That's something that Avey, the Dow's wouldn't have to determine.
Those are all the parties, I think, got hurt in this.
But there's also, there are currently funds stuck in Avey.
So ether, USD, USDT, Tether, utilization in AVE is at 100%,
meaning anyone who's deposited these things cannot withdraw them
because there's not enough assets to withdraw.
There's not enough liquidity for people to exit this position.
My big question, Dan, is I don't know the answer to this.
How does this get resolved?
Like, if I have Ether and AVE, or if I have money in AVE,
how do I get my money back?
Yeah, so right now the answer is like you largely don't.
I think fluid came up with an interesting way to allow people to kind of like swap out and
exit by trading their AWeth for the different backing.
I think they've got W.E.E.E. and some other stuff in there. The way that I think this is
going to get resolved is that there will be some deal cut, some capital injection coming in.
I think AVE does have the ability to recapitalize here. The AVEA token, while it is,
is taking a hit is still quite valuable.
The team is strong experience.
They've got a lot of brand equity and trust built up in the ecosystem.
I would assume that they are working around the clock to cut some sort of deal
to help protect as many of their users as possible.
I don't know when that will be announced, what the shape of it, who would be involved
and anything, but there's no way they're not having those conversations.
When Abe is in trouble like this, it ripples across the ecosystem.
We've seen even other lending protocols, morphos, seen outflows.
I think actually Spark might be the only one with net inflows at this point.
Fluid saw outflows, others.
Like people just are pulling capital back.
When you've got these funds running strategies at size where they're three, four, five X levered on some of these like eath loops and kind of carry trade loops on stables,
this is bad. Everybody wants to get out,
and either we're going to start seeing some liquidation soon
that's going to kind of like forcibly
kind of unwind some of this,
or we're going to see some form of capital injection
and bolstering of trust
because right now what we're seeing is a bank run
and it is having contagion effects across the ecosystem.
I know you just mentioned this, Dan,
but I really want to underscore some of the details here.
The risk parameters that any borrowing lending protocol
should have, we're now using words like circuit breakers and rate limits.
Can we just like emphasize underscore that one more time?
What in the context of defy, in the context of the borrowing lending protocol, what is a rate
limiter, what is a circuit breaker, how might AVE or another protocol implement them?
And I think we're all, as an industry, kind of understanding that this needs to be standard.
Circuit breakers and rate limits need to be standard in protocols moving forward.
Can you just like define these things and why they're so important for borrowing lending
protocols moving forward. Yeah. So for rate limits within a given protocol, you say, hey, no more
than this amount of deposits, withdrawals, mince can occur within X number of blocks ideally, right? Because
we can be a much more certain of blocks than timestamps. And then the idea of like a circuit breaker is like,
hey, rather than a hard limiting saying just we're going to prevent this action, you actually can
have a circuit breaker where it says we're going to pause other functions.
of the contract should we go over those limits within a given time period. And so that's the
difference is like rate limits just like says, hey, you can only take this action up to a certain
volume within a certain period of time. Circuit breaker say if you exceed those limits on the rate
limits, we actually pause other functionality as well. And the very, I think, nuanced thing here,
because we spent a lot of time looking at this a few years ago and trying to come up with more of a
universal circuit breaker system that could be used, you can actually make problems worse in some
cases by having a circuit breaker because you can have parties try to maliciously trigger the circuit
breaker. Right. You get grief attack. Again, given the interconnectedness we see across the system,
yeah, you can start griefing systems or you can be trying to say like, hey, we're trying to
mess with this protocol over here. So we're going to trigger circuit breakers in this other protocol
Also, users can't then like pull liquidity over here to go rescue positions over there.
There are a lot of additional kind of like second and third order effects that you need to think about
when you're implementing both rate limits and circuit breakers.
Dan, would AVE v4 have reduced the exposure here?
It's just like the idea of Avey v4 is you have kind of some separation of risk and pools,
you know, maybe in some way that morpho separates some of that risk.
Would that have helped here?
potentially. It depends on, like, I think AVEV4 has more tools that could have mitigated it,
but again, it comes down to implementation. Layer Zero had more ways that you could have used
their infrastructure to make this safer that then weren't used in this case. So just the mere
existence of AVEB4 would not have lessen the impact here, but it is possible using some of the
tools available on Ave v4, it could have limited the damage.
There's another wrinkle to this story, which has led to a philosophical question for crypto
and to defy.
And that was something that happened yesterday, which we'll call this the Arbitrum recovery.
So there was about 30,000 stolen ether in the hacker's hands on the layer two arbitrum.
So this is Arbitrum 1, of course, so off of Ethereum and on the layer 2.
At some point yesterday, Arbitrum Security Council used emergency powers to freeze and move
those funds to a locked wallet. They didn't disrupt any other users on the chain. They just targeted
this one specific case. They grabbed the funds. They essentially stole from the hacker who had
already stole. So they theft from the thief in order to recover these funds. The implications of this
are interesting. Like, first of all, North Korean hackers must have
have left the ETH on Arbitrum because they thought it was safe. They didn't really think through
that this could happen, that the Security Council could step in. The Security Council itself was that,
is that what's the multi-sig on that? Is that like a 9 of 12 or something like that? Yeah.
So nine of the parties had to agree to make this a regular state change out of 12. And they
got those nine parties to agree and then they executed the method. But essentially, that's kind of like
If 9 of 12 on the Security Council agree, it's kind of god mode over anything that happens
on Arbitrum.
And so there were many who celebrated this as like, hey, we got the money back.
This is fantastic.
We've helped save Defi.
Now, again, this is only 30 million of the $280 million hack.
So it kind of takes the edge off, particularly for the RS-Eath affected users on Arbitrum,
but doesn't completely get all of the funds returned.
But there are many who are celebrating this, of course.
and indeed that's got to be the gut reaction, right?
So somebody stole the money, it's North Korea,
you know, who knows what those funds are going for,
and we just took it back.
One small detail, you said 30 million, Ryan,
70 million was recovered by Arbitrauma Trump
out of the $290 million hack.
I see, yes, yes.
So 30,000, Eth, but 70 million, okay.
And so, and others are saying, well, you know,
I didn't know we had this backdoor.
We've crossed some Rubicon.
Now this is a stage one roll-up, so we know on paper they have this authority and ability,
but now once they've exercised it, maybe they'll be asked to exercise it for all sorts of things.
In fact, I...
Smaller hacks.
Yeah.
Recovered funds.
Recover funds.
Oops, I lost my private keys.
What are the implications do you think for this decision's decision?
And is this what we want from our L2s?
Like, ultimately, in this case, maybe you'd argue that it was a good thing.
but does it have implications downstream?
I think it has, actually.
I think it's a good thing that we did this,
since we have the power,
but it's going to circle back, right?
Because with the Clarity Act,
which was an attempt from the industry,
you know, DC to regulate crypto,
there was a lot of roll-ups that were making the argument
that we should be regulated like Ethereum or, you know,
Salana because of our design, right?
And now they've proven that that's not the case.
and you know there is a lot of people especially in DC that are very anti-crypto we saw that with the previous administration and they're taking notice right they're taking notes and I think when the roll-ups try to make the same argument again this will circle back and this could even get worse if in the next administration we have a much different outlook against crypto which could be very well used to do another witch hunt which was also one of the major arguments
why people were saying that for DRIF, for example,
Circle did well not to freeze the funds.
I also want to make clear it's not just an L2 issue, right?
This, if we start to see a future administration or any government
start to come down, the idea that they could start making demands of note operators on L1
to, you know, not sequence transactions for certain addresses or to all agree to a fork
where there's an irregular state change,
like absolutely pressure could come to L1s as well.
So I think ultimately at the end of the day
for all of these systems,
the ultimate, ultimate, ultimate route of trust
comes down to the social layer.
And so I think we just need to be aware of that.
And I think while I do think that this was a good action
in this case when we view it in isolation,
And I think, you know, were I on the Security Council, I likely would have gone along with this.
I think that a lot of people who are right to celebrate it in the moment, we're going to look back on this.
And it really has the potential to set bad precedence in a lot of ways going forward.
I don't know that given the ability exists that we could have expected them to do otherwise.
but it's, I think we're going to be talking about this decision quite a few times in the years to come.
You would have never thought two years ago that you could soon be trading tokenized oil on Metamask.
But here we are. I've been using Metamath since 2017 and we all remember buying NFTs with it in 2021.
And now in 2026, if you haven't checked in on Metamask recently, let me tell you.
You can trade tokenized stocks, funds, and commodities, along with leverage perpetuels, prediction markets.
And even, yes, you can gasslessly swap between crypto tokens across networks too.
There's advanced security features like MEV and frontrun protection and even a debit card
so you can actually spend your crypto directly at merchants all around the world.
And it's all self-custodial.
Everything you want to trade in one place.
This is the open money future we've all been waiting for.
Check out the new Metamask.
It's already on your phone or in the link below.
Quick shout out to OKX.
They are live in the States building the new money app.
And Wall Street is taking notice.
The parent company of the NYSEE just invested at a 25 billion in valuation and took a board seat.
That's the New York Stock Exchange coming to Chris.
crypto, not the other way around. And why? OKX? It's the only app combining a full centralized exchange
and self-custody wallet in one place. Sex trading, decks access, on-chain activity, all in a
single interface, nor are bouncing between five apps, copying, addresses, or bridging tokens
in separate tabs. They support Bitcoin, Ethereum, Salonet, base, and more. Millions of tokens,
just a few clicks, and an infrastructure that processes trillions in transactions and keeps assets
fully backed. OKX users are set to get tokenized New York Stock Exchange stocks and derivative
later this year.
Tratfi and Defi finally in the same app.
Head to the link in the show notes, download OKX,
and see why it's the NYSE's go-to for going bankless in the United States.
Not investment advice, services not available in New York and Texas.
It seems that though the code is law, like standard,
was never really going to be our future anyways.
And something like this was inevitably going to happen.
we were going to have some sort of state violation,
a chain state violation by some sort of layer two
because they could.
And so I kind of see this as like, you know,
a fork in the road,
but are also like our destiny nonetheless.
And now like it's coming in an era
in which like crypto is entering,
it's like TradFi era.
And, you know,
Tradfi has all of these like legal constraints
because it's, you know,
human governance systems.
And ultimately, at the end of the day,
we have, our layer two's,
have not created like perfect one-to-one immutability
as with the layer one.
And that's where a lot of finances happening.
And so it seems like we're kind of destined for this outcome
where, you know, we got, we did the Codas Law thing as far,
and we took it as far as we could.
And now we are in our human governance controls
over people's assets era, admitting to that.
And we're probably going to be leaning into that moving forward,
because, you know, we had, it's, you know, Theorem's 17 years, 16 years old now.
No, 11 years old now.
That's a different number.
And like we had our chance to make the perfect immutable system.
We didn't perfectly create it.
Maybe we got it at the layer one.
Maybe we don't even want to create it.
Like at the end of the day, I'm kind of saying, like, the best system is the one that does the right thing.
rather than the one that always upholds, you know, code is law.
And I think a lot of people, Ryan's going to throw a flag in a second.
But a lot of people are coming to like kind of terms with that.
It's like the systems that we want are the systems that do the right thing
and doing the right thing requires some level of human governance.
Well, that's the whole thing.
Like who decides what the right thing actually is.
I mean, that's the entire crypto experience.
And here we go with like states and democracies and governance and all this.
But, but, okay, so let me ask you guys this.
Because I think this is worth really, really talking about.
So I think you can run both experiments.
It's fine to have both experiments, right?
So you have some environments.
That's Ethereum 1, let's say, that's Bitcoin, where code actually is law.
And you're playing Diablo 2 on hardcore mode where things happen and it's actually dead.
Everything's over.
If you die, you die, yeah.
Yeah, you have actual bearer instruments.
And then every layer 2 or other chains or assets or smart contracts, they have to make a decision.
They have to either decide that code is law.
or it's not really law, right? They have to either prioritize decentralization or some sort of
intervention. What I think goes away is this messy middle area where we're like, we kind of talk
about decentralization in code is law, but we actually do have, you know, a button that we can
push for emergency situations and reverse certain actions. I think that is untenable. And to be fair,
that's what the stages in L2B are actually for.
You know, you have stage one,
which is you still have a security council.
You get to stage two.
There's no security council, right?
It's kind of much more a code is law world.
But the question for these L2s is,
is that where they actually want to go?
Do we actually want stage two?
Well, do users even want stage two, right?
Because like if I'm a user on Arbitrum,
I'm kind of like, well, I don't, you know,
I'm glad that they did that.
If I'm an RSETH owner on Arbitrum,
it's a feature.
It's not a bug.
necessarily. Now, am I worried that Arbitrum is going to unilaterally, like, you know, steal my,
not really, not so much? So this comes down to user preference and ecosystem preference.
But I think what's going to have to happen is if an Arbitrum decides to not be stage two
kind of fully decentralized and try to match Ethereum, what they're going to have to do is
become a lot more fintech-like in terms of making these decisions much faster and having
escape hatches quicker and having
the ability to fend rules
around these decisions
we're seeing yeah the ability
they need to kind of ramp that up
and have it like automated right
and to publish the rules
like we're even seeing this with USC in circle right now
which is like when does Jeremy Leran circle
decide to like freeze USC or not
like the reaction time is not
quick enough or appropriate enough
to meet kind of the actual market needed
to man, you guys want to say stuff.
So go ahead, Dan.
Well, so I'm in full agreement with you that we need to very clearly define what actions
can be taken under what circumstances.
But it's also great that you brought up, you know, circle and tether right here.
Because the idea that L1 Ethereum is somehow different and is fully code as law, like, no, false.
Like, what if there?
I think it just is you brought this up on Twitter there today.
like what if there's like a compiler bug related to like we've got like wrapped wrap beef being used
like what if there's been around like we get infinite mint on weath like right okay like do we think
there's not going to be a lot of social pressure discussion like hey do we fork to fix this
there's going to be two forks who ultimately chooses the fork i can tell you today if tether
and circle say this is canonical ethereum chain we are we are honoring
UST and USCC only on this chain
not the other one.
Like, I'm sorry guys, like, that's the winning one.
And do they have governments coming
and men with guns saying like, you must choose
this chain fork?
Okay, they're choosing that chain fork.
Like, it's, again, it is ultimately
like social all the way down, even at L1.
It's just the bar for reaching that level
is considerably higher.
The bar being higher, I think, is the key point here
because, like, just because it's all social
all the way down.
Like we're even watching Bitcoin governance elevate Bips
about what to do with Satoshi's coins.
And so even Bitcoin isn't removed
from the same conversation,
but it is a level of like messiness and structuralistness,
the more you go down,
you go down to like Bitcoin governance
and you see just complete chaos.
You go to Ethereum governance,
still chaos, but somehow working.
And then you go to Arbitrum and it's like a 9th of 12th.
And so there is like a gradient of,
of messiness.
And just because it's humans
all the way down,
which I totally agree with,
it doesn't mean we get to just
capitulate to the point
where like, oh, it's all,
it's all human governance
at the end of the day.
But the first two are different, though.
So like in the Bitcoin case
and the Ethereum case,
I would argue that that's kind of like
hard fork governance.
That's partially why the bar
has to be so high.
It has to be something,
to your point, Dan, that's existential.
Now, whether USDC and Tether
withdrawing their support
from Ethereum meets that standard,
I think you'd say it does
because that would wreck havoc
on all Ethereum Defi
and so you'd say that's
existential that would cause a fork.
Others would say maybe not
and that's why there's a fork, right?
Potentially.
But there's no like 9 of 12
multi-sig, do you know?
It gets, it gets,
and the same thing with Bitcoin,
it gets resolved in this messy,
fork-driven governance,
structureless type of way
and that makes it such
that the bar is quite high,
has to be something
existential before you actually trigger that.
But Odysseus, you wanted to chime in.
Yeah, I think it's an interesting observation
is that when Sui had a big hug,
they had a rescue.
Baratain did the same.
And then when the drift hiker,
Hags drift, what did he do?
Or, you know, they do.
They moved to Ethereum immediately.
They didn't stay in Solana.
So it's also very interesting
how they perceived decentralization.
But in arbitrarium,
they stayed for two dates, right?
Yeah, that's interesting.
You think they thought they were safe then on Arbitrum?
Probably, you know, safe and tired.
But yeah.
North Korea was not checking on L2B then.
They had no idea this was a stage one
and that there was a security council.
They probably didn't know what the security council could do
or how quickly they would coordinate.
So this will never work again for an L2 is kind of what that.
will not happen on a layer two anymore.
Because for every L2 that's stage one or under,
the funds won't be kept there.
They'll be moved somewhere else.
Well, this is now kind of like user expectations,
probably on layer twos.
Oh, yeah.
If I get exploited,
even if it's not,
if it's on optimism or base or anything,
like if me,
a Coinbase customer gets my assets exploited on base,
you bet your ass I'm tweeting to Jesse and Brian
to go recover my funds.
And not just tweeting necessarily, right?
there could be some people with stolen assets
who just take this to civil court in some way.
If you have the ability to freeze the money
and refund the funds, you're morally obligated to do so,
are you not?
And then ethically are you...
The game theories of all this right here, right?
The, you know, Lazarus is learning very fast.
They've adapted a lot over the past few years.
And to a disappointment,
like they're going to get the funds off the roll-up real fast.
It seems very unlikely that roll-up teams
would be able to respond faster than what the current expectations are that users have
in terms of the ability to relatively instantly bridge large amounts of funds
back to L1 or to some other chain.
So they're not going to leave it there to be frozen for future hacks.
What do you think the L2s, the big L2s actually do?
Like, for instance, do you think Arbitrum 1 ever becomes a stage 2?
Do you think maybe this is a better question?
Do you think base ever becomes a stage 2?
At this point in time, I just saw the new base update.
I mean, they just communicated that.
Yeah, they're working on that with a new update.
Yeah, they communicated that.
But if you read the blog post, they said, now technically we can do this.
But it's still a matter of them actually removing the Security Council.
And again, is that what users want even?
Is that what, you know, I think it will be a major decision as to whether they actually
remove the Security Council, remove their ability to.
to update the thing
and make it fully decentralized stage two.
Like, I think that there's a pretty good chance
that they never actually get there
because that's just not what the ecosystem
actually wants or needs.
Just wait until the lawsuits start coming, right?
Yeah, I think Coinbase is going to want
the ability to say, sorry, we can't take action.
So you think the lawsuits will push layer two's
to stage two actually?
I think the legal liability is going to be,
the biggest thing that's going to push L2s in that direction
because they don't want, again, Pandora's box is open.
Where do you cut the line?
Is it $70 million?
Is it $30 million?
Is it $10?
Like, I don't know.
Where's the line?
That's what I mean about hollowing out the middle ground here, right?
Because it either pushes you to do like fintech reimbursements, you know, fraud detection,
all of these things and you become more fintechy.
And then you're going to demand more control over your user to
deposits. Exactly. Or it pushes you to go full stage two and hands off. There's no way you can
reverse anything. I don't think stage two will happen. The problem with wide protocols don't go
to stage two, right? It's because Ethereum development is disconnected from roll-ups, right? The
proof system they have is the most complicated part of the whole roll-up design is the thing that
holds them back. It's a thing, it's an insane amount of technical like tech debt and baggage. That's
why they're not fast enough. That's why they're not better, you know, they're, you know, slower than Solana.
And the problem is that with every Ethereum upgrade, most people don't know that, but these
proof systems break all the time. And they break because the Ethereum L1 development happens
almost in isolation from them, right? They, suddenly they have a new L1 upgrade and there is some
very tiny change in the protocol and that breaks the proof system and they have to work two months
to fix it. I think that's the reason why they're not in stage two. And I think they will find other
ways to either not have liability, maybe, you know, Coinbase spins out base. Or they become,
you know, fully regulated and they totally lean into it. But from a technical point of view,
I don't, unless Ethereum and Roll-ups are more enshrined, I don't see them being able to get
to stage two. Like, it's technically infeasible. That's fair. Guys, I don't, you're the host to
tell me if you want to go a different direction, but I'd love to talk about like practically,
Where are we at and what does this all mean for builders, for users?
Because I think we're in a very interesting interim phase, right, in the evolution of the industry
and in the development of technology that we're seeing right now.
Yeah, let's do that now because to your point, right, so I think for the average defy user,
the average person that's in the bankless audience, you know, trying to actually go bankless,
they're a little scared right now, right?
And that's why you've seen some of the defy withdrawals.
You've got AI with mythos and with all of this cutting edge thing
that seems to give black hats and hackers some sort of advantage.
And maybe they're adapting faster than white hat and crypto can kind of adapt to it.
So you've got this uncertainty with AI.
And then you've just got this slew of hacks.
And I'm not sure if it's been larger than previous years.
I've looked at some data and it's just like last year was kind of larger,
you know, by this time, but some pretty large hacks at Blue Chip, AVE, you know,
the EF just came out with a post recently, or Vitalik just called AVE Safe Defi. Hey, we can finally
get kind of close to risk-free yields, right? And that turns out not to be the case.
So users in Defi are scared. So yeah, Dan, what do we do? What are the lessons?
What are the takeaways? Where do we go from here?
Well, I think first I want to just stage set and that it's not just about Defi.
I think for everything digital,
like we are in like the probably 12 month period
of max danger
because we are now seeing AI systems at a certain level
and not even like the mythos models,
but like the current generation models,
when you put them into the right harness,
they're able to find insane zero days,
not just in smart contracts,
but in traditional like Web 2, like operating systems,
browsers, like all of these things.
It is really, really scary, what is possible now.
And luckily, that's mostly concentrated in the hands of, I think, some of the good guys.
But as we've seen the open weight models that are going to be like, you know, fully open and people can use them for whatever they want, those are maybe six months, maybe 12 months at most behind.
So we're in this period where we have all these deployed smart contracts.
We've got all this deployed just like Web 2 infrastructure that was built and tested and secured under.
human security assumptions for how you can go about securing that.
And so there's a lot of vulnerable shit throughout the stack,
sorry, that is just out there and live right now.
And so we have to, like, there is a race right now
between the white hats and black hats in terms of who can secure existing systems faster.
Once we get into 2027 and beyond,
all systems that are deployed going forward are going to be like rigorously
superhuman tested and secured both up for,
and an ongoing basis by best in class,
kind of super intelligent security models.
So this period until we get to that point,
we've kind of cleaned up all that backlog,
is the period of max danger.
What do we do?
We go kind of like old school on this.
It is the rate limits.
It is the circuit breakers.
It is just defense in depth on everything.
Think about every layer of your stack
from smart contracts to,
front ends, DNS records, individual employee and workspace accounts, your physical hardware,
using isolated hardware for security critical actions, do like multiple channel confirmations
with the other people that you need to coordinate with to take these secure actions.
Like all of the things do them.
Now is the time where you need to step up and make it happen.
This goes for every organization in crypto especially.
anybody who is building anything in the digital world, which is like everybody.
One thing I was hearing from Justin Drake is about the implications of the Ethereum
protocol architecture with a multi-client design.
Ethereum has four or five running clients, Swiss cheese model, a bug in one client doesn't
show up.
And another client, meaning that there's not one exploit that can take down Ethereum because
of the level of redundancy.
He was saying that in a post-AI world, post-mythos world, it's actually likely that
Ethereum collapses down to one single superhardened client built by AI, formally verified by
AI.
So rather than having multiple clients, we just have this one absolutely just rock solid client.
And this is, so like Ethereum at the client level is going to be rebuilt.
We're also rebuilding Ethereum with the lean chain anyways.
It seems like we're rebuilding basically the internet because all human written,
software is kind of now like analog in a sense.
And we need to move to like what is the new digital.
And new digital is now written by AI, not written by humans.
It seems like the entire internet is going to get rebuilt.
Ethereum being no exception.
But also that means that defa is also kind of going to need to be rebuilt from the ground
up with AI, formally verified, and maybe just architected differently,
rather than the shared liquidity models of AVE, you have the,
the more segregated silos of morpho.
Dan, what do you think about, like,
just the architecture difference,
the new age requirements of defy
in terms of architecture as we move forward?
How will defy be impacted?
Yeah, I mean, to be honest,
I think some of the insights with layer zero
is like it's not the wrong approach
to have kind of limited, modular,
permissionless infrastructure.
We just need to raise the standards
for how that infrastructure is then deployed
and maintained.
And so to the point about like Morpho,
I think these isolated models,
which Ave v4 also moves in that direction as well,
I think we need to break it up
so you can like limit the collateral damage
around any type of exploits that happen,
but we need to do a better job
setting the defaults really high
in terms of security that we do around each of these modules.
Right?
I was talking with the Morpho team and others
and then like, okay,
how are we continuing to level up
security. And I think one of the things that you do is the morpho markets at the base level,
incredibly minimal, but then you need to think about, okay, let's be really clear about the Oracle
and how the Oracle is being set up and using that in that module. Okay, now let's look up at the
vault and the curators there, right? You can't really rate limit or circuit break morpho
markets, like that's just not part of it, but you can rate limit or circuit break around the
vaults and how they reallocate between markets. You can make sure you don't have a lot of
excess liquidity sitting there in markets waiting to be borrowed in the event of an exploit. So you can be
sitting maybe in like kind of wrapped treasuries or something like that in the meantime. There are all
sorts of different things that you can do to limit blast radius. And I think that's what's going to
be done is you don't want big monolithic pools where a lot of capital sits. That's monolithic
the blending pools, that's bridges, and to the extent that you want those things in the market,
which I do think we do. There's a lot of demand for those for good reasons. We just need to layer
additional protections on top of those so that you're still going to be exposed to a lot of
different risks, but you can limit the damage should any of those risks come to fruition.
ODCSU wrote an article that was written released yesterday, I believe, titled CryptoSecurity Needs an
aerospace mindset.
Maybe talk to us about just like the,
what you're advocating here in this,
this article, because you're advocating for kind of just like a regime
change in what it means to be a defy builder.
Talk to me about the contents of this article.
This wasn't released yesterday, was it?
This was released in February.
Oh, really?
Excuse me.
Well, I read it yesterday.
Yeah.
Yeah, I mean, it goes, you know,
the core point is what we made at the start of conversation,
which is in TradFi,
crypto is finance, right?
So naturally we take a lot of mental models
from traditional finance
and we apply them in crypto.
And for most things, it works, right?
It's a vault is really like a hedge fund, right?
A curator is really a fund manager.
But security really doesn't map out very well
because security is not an issue
in Tratify more than it is an issue
in, you know, most other services
because of the long settlement, right?
You can go back, as we said.
Do a couple of meetings, pay a couple of millions or tens of millions, but you can fix the damage.
In crypto, a hack is a physics event, right?
It happened.
It's closer to an aerospace, right?
Because if you have an issue in an airplane, people die.
Right?
In crypto, okay, if you have an issue, people don't die.
But it's still very severe, right?
And you have this irreversible damage and now we see like systemic even, right?
It's this isolated event with layer zero and Keppel ended up becoming a systemic risk
and a systemic incident for the whole of crypto.
So I think this is the change in the mindset where security needs to be as if our life depends on it.
Because as we see, it does.
What does aerospace do that we can adopt?
They just have very concrete gates.
Like failure is not an option.
Right. So formally verifying systems, having systems that are extremely simple.
Simplicity is directly correlated with security. It means that you can understand it. You can audit it. You can formally verify it.
And basically you have a lot of stages where you want to make sure that failure is not an option.
The system can't fail. And if it fails, it's isolated to that subsystem. And you have multiple systems for redundancy.
Yeah, redundancy. I think that to me is also one of the big things here.
is that we need to make sure that if anything breaks,
there's something else behind it to catch it.
And I know that like, you know, Fileax with your kind of credible layer,
this is one of the things that you provide.
And that I think there's a number of solutions
that are starting to come out with this mindset
to think about, okay, we can trust the curators.
We can trust the people who are choosing default settings
and what are the different parameters
we should have in lending markets,
things like that.
Okay, how do we actually make sure
that it's not just them saying
they're going to do this
or just doing it within a certain module on chain?
Can we create additional systems on top
that essentially recheck these values
that are critical values
from a different perspective
or a different validation point?
I think that is really important.
because the more you can have systems that either one of them can block bad state from occurring in contracts,
that is what's going to give us that next step function improvement in terms of the security that we can
promise to users.
Edisius, is that what the credible layer does that Dan just mentioned?
What does Phyllis do on that?
Yeah, so we've built effectively a very powerful circuit breaker that allows protocols to
to do runtime enforcement.
So we enforce certain checks
during the transaction
as it's added to the block,
effectively making sure that
bad states or bad outcomes can't happen.
Failure is not an option in these systems.
Like that's the new mindset.
Because so far we say,
oh, we did, it's a process-oriented mindset so far.
We say we did audits, right?
Or we did testing.
We focused on the process,
but nobody is really saying
that the failure is not an option.
If you see audit
never take liability.
Protocols never take liability.
All the terms of service,
they say this is alpha software,
experimental software,
use it at your own risk.
The whole of crypto is built
on the assumption
that nobody is liable about anything.
When you talk about coding up
that it doesn't allow for bad outcomes,
how do you actually define
what a bad outcome is in the system?
It's a bit technical.
But effectively, you know,
the EVM is constrained, right?
Naturally.
So we have created
an extension of that in solidity, so it's approachable by developers that allow them to define
constraints, to define outcomes that are not possible to define in regular EVM. So that's
the policy. And then you have the circuit breaker that runs during block production, so it's
integrated with a network. And if a transaction breaks this policy, it is not allowed to be
added to the network. And I think one of the interesting things there that helped me wrap my head
around this was the idea that there are things like there are bad states, right? The amount
borrowed from a lending protocol should never, under any circumstances, right, with traditional
ones, not uncollateralized ones, should never exceed the value of the collateral, right? You can,
you can hard code that. Maybe that's supposed to be checked through different paths of different interactions
that you're having with the contract, but what the credible layer that you do is say, this is a state.
it doesn't matter what's in the transaction where it goes,
do not include any transaction in a block,
do not sequence it,
if the end result is an invalid state
based on these rules that we've predefined.
And I think that's very different
from the traditional way of doing security analysis
where you're saying like,
hey, we're going to step through the changes here
and check each thing along the way.
Are there any paths that can get us to a bad state?
And instead you're just saying,
what is a bad state,
I don't care how you get there,
you're not allowed to go into this.
So I think as we wrap up this episode,
the question that's lingering my minds
that maybe other listeners have is,
is defy going to be okay?
Like, are we going to make it through this?
And it seems very much,
as we look at April 26,
we are in a different type of scale limitation.
So in previous cycles,
maybe defy scale was limited
because Gary Gensler wouldn't let us do it.
And the regulation was pushing against us.
Or maybe it was block space was too expensive
and Ethereum wasn't scaling.
Those are not the constraints for defy scaling anymore.
It seems like the primary constraint,
if I were to ask people on the bankless journey
or even those outside is security.
They're worried that their on-chain funds
are going to be hacked.
That's the scale limiter now.
So I want to turn this question.
to both of you individually.
Do you think Defi is going to be okay?
Are we going to make it through this period?
You said, Dan, maybe it's a 12-month period of time.
We've got a lot of hardening to do.
What do you think, Dan?
Yeah, we're going to make it through this,
but it's every team needs to kind of commit to this individually.
I think we need to be very clear about where the risks are
and how we're approaching, if not solving them,
mitigating them to the greatest extent possible
and being willing to take a fair amount of pain
an expense in terms of getting there.
Security spend is always a very hard item for teams to stomach paying for, but it really
is necessary.
And I think we need to do a better job just calling this out and making clear where teams are
doing the minimum they need to to get into market quickly and grow.
And what it looks like when you're actually doing this to the nth degree and making sure
that your users are as absolutely safe as you can possibly make them.
So I think we will get there,
but we need to start doing a better job as an industry coming up with standards
and enforcing those standards and holding teams accountable for meeting those standards.
Odysseus, do you think we're going to make it?
And if we do make it, what's on the other side for us?
What's the good part?
I think we're going to make it.
Every team, as Dan said, needs to ask themselves a very simple question.
why would the user prefer my yield
over a 4% yield that is insured by the FDIC?
Right?
They have to answer that question
and if they answer honestly,
we're going to make it.
Because the answer to that question
show them where they need to be better
to be accountable, to invest in security.
I think it's also up to the security teams
like us to provide better tooling.
and better products that are easy to use,
they're not insanely expensive.
You know, I think if we're being blunt about it,
part of the fault so far
it's been on the security on the auditor themselves.
Like if you think how much money
adapt a protocol, a startup,
how to spend to audit a protocol,
it killed a lot of the innovation
or it forced teams to cut corners, right?
So it's also up to the security team,
not to the security industry,
to rise,
the occasion, like serve the industry better, I think.
I disagree on that last point.
I saw a smirk out of Dan.
Market sets the price there.
There are so few qualified humans to actually do the high quality audits.
I think they're expensive because you get what you pay for on that front.
I think now we're starting to break that connection with some of the AI systems.
We're seeing a lot of good ones out there.
I think the stuff I'm close with the Cantina team,
And so I've seen some of the stuff their Apex system is done, both in Web 3 and Web 2.
It's insane.
And all of these solutions, there are even some like pretty decent open source ones as well.
They're doing a great job.
They're already at kind of security researcher level, not even like junior security researcher.
They're probably Lsars.
Like the best systems are LsRs that you can run at a fraction of the cost and run repeatedly.
So I think, I don't think it's fair to blame the security firms previously for their high cost because that's what it costs to get the type of expertise that you want to secure systems.
Well, you know who we can agree on blaming is North Korea, okay, and all the Black Cat hackers.
They are definitely doing us no favors.
But I heard both of you say, we're going to make it and we're going to get through this and appreciate you coming on bankless and explaining all this, Dan and Odysseus.
Thanks for having us.
Thank you so much.
Guys, got to let you know, of course, on an episode like this,
crypto is risky.
You can lose what you put in, but we are headed west.
Still the frontier.
It's not for everyone, but we're glad you're with us on the bankless journey.
Thanks a lot.