In brief

  • Founders of some of the biggest DeFi projects shared their thoughts on how the industry can improve user security.
  • DeFi projects have recently suffered million-dollar hacks and exploits.
  • Solutions ranged from community driven audits to third-party rating agencies to act as watchdogs.

How do we handle a problem like security in DeFi? In the world of decentralized finance, the issue is far from settled.

Multiple influential speakers weighed in on the matter at the Ethereal Virtual Summit on Thursday, offering their views on code vulnerability, how much security is enough, and who’s ultimately responsible for the security of users on decentralized platforms.

Perhaps the most pressing issue in terms of DeFi and security is the recent spat of high-profile hacks and exploits. Several potential defenses were discussed, including progressive security backed by investors, community driven audits, and third-party rating agencies to act as industry watchdogs.

“We think that the strictness of the security should scale according to how many dollars are flowing through your system,” said TokenSets co-founder and CEO Felix Feng. “As you’re able to get more users and more traction, you should be able to raise additional resources from investors to pay for these audits over time.”

But what about projects that don’t make security a priority? The $25 million Lendf.me hack used a well documented exploit, and Chinese developer dForce had ample resources to protect customer funds. In those cases, bZx co-founder Kyle Kistner sees a place for the community to step in to defend itself.

“I don’t think it’s a bad idea as a community if we have a product that’s getting a whole bunch of users and money, and we don’t think there have been enough audits for us to feel comfortable, to think about calling for and coordinating those audits. When one project gets hurt it affects all of DeFi, so we all have a stake in it.”

Decentralized services may provide users with broader, freer access to financial tools, but with that comes greater responsibility. And choosing a secure service is ultimately the user’s responsibility, according to dYdX founder Antonio Juliano. 

On the other hand, Juliano called for more third-party tools to help users make informed decisions, taking into account the implicit risks of financial products as well security vulnerabilities. 

“Right now, DeFi is in a very similar place to where centralized exchanges were three to five years ago,” he said. “I think there needs to be a consolidation towards some of the products that have proven themselves to be more secure.”

The issue wouldn’t be settled in a single (virtual) discussion, but the panel ultimately agreed on one thing: it’s an issue that’s essential for the mainstream adoption of DeFi.