Curve Founder: DeFi’s single point of failure harms the industry; urges Ethereum to set security standards

Curve Finance founder Michael Egorov published a long post on the X platform on April 21, 2026, pointing out that multiple avoidable attacks have recently occurred in the DeFi space, and that the root cause is centralized points of failure that are harming the entire DeFi industry. In the post, Egorov proposed to the Ethereum Foundation that it call for the development of principles, rules, and recommendations for building DeFi security.

Egorov’s criticism: a responsibility vacuum and everyone passing the buck

According to Michael Egorov’s post on the X platform, he used as an example the incident in which, after rsETH was attacked, users were unable to withdraw from Aave. He pointed out that the parties are passing responsibility to one another: Aave claimed that the protocol was operating normally and that only rsETH had been attacked; rsETH said the code was safe and that only the LayerZero bridge had been compromised; LayerZero (which Egorov said in the post safeguards $250 billion in funds) claimed that everything was fine; but users still couldn’t withdraw.

In the post, Egorov wrote, “All these kinds of problems should be prevented before they happen, rather than fixed afterward. The number of single points of failure should be reduced, not increased. When these failure points are unavoidable, trust should be distributed. If we rely on infrastructure, then we should share best practices for how to configure the infrastructure.”

Core request: jointly develop DeFi security standards

Based on the specific demands Egorov listed in his X platform post, he proposed that the DeFi industry jointly develop security standards covering the following areas:

· How to securely build DeFi protocols and how to verify security

· Project teams, auditors, and risk assessment teams should jointly contribute best practices and understand each other

· Best practices for sharing infrastructure configuration, not limited to the scope of smart contract code audits

Egorov also pointed out that lessons can be drawn from traditional finance’s experience in dealing with its centralized points of failure, and applied to protect DeFi against the small number of centralized points of failure that still exist.

Frequently asked questions

What is the core argument in Egorov’s criticism of recent DeFi attacks?

According to Michael Egorov’s post on the X platform on April 21, 2026, he said the root cause of recent DeFi attacks is centralized points of failure; the problem should be prevented in advance rather than fixed after the fact; the number of single points of failure should be reduced; and when failure points are unavoidable, trust should be distributed.

What issue did Egorov illustrate with the Aave incident?

According to Egorov’s post on the X platform, he used the example of users being unable to withdraw from Aave after rsETH was attacked, pointing out that Aave, rsETH, and LayerZero passed responsibility to one another—showing the problem that DeFi lacks a clear accountability mechanism for centralized points of failure.

Which institutions does Egorov propose to lead the development of DeFi security standards?

According to Egorov’s post on the X platform, he directly called on the Ethereum Foundation and the Solana Foundation to convene projects across each ecosystem and jointly develop the principles, rules, and recommendations for building DeFi security.