The $280M DeFi Exploit That Changes Crypto Forever | Dan Elitzer & Odysseus
Inside the episode
Odysseus:
[0:00] Security is not an issue in TradFi more than it is an issue in,
Odysseus:
[0:03] you know, most other services because of the long settlement, right? You can go back, as we said, do a couple of meetings, pay a couple of, you know, millions or tens of millions, but you can fix the damage. In crypto, a hack is a physics event. It's closer to an aerospace, right? Because if you have an issue in an airplane,
Odysseus:
[0:23] People die.
Odysseus:
[0:25] In crypto, okay, if you have an issue, people don't die. but it's still very severe right and you have this irreversible damage and now we see like systemic even
Ryan:
[0:39] Bankless Nation welcome to the podcast we're here with Dan Elitzer from Nascent and also Odysseus from Phylex Systems guys it's great to have you on although the circumstances are not fantastic we're talking about a hack today how are you guys doing though doing
Dan:
[0:53] Well thanks for having us.
Odysseus:
[0:54] Thank you for having us, yes.
David:
[0:56] Let me give us a sit rep just so we can kind of just move forward through some of the details and then we'll kind of dive in a little bit deeper on some of the important details here. So April 18th, we had a hack in DeFi. Likely North Korea's Lazarus group is kind of who everyone is assuming is behind this attack, exploited KelpDAO's Layer Zero powered bridge to create 116,000 RS ETH tokens. That is the restaked ETH token out of KelpDAO without any backing. So extra tokens minted, they then deposited those tokens into Aave V3 across Arbitrum and Ethereum mainnet to borrow $236 million in WETH. So unbacked RS ETH tokens deposited into Aave allowed them to withdraw real ETH from the Aave system, leaving Aave with about $280 million in bad debt that it cannot recover.
David:
[1:47] As a result, some panic withdrawals have followed $5 billion in ETH outflows, with Justin Sun pulling out $150 million just alone. In response to this attack, Aave paused the RSETH markets and the WEATH reserves across multiple chains just to kind of constrain the damage. Now it's got $180 million in bad debt. The TVL and Aave plunged from $26 billion to $17 billion, kind of as like panic withdrawals happened. Interestingly, turn of events, the Arbitrum Security Council recovered $70 million in ETH in a pretty unprecedented violation of chain state, basically seizing the stolen assets by Dow governance vote, kind of opening up Pandora's box about what immutability means on layer twos. There are a ton of conversations that kind of sprawl out from this. And maybe just to add some context, this hack doesn't actually even break into the top 10 in terms of dollar value lost, But it seems that this hack is a top three, if not a number one hack in terms of just the significance of some of the implications
David:
[2:51] of the future of the DeFi industry and the security of on-chain assets. Dan, I want you to check me in that statement and talk to me about like why this event specifically, why this nature of this hack is so significant for the state of DeFi.
Dan:
[3:05] There's a number of reasons. I think one is that we're seeing such major protocols. Kelp actually had a lot of value in it, but Layer Zero is widely used across the ecosystem. And Aave is frequently held up as one of the most trusted names in DeFi, obviously the largest in terms of TVL. And so to see them affected in this way by an exploit really shakes people. And I think it also is really significant because this is due to the composability that we've all been so excited about with DeFi. And here we're seeing the downsides of composability when you have not just ETH, but you've got like staked ETH in a liquid staking form, deposit into Eigenlayer. So it's restaked there. You've got a liquid restaking wrapper. You're bridging that to other chains, you're using that as collateral, you've got these levered loops going. There's just so many things happening here. And there's a lot of things that had to go wrong for us to be in the state. A lot of people have been playing the blame game saying, like, you know, who's responsible here? And I think the answer is, if any of these parties had been more buttoned up, everybody from Kelp to Layer Zero to Aave to Aave Borrowers, potentially even the EF. Like there's so many different places that you can point fingers to.
Ryan:
[4:28] If anybody had really, really done their job,
Dan:
[4:31] The damage would have been less than it was.
David:
[4:34] Yeah, there's also just a nature of just like the level of sophistication because it required the threading of a needle across like three needles, right? You needed to have exploited layer zero and then that had to align with the
David:
[4:47] risk management in Aave and also with Kelpdow's utilization of layer zero. All of these things kind of had to align and then for the attacker to attack all of them at once. Odysseus, maybe we can get into what I hope is like the most technical part of this episode, but also keeping it high level because, you know, me, Ryan, we're not technical. We have a lot of non-technical listeners. So while also doing a technical job, keeping it high level, can you just inform us about how this exploit actually happened? How did this work?
Odysseus:
[5:13] Yeah, so we're still getting information. We still don't know how the attackers were able to actually get access to Layer 0 systems, but they seem to be able to have pretty deep access into the systems. and what
Ryan:
[5:27] They did basically was
Dan:
[5:28] To replace the RPC nodes they have deployed.
Odysseus:
[5:32] With a malicious RPC node which showed fake data right and this fake data were piped into the validator you know network which was not a network was just one node was a one of one and based on this fake data it said oh there is a deposit on unichain of this amount of restate if of kelp does if so what I should do is to send a message to the receiving end on Ethereum to withdraw now the ETH, right? So on the receiving side, it received this message, validated it, and then released all these ETH that were then used in Aave to be able to exchange them for ETH, right?
Dan:
[6:14] Well, to be very clear, it released the RS ETH, so the RS ETH could be deposited into Aave.
Ryan:
[6:20] Exactly.
Odysseus:
[6:20] Yeah.
David:
[6:21] Okay. So Layer 0, cross-chain messaging protocol. Part of this industry is we have networks upon networks. You want these things to kind of like work as a seamless experience. Layer 0 is in pursuit of that, allows for messages to be passed across chain. And from the user experience that it looks like assets can go across chain because Layer 0 will lock up assets on one chain, mint IOUs on another chain. And so far as layer zero protocol works, those IOUs are equivalent, if in the best case. That part is what failed. And then you also, Odysseus, you said that the DVN, the one of one, there's the layer zero protocol. And then there's like a surrounding validator layer, validity layer that audits everything and like passes, you know, verification saying like, hey, this is working as intended. That surrounding layer is what got exploited. It should have said, hey, this is not working as intended. But instead, because there was weak security, KelpDow only used one DVN. That one DVN was the target of the exploit. And the DVN passed the message of thumbs up when it should have passed the message of thumbs down, which is what allowed North Korea to withdraw excess RSE tokens that it shouldn't have. All of this checks out, right?
Odysseus:
[7:38] Yeah, exactly.
David:
[7:39] How sophisticated was this exploit? like in the grand scheme of how difficult it was to do the number of moving parts how difficult of an exploit was this
Odysseus:
[7:52] Probably one of the most sophisticated exploits we have seen, I would say. The level of access they had into Layer 0 systems, because not only they replaced the RPC nodes with a malicious version, but after performing the attack, they also replaced them again with the original binaries. And also they basically cleared up all the evidence in logs such that the alerting systems of Layer 0 would not go off, right? So it's a very sophisticated attack because of the level of access they had. It's actually very scary.
David:
[8:22] And what are the takeaways? What do we need to know? Because it's so sophisticated, what lesson does that teach us? Or what worry should we have?
Odysseus:
[8:29] I think as the space, we have focused a lot on the smart contract level security, which has a lot, you know, developed. And I would say we're in a very, we're in a good spot in terms of sophistication. As you know, the previous bridge attacks were smart contract level vulnerabilities. But now with this attack, with Drift before, we're actually seeing the social layer being the actual attack vector where they manage to get access to people, their computers, and through the, probably through, to the systems, right? So it's the human link that is actually now the weakest.
Ryan:
[9:06] As you guys were talking about that, like, you know, David, you're talking about this and Dan and Odysseus and we're saying we have got KelpDAO and we've got Layer0 and we've got RSEth and the RSEth was the thing that was hacked. It wasn't ETH. I'm trying to like, it's so much to track, right? So like even for myself being just like a meshed in DeFi platform. It took a little bit for me to put together all the pieces. I'm wondering,
Ryan:
[9:33] how in the world would you explain this to a normie? How would you explain this to your parents or your grandma in terms of what happened? Because something like this is inconceivable in TradFi, right? It's almost like you'd have to explain, you'd have to say, okay, mom, dad, so you want to know what happened to this DeFi? Imagine Bank of America, they have a balance sheet and they have a bunch of mortgage loan obligations. And a nation state like North Korea, Kim Jong-un, was able to reach in there and steal all the houses. And so a portion of their debt on their balance sheet was bad debt, you know, $280 million worth. And that's the problem we're facing. We've got kind of a balance sheet issue. You'd have to explain it like something like that because this just can't happen in TradFi. And I'm almost asking for like, what's your best explanation of what happened to a normie, Dan? Like, how would you tell this to someone on the street that's just like, oh, I heard there was a hack in DeFi and it was kind of bad. What was it? Can you explain this in simple terms?
Dan:
[10:36] Yeah, I mean, I think you honestly, you really can't. That's the main issue here is like it's not understandable by normies. I do want to push back a little bit on the idea that like this is inconceivable in TradFi. We've also seen massive levels of fraud in TradFi and even things like the SWIFT network, right, for transferring money, where we had that case where I think it was the Bank of Bangladesh. There were all these like fake messages to the Fed trying to transfer like a billion dollars doing that. So like we have absolutely seen incredibly large compromises and issues in the
Dan:
[11:14] traditional financial system as well. The difference and I think Odysseus did a great job calling this out is that, this is fundamentally different in that when we mess up in DeFi the money is gone and like you know with the possible exception of things like the action of the arbitrum security council took where we're able to fight back in some cases there's I think a lot of pros and cons to actions like that that we need to talk about and go deeper on But in TradFi, there's potentially at least a window of recovery and correction. And here where it's also really bad is the trickle through to individual users.
Dan:
[11:56] Frankly, we just need to fix this. We need to, I think, every single party involved, and not just involved here, across the ecosystem, everybody needs to step up their game because, yeah, it was Layer Zero and KelpDAO and Aave involved this time. There are absolutely things they could do better, but I don't think there's any team in the ecosystem that could say nothing like this could ever happen to us. so we just all need to level up. And that's the answer. It's like it just needs to be safer so that we can have grandma use it and not have to understand these things because these things really aren't possible because of the layers of security that we build into the system at every level.
Ryan:
[12:42] And that's what I mean by this being inconceivable in TradFi. It's not that fraud doesn't exist or bad assets that aren't really backed in the way that we think they're backed. That stuff all exists in TradFi. What doesn't exist is instant settlement and bearer assets that once you take them, they're gone. So even the example I gave of suddenly North Korea stole all of the mortgages. You can't really steal a mortgage. It's just like an IOU. In this case, they're literally stealing all of the assets. They're literally stealing all of the houses. So Odysseus, I know you've thought about this. How would you underscore for people outside of DeFi and crypto how this is different than TradFi?
Odysseus:
[13:23] Well, in crypto, you know, a transaction, a hack is a physics event. I think it goes back to whether you can club up or not, whether you can undo history, right?
Ryan:
[13:35] The main difference is that in TradFi,
Odysseus:
[13:38] You can have all these issues, but at the end of the day, you do a couple of meetings. It's expensive, but because of this long settlement, you can sort of circle back and fix it, right? Here, you can't. The ledger is the truth and the ledger is immutable by design. So this amazing thing that brings the capital efficiency, which is why TradFi is adopting crypto is because it's more capital efficient, is also the same thing that creates these problems right now and so much pain,
Odysseus:
[14:07] right? It's like a double-edged sword.
Ryan:
[14:09] I want to ask another question because we mentioned three parties in particular, and maybe there's more than three involved here, but we mentioned Layer0, we mentioned Aave, and we mentioned KelpDow, and they're the protocol group behind the RSE that was actually minted and actually stolen and taken. So there's been a lot of blame going around. And I'm curious from you guys like who's responsible for this whose fault is it
Dan:
[14:37] Everybody's right every everybody involved has some amount of fault where should the buck stop well i think that's that's for each of them to individually determine so within i think the big question has been.
Dan:
[14:54] The KelpDAO team basically has the ability to decide, hey, we've got this ETH backing. Are we going to treat the bridged RSETH and the native RSETH on Ethereum as exactly the same and give everybody equivalent haircuts if we need to haircut this? Or are we going to say that really this was a bridge exploit? We're actually going to push all of the haircut to the L2s and say that we're going to fully back the L1 RSE. And that has ripple effects for Aave in terms of how they need to handle this. What I will say is we're all speculating right now. None of us, as I believe, are in the rooms where there are, I'm sure, negotiations and deals and capital injections and things like this that are being discussed. I think it's unfortunate that whatever those discussions are taking as long as they have. But I do expect that at least a couple of the parties involved will have some form of deal or injection or negotiated thing happening to help them be less impacted. But they're ultimately responsible for their own users and the decisions that led to those users being hurt.
Ryan:
[16:11] So everyone's at fault, but I wonder if we could be more granular because they're at fault in different ways, I would say, right? So I'm going to simplify this and then you guys correct me or tell me where I got things wrong, right? So obviously layer zero, they got infiltrated somehow. So whether this was some kind of a sophisticated nation state social engineering hack to give North Korea access to their servers, there's obviously an issue there. They also let their customers configure things in a way that was like a one of one DVN kind of validator. I mean, that shouldn't have been the default configuration. There were some security issues with respect to that. So there's a set of things that layer zero could have done differently.
Ryan:
[16:55] Kelpedow, to your point, I suppose they shouldn't have configured things and trusted layer zero in the way that they did without really investigating, okay, like, how could this bridge fail? And in what ways? Because ultimately, it's their customers that were affected, all of the RSE holders. And then I guess on the Aave side, they let this collateral into their global shared risk platform for all collateral. So they looked at RSETH and they didn't discount it from a risk perspective in the way maybe they should have. Maybe they let too much in, for instance. Maybe they didn't assign a risk profile that would say like, okay, this is significantly more risky because we've daisy chained all of these different bridges and layer twos together. It's more risky than just plain old vanilla wrapped ETH, which is what a lot of their depositors actually have as wrapped ETH. So Aave should have risk assessed this more. Layer zero should have had more security, better defaults, particularly with this amount of money.
Ryan:
[17:55] KelpDAO shouldn't have used layer zero in this way. Is that roughly fair in terms of Odysseus, where you design the detailed blame here? Yeah.
Odysseus:
[18:05] I would totally agree with how you position it is. Of course, layer zero got infiltrated. It's problematic that we're suggesting default configs that were not secure enough. My assumption is that they want to allow their customers to go to market very quickly and as easy as possible. So they were doing that and then they never circled back to these default configurations as the team grew and their ability to execute better grew. They didn't circle back to say, okay, now we need to step it up, right? Because they were offering it as a service, right? It's not Kelp data who was running the servers, right? And then Kelp, of course, should have investigated or understood better. And I think that's, there's like, I think two reasons why bridge hacks have historically been the worst. On one side, you have bridges being... A huge pile of money sitting in one contract. But on the other side is that the mental models are very weird. It's not easy to reason about IOUs and where the attack vectors are and who you need to trust, which I think also is what resulted to Aave maybe not a risk assessing it properly. I'm sure that for a lot of users, they don't know they have IOUs.
Ryan:
[19:21] There's another party that maybe we can assign some blame or maybe this is a system or structure problem. Odysseus, you just mentioned that so many of these are bridge hacks. And the thing that we just saw this week was yet another bridge hack. Maybe it's a fault of the architecture and the system that we've built on top of DeFi and Ethereum that we have to depend on all of these bridges in the first place. And you could say, and I've seen some make this argument that this is downstream a result of the layer two roadmap, for instance, where the hack didn't happen on layer one mainnet. It happened because we had bridges to different L2 type systems. And you could also say, well, maybe it's the fault of the technology. We've relied on these optimistic roll-up seven-day withdrawal type bridges. The UX and the friction behind that has been so terrible that we've had to rely on, you know, maybe I'm oversimplifying this, but like multi-sig style, weaker bridge type configurations of the type that layer zero put in place. And we just had to do that or else what? Or else DeFi wouldn't grow or else we'd have no new users. And that was downstream of Ethereum layer one, not having the technology or a scaling strategy. And so we've, we push things into more rickety, less secure solutions just for UX and for users. Do you think that's a credible charge that just like the architecture is to blame here?
Odysseus:
[20:43] Yeah. It's, you know, I think it's just a result of the same reason why roll-ups are not great. The same reason why bridging sucks, why even account abstraction is not great is because The protocol was unable to coordinate and make decisions about these things, right? And it just passed it back to the app layer to coordinate. And then things had to be bolted on in, you know, weird ways, right? And because the protocol couldn't offer better assurances, people just regressed to the quickest, easiest, cheapest, better UX solution, which is you just have a multisig that decides things, right?
Ryan:
[21:20] Yeah.
Dan:
[21:21] I want to push back a little bit on the blame here going to the architecture. Like, could the architecture have been better to give us better options within Ethereum and Ethereum's L2 ecosystem? Absolutely. But I think it's also unrealistic to say that we're going to have, even if Ethereum had executed perfectly, right? We scaled L1 much better. We actually have canonical bridges with all these L2s on Ethereum and like we got all the stuff we want from that roadmap. There are still going to be other chains, right? There's too much incentive to have multiple L1s that are making different design trade-offs and different go-to-market trade-offs, different trust trade-offs. And because we're gonna have meaningful assets on multiple chains, there's gonna need to be some way to connect those. Could we connect them better? Yes, but it's not all gonna happen natively within one L1 plus its own native L2 ecosystem. We have to have solutions that are reasonable solutions to use to bridge assets across much more kind of varied chains.
David:
[22:32] But Dan, doesn't that mean that if we had a environment in which we had real time ZK proving, which is somewhat recent in terms of the tech tree that we have in crypto, but we do have it now. And the Ethereum economic zone out of the Gnosis end of things and the Zysk side of things is like a possible way to have these much more performant canonical bridges that wouldn't need a third-party bridge. It would actually be part of the actual protocol. And so, well, I'll take your point. No one's going to stop the perpetual incentive to build another layer one. Nonetheless, they're with a real-time ZK proving ecosystem inside of Ethereum's own network, wouldn't that have actually solved that component of the exploit stack? Like the famous Elon Musk quote is, the best component is no component. It's,
Dan:
[23:26] Yeah, but I think even that, though, it's not guaranteed free from failure, right? There could be problems in the ZK cryptography or in the implementation. Any additional layer of complexity, more things can break. And so I think we just need to do a better job of both pricing that risk that's coming in and also building in layers of redundancy, right? One of the things that the Athena team did, they are also using layer zero. They have a more secure, they had a two of two. They just announced they've updated it to, I think, a four of four when they turned it back on. But they also had rate limits, essentially. I think it was like 10 million per hour as the max that could be moved via layer zero across chains. So there are different things that you can do. rate limits circuit breakers that say we are going to assume at some point any of our trust assumptions can break right and so if you build your system with the assumption that any individual component can break and ideally that like maybe two different components three different however many components break that you still can limit the damage right i think everybody has to assume both in the crypto ecosystem more generally and.
Dan:
[24:46] You are going to get hacked at some point. Some level of your personal security, your infrastructure is going to get exploited at some point. And you need to have a plan for what to do when it happens and to limit the damage that can be created in that event. And I think too many teams have been like, we're just going to do everything we can to stop anything bad from happening. Guess what? You can't. Something bad is going to happen. You need to make sure that you've limited
Dan:
[25:13] the damage that will occur when that happens. Let's talk about.
David:
[25:17] Who got hurt in all of this and also just the current state of things because things are not completely resolved as it stands. So just to kind of list off the parties that are taking haircuts, that's the Aave Ether depositors. There's now not enough Ether in the Aave system to return all the deposited Ether to everyone who deposited it. So there is some amount of like under collateralized amount of Ether in the Aave system. RS Ether holders broadly, this is the CalPDAO restaked token. RS ETH is now 15% unbacked because that amount got minted or released by the Layers of your bridge when it shouldn't have. There's also the Aave DAO umbrella stakers. That's kind of like the Aave insurance fund. We don't really know the outcome of this, but the whole point of the umbrella insurance fund is to meant to insure against bad debt. Aave now has bad debt, likely wiping out the stakers. We don't know how much or who are the Sakers who are involved. That's something that Aave, the DAOs, wouldn't have to determine. Those are all the parties, I think, got hurt in this. But there's also, there are currently funds stuck in Aave. So Ether, USDC, USDT, Tether, utilization in Aave is at 100%, meaning anyone who's deposited these things cannot withdraw them because there's not enough assets to withdraw. There's not enough liquidity for people to exit this position. My big question, Dan, is I don't know the answer to this. How does this get resolved? Like if I have Ether in Aave or if I have money in Aave, how do I get my money back?
Dan:
[26:46] Yeah, so right now the answer is you largely don't. I think Fluid came up with an interesting way to allow people to kind of swap out and exit by trading their AWEF for the different backing. I think they've got WEETH and some other stuff in there. The way that I think this is going to get resolved is that there will be some deal cut, some capital injection coming in. I think Aave does have the ability to recapitalize here. The Aave token, while it is taking a hit, is still quite valuable. The team is strong experience. They've got a lot of brand equity and trust built up in the ecosystem. I would assume that they are working around the clock to cut some sort of deal to help protect as many of their users as possible.
Dan:
[27:39] I don't know when that will be announced, what the shape of it, who would be involved in anything, but there's no way they're not having those conversations. When Aave is in trouble like this, it ripples across the ecosystem. We've seen even other lending protocols, Morpho's seen outflows. I think actually Spark might be the only one with kind of net inflows at this point, fluid saw outflows, others like, people just are pulling capital back when you've got these funds running strategies at size where they're three, four, five X levered on some of these like ETH loops and kind of carry trade loops on stables.
Ryan:
[28:16] This is bad.
Dan:
[28:17] Everybody wants to get out. And either we're going to start seeing some liquidation soon that's going to kind of like forcibly kind of unwind some of this, or we're going to see some form of capital injection and bolstering of trust. Because right now what we're seeing is a bank run, and it is having contagion effects across the ecosystem.
David:
[28:36] I know you just mentioned this, Dan, but I really want to underscore some of the details here. The risk parameters that any borrowing lending protocol should have, we're now using words like circuit breakers and rate limits. Can we just emphasize, underscore that one more time? In the context of DeFi, in the context of a borrowing lending protocol, what is a rate limiter? What is a circuit breaker? How might Aave or another protocol implement them? And I think we're all, as an industry, kind of understanding that this needs to be standard.
David:
[29:08] Circuit breakers and rate limits need to be standard in protocols moving forward. Can you just define these things and why they're so important for borrowing lending protocols moving forward?
Dan:
[29:16] Yeah. So for rate limits within a given protocol, you say, hey, no more than this amount of deposits withdrawals mints can occur within x number of blocks ideally right because that we can be much more certain of blocks than timestamps and then the idea of like a circuit breaker is like hey rather than hard limiting saying just we're going to prevent this action you actually can circuit have a circuit breaker where it says we're going to pause other functions of the contract should we go over those limits within a given time period and so that's that's the difference is like rate limits just like says, hey, you can only take this action up to a certain volume within a certain period of time. Circuit breakers say, if you exceed those limits on the rate limits, we actually pause other functionality as well. And the very, I think, nuanced thing here, because we spent a lot of time looking at this a few years ago and trying to come up with more of a universal circuit breaker system that could be used. You can actually make problems worse in some cases by having a circuit breaker because you can have parties try to maliciously trigger the circuit breaker.
David:
[30:24] Right, you get grief attack.
Dan:
[30:26] Again, given the interconnectedness we see across the system, yeah, you can start griefing systems or you can be trying to say like, hey, we're trying to mess with this protocol over here. So we're going to trigger circuit breakers in this other protocol. So users can't then like pull liquidity over here to go rescue positions over there. there are a lot of additional kind of like second and third order effects that you need to think about when you're implementing both rate limits and circuit breakers.
Ryan:
[30:53] Dan, would Aave v4 have reduced the exposure here? It's just like the idea of Aave v4 is you have kind of some separation of risk and pools, you know, maybe in a similar way that Morpho separates some of that risk. Would that have helped here?
Dan:
[31:08] Potentially. It depends on, like, I think Aave v4 has more tools that could have mitigated it. But again, it comes down to the implementation. Layer 0 had more ways that you could have used their infrastructure to make this safer that then weren't used in this case. So just the mere existence of Aave v4 would not have lessened the impact here. But it is possible using some of the tools available in Aave v4, it could have limited the damage.
Ryan:
[31:38] There's another wrinkle to this story, which has led to a philosophical question for crypto and to DeFi. And that was something that happened yesterday, which we'll call this the Arbitrum recovery. So there was about 30,000 stolen Ether in the hacker's hands on the Layer 2 Arbitrum. So this is Arbitrum 1, of course, so off of Ethereum and on the Layer 2.
Ryan:
[32:05] At some point yesterday, Arbitrum Security Council used emergency powers to freeze and move those funds to a locked wallet. They didn't disrupt any other users on the chain. They just targeted this one specific case. They grabbed the funds. They essentially stole from the hacker who had already stole. So they theft from the thief in order to recover these funds. The implications of this are interesting. First of all, North Korean hackers must have left the ETH on Arbitrum because they thought it was safe. They didn't really think through that this could happen, that the Security Council could step in. The Security Council itself, what's the multi-sig on that? Is that like a nine of 12 or something like that?
Ryan:
[32:51] So nine of the parties had to agree to make this a regular state change out of 12. And they got those nine parties to agree, and then they executed the method. But essentially, that's kind of like if nine of 12 on the Security Council agree, it's kind of God mode over anything that happens on Arbitrum. And so there were many who celebrated this as like, hey, we got the money back. This is fantastic. We've helped save DeFi. Now, again, this is only $30 million of the $280 million hack. So it kind of takes the edge off, particularly for the RSE affected users on Arbitrum, but doesn't completely get all of the funds returned. But there are many who are celebrating this, of course. And indeed, that's got to be the gut reaction, right? So somebody stole the money. It's North Korea. You know, who knows what those funds are going for? And we just took it back.
David:
[33:41] One small detail. You said $30 million, Ryan. $70 million was recovered by Arbitrum. $70 million, thank you. The $290 million hack.
Ryan:
[33:48] I see, yes, yes. So 30,000 ETH, but 70 million, okay. And so, and others are saying, well, I didn't know we had this backdoor. We've crossed some Rubicon. Now this is a stage one roll-up. So we know on paper they have this authority and ability. But now once they've exercised it, maybe they'll be asked to exercise it for all sorts of things. You know, in fact, I...
David:
[34:11] Smaller hacks. Yeah. Recover funds. $10 track.
Ryan:
[34:14] Recover funds.
David:
[34:15] Oops, I lost my private keys.
Ryan:
[34:17] What are the implications, do you think, for this decision? And is this what we want from our L2s? Like ultimately, in this case, maybe you'd argue that it was a good thing, but does it have implications downstream?
Odysseus:
[34:32] I think it has, actually. I think it's a good thing that we did this since we have the power, but it's going to circle back, right? But because with the Clarity Act, which was an attempt from the industry, you know, DC to regulate crypto, there was a lot of rollups that were making the argument that we should be regulated like Ethereum or, you know, Solana because of our design, right? And now they've proven that that's not the case. And, you know, there is a lot of people, especially in DC, that are very anti-crypto. We saw that with the previous administration and they're taking notice, right? They're taking notes. And I think when the rollups try to make the same argument again, this will circle back. And this could even get worse if in the next administration, we have a much different outlook against crypto, which could be very well used to do another witch hunt, which was also one of the major arguments why people were saying that for Drift, for example, Circle did well not to freeze the funds.
Ryan:
[35:34] I also want to make clear it's not just an L2 issue, right?
Dan:
[35:38] This, if we start to see a future administration or any government start to come down, the idea that they could start making demands of node operators on L1 to, you know, not sequence transactions for certain addresses or to all agree to a fork where there's an irregular state change, like absolutely pressure could come to L1s as well. So I think ultimately, at the end of the day, for all of these systems, the ultimate, ultimate, ultimate root of trust comes down to the social layer. And so I think we just need to be aware of that. And I think while I do think that this was a good action in this case, when we view it in isolation, I think, you know, were I on the Security Council, I likely would have gone along with this. I think that a lot of people who are right to celebrate it in the moment, we're going to look back on this and it really has the potential to set bad precedents in a lot of ways going forward. word. I don't know that given the ability exists that we could have expected them to do otherwise, but I think we're going to be talking about this decision quite
Dan:
[36:57] a few times in the years to come.
David:
[36:59] It seems that though the code is law, like standard, was never really going to be our future anyways. And something like this was inevitably going to happen. We were going to have some sort of state violation, chain state violation by some sort of layer two because they could. And so I kind of see this as like, you know, a fork in the road, but are also like our destiny nonetheless. And now like it's coming in an era in which like crypto is entering its like TradFi era. And, you know, TradFi has all of these like legal constraints because it's, you know, human governance systems. And ultimately, at the end of the day, we have, our layer twos, have not created like perfect one-to-one immutability as with the layer one. And that's where a lot of finance is happening. And so it seems like we're kind of destined for this outcome where, you know, we did the code is law thing as far, and we took it as far as we could. And now we are in our human governance controls over people's assets era, admitting to that. And we're probably going to be leaning into that moving forward because, you know, we had, it's, you know, Ethereum's 17 years, 16 years old now. No, 11 years old now. That's a different number.
David:
[38:25] And like, we had our chance to make the perfect immutable system. We didn't perfectly create it. Maybe we got it at the layer one. Maybe we don't even want to create it. Like at the end of the day, I'm kind of saying like the best system is the one that does the right thing. Rather than the one that always upholds, you know, code is law. And I think a lot of people, Ryan's going to throw a flag in a second. Yeah. But a lot of people are coming to like kind of terms with that is like the systems that we want are the systems that do the right thing. And doing the right thing requires some level of human governance.
Ryan:
[38:56] Well, that's the whole thing. Like who decides what the right thing actually is. I mean, that's the entire crypto experience. And here we go with like states and
David:
[39:02] Democracies and governance and
Ryan:
[39:04] All this kind of stuff. But, but, okay. So let me ask you guys this, because I think this is worth like really, really talking about. So I think you can run both experiments. It's fine to have both experiments, right? So you have some environments, that's Ethereum L1, let's say, that's Bitcoin, where code actually is law. And you're playing Diablo 2 on hardcore mode where things happen and it's actually dead. Everything's over.
David:
[39:28] If you die, you die, yeah.
Ryan:
[39:28] Yeah, you have actual bearer instruments. And then every layer 2 or other chains or assets or smart contracts, they have to make a decision. They have to either decide that code is law or it's not really law, right? They have to either prioritize decentralization or some sort of intervention. What I think goes away is this messy middle area where we're like, we kind of talk about decentralization and code is law, but we actually do have a button that we can push for emergency situations and reverse certain actions. I think that is untenable. To be fair, that's what the stages in L2Beat are actually for. You have stage one, which is you still have a security council. You get to stage two, there's no security council, right? It's kind of much more a code is law world. But the question for these L2s is, is that where they actually want to go?
David:
[40:23] Do we actually want stage two?
Ryan:
[40:24] Well, do users even want stage two, right? Because if I'm a user on Arbitrum, I'm kind of like, whoa, I'm glad that they did that. If I'm an RSEth owner on Arbitrum, it's a feature. It's not a bug necessarily. Now, am I worried that Arbitrum is going to unilaterally steal my phone? Not really, not so much. So this comes down to user preference and ecosystem preference. But I think what's going to have to happen is if an Arbitrum decides to not be stage two kind of fully decentralized and try to match Ethereum, what they're going to have to do is become a lot more fintech like in terms of making these decisions much faster and having escape hatches quicker and having and having
David:
[41:10] Like structure and rules around these decisions
Ryan:
[41:14] We're seeing yeah the ability they need to kind of ramp that up and have it like automated right and and to publish the the the rules like we're even seeing this with usdc and circle right now, which is like, when does Jeremy Lair and Circle decide to freeze USDC or not? The reaction time is not quick enough or appropriate enough to meet the actual market need and demand. You guys want to say stuff, so go ahead, Dan.
Dan:
[41:39] Well, so I'm in full agreement with you that we need to very clearly define what actions can be taken under what circumstances. But it's also great that you brought up Circle and Tether right here because the idea that, l1 ethereum is somehow different and is is fully code is law like no false like what if there i think just is you brought this up on on twitter there today like what if there's like a compiler bug related to like weth like we've got like wrap wrap like what if there's something like we get infinite mint on leaf like right okay like do we think there's not going to be a lot of social pressure and discussion like, hey, do we fork to fix this? There's going to be two forks. Who ultimately chooses the fork? I can tell you today, if Tether and Circle say, this is canonical Ethereum chain, we are honoring USDT and USDC only on this chain, not the other one. I'm sorry, guys, that's the winning one. And do they have governments coming and men with guns saying, you must choose this chain fork? Okay, they're choosing that chain fork like it's it's again it is ultimately like social all the way down even at l1 it's just the bar for reaching that level is considerably higher.
David:
[43:01] The bar being higher i think is the key point here because like just because it's all social all the way down like we're even watching bitcoin governance elevate bips about what to do with satoshi's coins and so even bitcoin isn't removed from the same conversation but it is a level of like messiness and structurelessness the more you go down like you go down to the like bitcoin governance and you see just complete chaos you go to ethereum governance still chaos but somehow working and then you go to arbitrum and it's like a nine of twelve and so there is like a gradient of messiness and just because it's humans all the way down which i totally agree with doesn't mean we get to just capitulate to the point where like, oh, it's all, it's all, it's all human governance at the end of the day.
Ryan:
[43:47] But the first two are different, though. It's like in the Bitcoin case and the Ethereum case, I would argue that that's kind of like hard fork governance. That's partially why the bar has to be so high. It has to be something, to your point, Dan, that's existential. Now, whether USDC and Tether withdrawing their support from Ethereum meets that standard, I think you'd say it does because that would wreak havoc on all Ethereum DeFi. And so you'd say that's existential, that would cause a fork. Others would say maybe not, and that's why there's a fork, right? Potentially. But there's no like 9 of 12 multi-sig, do you know? It gets, and the same thing with Bitcoin, it gets resolved in this messy fork-driven
Ryan:
[44:27] governance structureless type of way. And that makes it such that the bar is quite high, has to be something existential before you actually trigger that. But Odysseus, you wanted to chime in.
Odysseus:
[44:40] Yeah, I think it's an interesting observation is that, you know, when Sui had a big hack, they had a rescue. Baratain did the same. And then when the drift hacker, hacks drift, what did he do? Or, you know, they do. They moved to Ethereum.
Ryan:
[44:57] Immediately.
Odysseus:
[44:58] They didn't stay in Solana. So it's also very interesting how they perceived decentralization. But in Arbitrum, they stayed for two days, right?
Ryan:
[45:06] Yeah, that's interesting. You think they thought they were safe then on Arbitrum?
Odysseus:
[45:12] Probably, you know, safe and tired.
Ryan:
[45:15] But yeah. North Korea was not checking on L2B then. They had no idea this was a stage one and that there as a security council?
Odysseus:
[45:23] They probably didn't know what the security council could do or how quickly they would coordinate.
Ryan:
[45:30] So this will never work again for an L2 is kind of what that means.
David:
[45:34] This exploit will not happen on a layer two anymore.
Ryan:
[45:35] Because for every L2 that's stage one or under, the funds won't be kept there. They'll be moved somewhere else.
David:
[45:41] Well, this is now kind of like user expectations, probably, on layer twos. Oh yeah, that's the other precedent. Even if it's on optimism or base or anything, Like if me, a Coinbase customer, gets my assets exploited on base, you bet your ass I'm tweeting to Jesse and Brian to go recover my funds.
Ryan:
[46:01] And not just tweeting necessarily, right? There could be some people with stolen assets who just take this to civil court in some way. If you have the ability to freeze the money and refund the funds, like you're morally obligated to do so, are you not? And then ethically, are you not?
Dan:
[46:15] But again, the game theory is, evolve this right here, right? You know, Lazarus is learning very fast. They've adapted a lot over the past few years. And, To a distant point, they're going to get the funds off the roll-up real fast. It seems very unlikely that roll-up teams would be able to respond faster than what the current expectations are that users have in terms of the ability to relatively instantly bridge large amounts of funds back to L1 or to some other chain. So they're not going to leave it there to be frozen for future hacks.
Ryan:
[46:50] What do you think the L2s, the big L2s actually do? Like, for instance, you think Arbitrum 1 ever becomes a stage 2? Do you think, maybe this is a better question, do you think base ever becomes a stage 2? At this point in time, I just saw the new base update. I mean, they just communicated that.
Dan:
[47:04] Yeah, they're working on that with the new update.
Ryan:
[47:06] Yeah, they communicated that. But if you read the blog post, they said, now technically we can do this. But it's still a matter of them actually removing the security council. And again, is that what users want even? Is that what, you know... I think it will be a major decision as to whether they actually remove the Security Council, remove their ability to update the thing and make it fully decentralized stage two. Like, I think that there's a pretty good chance that they never actually get there because that's just not what the ecosystem actually wants or needs.
Dan:
[47:44] Just wait until the lawsuits start coming, right? I think Coinbase is going to want the ability to say, sorry, we can't take action. So you think the.
Ryan:
[47:52] Lawsuits will push Layer 2s to Stage 2, actually?
Dan:
[47:57] I think the legal liability is going to be the biggest thing that's going to push L2s in that direction because they don't want, again, Pandora's box is open. Where do you cut the line? Is it $70 million? Is it $30 million? Is it $10 million? Is it $10? I don't know. Where's the line?
Ryan:
[48:17] That's what I mean about hollowing out the middle ground here, right? Because it either pushes you to do like fintech reimbursements, you know, fraud detection, all of these things, and you become more fintech-y. And then you're going to demand
David:
[48:29] More control over your user deposits.
Ryan:
[48:31] Exactly. Or it pushes you to go full stage two and hands off, there's no way you can reverse anything.
Odysseus:
[48:37] I don't think stage two will happen. The problem with why protocols don't go to stage two, right, is because Ethereum development is disconnected from rollups, right? The proof system they have is the most complicated part of the whole roll-up design, is the thing that holds them back. It's an insane amount of technical tech debt and baggage, right? That's why they're not fast enough. That's why they're not better, you know, they're slower than Solana. And the problem is that with every Ethereum upgrade. Most people don't know that, but these proof systems break all the time. And they break because the Ethereum L1 development happens almost in isolation from them, right? Suddenly they have a new L1 upgrade and there is some very tiny change in the protocol and that breaks the proof system and they have to work two months to fix it. I think that's the reason why they're not in stage two. And I think they will find other ways to either not have liability, maybe Coinbase spins out base, or they become, you know, fully regulated and they totally lean into it. But from a technical point of view, I don't, unless Ethereum and rollups are more enshrined, I don't see them being able to get to stage two. Like it's technically infeasible.
Dan:
[49:51] That's fair. Guys, you're the host to tell me if you want to go a different direction, but I'd love to talk about like practically, where are we at and what does this all mean for builders, for users. Because I think we're in a very interesting interim phase, right, in the evolution of the industry and in the development of technology that we're seeing right now. Yeah, let's do that.
Ryan:
[50:15] Now because to your point, right, so I think for the average DeFi user, the average person that's in the bankless audience, you know, trying to actually go bankless, they're a little scared right now, right? And that's why you've seen some of the DeFi withdrawals. You've got AI with mythos and with all of this cutting edge thing that seems to give black hats and hackers some sort of advantage. And maybe they're adapting faster than white hat and crypto can kind of adapt to it. So you've got this uncertainty with AI, and then you've just got this slew of hacks. And I'm not sure if it's been larger than previous years. I've looked at some data and it's just like last year was kind of larger by this time, but some pretty large hacks at Blue Chip, Aave. The EF just came out with a post recently or Vitalik just called Aave Safe DeFi. Hey, we can finally get kind of close to risk-free yields, right? And that turns out not to be the case. So users in DeFi are scared. So yeah, Dan, what do we do? What are the lessons? What are the takeaways? Where do we go from here?
Dan:
[51:18] Well, I think first I want to just stage that and that it's not just about DeFi. I think for everything digital, like we are in like the probably 12 month period of max danger because we are now seeing AI systems at a certain level and not even like the mythos models, but like the current generation models, when you put them into the right harness, they're able to find insane zero days, not just in smart contracts, but in traditional like web to like operating systems, browsers, like all of these things. It is really, really scary what is possible now. And luckily, that's mostly concentrated in the hands of, I think, some of the good guys. But as we've seen, the open weight models that are going to be like, you know, fully open and people can use them for whatever they want.
Ryan:
[52:08] Those are maybe six months, maybe 12 months at most behind.
Dan:
[52:11] So we're in this period where we have all these deployed smart contracts. We've got all this deployed just like Web2 infrastructure that was built and tested and secured under human security assumptions for how you can go about securing that. And so there's a lot of vulnerable shit throughout the stack. Sorry, that is that is just out there and live right now. And so we have to like there is a race right now between the white hats and black hats in terms of who can secure existing systems faster. Once we get into 2027 and beyonds, All systems that are deployed going forward are going to be like rigorously superhuman tested and secured both upfront and an ongoing basis by best in class kind of super intelligent security models. So this period until we get to that point, we've kind of cleaned up all that backlog is the period of max danger. What do we do? We go kind of like old school on this. It is the rate limits. It is the circuit breakers. It is just defense in depth on everything.
Dan:
[53:17] Think about every layer of your stack from smart contracts to front ends, DNS records, individual employee and workspace accounts, your physical hardware using isolated hardware for like security critical actions, do like multiple channel confirmations with the other people that you need to coordinate with to take these secure actions. Like all of the things, do them. Now is the time where you need to step up and make it happen. This goes for every organization in crypto, especially, but anybody who is building anything in the digital world, which is like everybody.
David:
[53:56] One thing I was hearing from Justin Drake is about the implications of the Ethereum protocol architecture with a multi-client design. Ethereum has four or five running clients, Swiss cheese model, a bug in one client doesn't show up at another client, meaning that there's not one exploit that can take down Ethereum because of the level of redundancy. He was saying that in a post-AI world, post-mythos world, it's actually likely that Ethereum collapses down to one single super hardened client built by AI, formally verified by AI. So rather than having multiple clients, we just have this one absolutely just rock-solid client.
David:
[54:37] And this is, so like Ethereum at the client level is going to be rebuilt. We're also rebuilding Ethereum with the lean chain anyways. It seems like we're rebuilding basically the internet because all human written software is kind of now like analog in a sense. And we need to move to like what is the new digital and new digital is now written by AI, not written by humans. It seems like the entire internet is going to get rebuilt, Ethereum being no exception. But also that means that DeFi is also kind of going to need to be rebuilt from the ground up with AI, formally verified. And maybe just architected differently rather than the shared liquidity models of Aave, you have the more segregated silos of Morpho. Dan, what do you think about just the architecture difference, the new age requirements of DeFi in terms of architecture as we move forward? How will DeFi be impacted?
Ryan:
[55:34] Yeah, I mean, to be honest,
Dan:
[55:36] I think some of the insights with layer zero is like it's not the wrong approach to have kind of a limited modular permissionless infrastructure. We just need to raise the standards for how that infrastructure is then deployed and maintained. And so to the point about like Morpho, I think these isolated models, which Aavev4 also moves in that direction as well. I think we need to break it up so you can like limit the collateral damage around any type of exploits that happen, but we need to do a better job setting the defaults really high in terms of security that we do around each of these modules, right? I was talking with the Morpho team and others and been like, okay, how are we continuing to level up security? And I think one of the things that you do is the Morpho markets at the base level, incredibly minimal, but then you need to think about, okay, let's be really clear about the Oracle and how the Oracle is being set up and used in that module.
Dan:
[56:36] Okay, now let's look up at the vault and the curators there, right? You can't really rate limit or circuit break Morpho markets. Like that's just not part of it, but you can rate limit or circuit break around the vaults and how they reallocate between markets. You can make sure you don't have a lot of excess liquidity sitting there in markets waiting to be borrowed in the event of an exploit. So you can be sitting maybe in like kind of wrapped treasuries or something like that in the meantime. There are all sorts of different things that you can do to limit blast radius. And I think that's what's going to be done is you don't want big monolithic pools where a lot of capital sits. That's monolithic lending pools, that's bridges. And to the extent that you want those things in the market, which I do think we do, there's a lot of demand for those for good reasons. We just need to layer... Additional protections on top of those so that you're still going to be exposed to a lot of different risks, but you can limit the damage should any of those risks come to fruition.
David:
[57:43] Odysseus, you wrote an article that was written, released yesterday, I believe, titled Crypto Security Needs an Aerospace Mindset. Maybe talk to us about just like the, what you're advocating here in this article, because you're advocating for kind of just like a regime change in what it means to be a DeFi builder. Talk to me about the contents of this article.
Ryan:
[58:03] This wasn't released yesterday, was it? This was released in February. Oh, really?
David:
[58:07] Excuse me. Well, I read it yesterday.
Odysseus:
[58:12] Yeah. Yeah, I mean, it goes, you know, the core point is what we made at the start of the conversation, which is in Troutify, crypto is finance, right? So naturally, we take a lot of mental models from traditional finance and we apply them In crypto, and for most things, it works, right? A vault is really like a hedge fund, right? A curator is really a fund manager. But security really doesn't map out very well because security is not an issue in TradFi more than it is an issue in most other services because of the long settlement, right? You can go back, as we said, do a couple of meetings, pay a couple of millions or tens of millions, but you can fix the damage. In crypto, a hack is a physics event, right? It happened. It's closer to an aerospace, right? Because if you have an issue in an airplane, people die, right? In crypto, okay, if you have an issue, people don't die, but it's still very severe, right? And you have this irreversible damage and now we see like systemic even, right? It's this isolated event with layer zero and Kepul ended up becoming a systemic risk and a systemic incident for the whole of crypto. So I think this is the change in, you know, in the mindset where security needs to be as if our life depends on it. Because as we see it does,
Ryan:
[59:35] What does Aerospace do that we can adopt?
Odysseus:
[59:38] They just have very concrete gates, like failure is not an option, right? So formally verifying systems, having systems that are extremely simple, simplicity is directly correlated with security, means that you can understand it, you can audit it, you can formally verify it. And basically, you have a lot of stages where you want to make sure that failure is not an option. the system can't fail and if it fails it's isolated to that subsystem and you have multiple systems for redundancy yeah
Dan:
[1:00:11] Redundancy i think that that that to me is also one of the big things here is that we need to make sure that if anything breaks there's something else behind it to catch it and i know that like you know file axe with with your kind of credible layer this is one of the things that you provide and that i think there's there's a number of solutions that are starting to come out with this mindset to think about, okay, we can trust the curators, we can trust the people who are choosing default settings and what are the different parameters we should have in lending markets, things like that. Okay, how do we actually make sure that it's not just them saying they're going to do this or just doing it.
Ryan:
[1:00:56] Within a certain module on chain,
Dan:
[1:00:58] Can we create additional systems on top that essentially recheck these values that are critical values from a different perspective or a different validation point? I think that is really important because the more you can have systems that either one of them can block bad state from occurring in contracts, that is what's going to give us that next step function improvement in terms of the security that we can promise to users.
Ryan:
[1:01:31] Odysseus, is that what the credible layer does that Dan just mentioned? What does Phylase do on that?
Odysseus:
[1:01:37] Yeah, so we've built effectively a very powerful circuit breaker that allows protocols to do runtime enforcement. So we enforce certain checks during the transaction as it's added to the block, effectively making sure that bad states or bad outcomes can't happen. But failure is not an option in the systems. Like that's the new mindset. Because so far we say, oh, it's a process-oriented mindset so far. We say we did audits, right? Or we did testing. We focus on the process. But nobody's really saying that the failure is not an option. If you see auditors, never take liability. Protocols never take liability. All the terms of service, they say this is alpha software, experimental software. Use it at your own risk. The whole of crypto is built on the assumption that nobody is liable about anything.
David:
[1:02:26] When you talk about coding up that doesn't allow for bad outcomes, how do you actually define what a bad outcome is in the system?
Dan:
[1:02:33] This gets a bit technical.
Odysseus:
[1:02:35] But effectively, you know, the EVM is constrained, right, naturally. So we have created an extension of that in Solidity, so it's approachable by developers that allow them to define constraints, to define outcomes that are not possible to define in regular EVM. So that's the policy. And then you have the circuit breaker that runs during block production. So it's integrated with a network. And if a transaction breaks this policy, it is not allowed to be added to the network.
Dan:
[1:03:06] And I think one of the interesting things there that helped me wrap my head around this was the idea that there are things like there are bad states, right? The amount borrowed from a lending protocol should never under any circumstances, right, traditional ones, not uncollateralized ones, should never exceed the value of the collateral, right? You can hard code that. Maybe that's supposed to be checked through different paths of different interactions that you're having with the contract. But what the credible layer lets you do is say this is a state it doesn't matter what's in the transaction where it goes do not include any transaction in a block do not sequence it if the end result is an invalid state based on these rules that we've predefined and I think that's very different from the traditional way of doing security analysis where you're saying like hey we're going to step through the changes here and like check each thing along the way Are there any paths that can get us to a bad state? And instead you're just saying, what is a bad state? I don't care how you get there. You're not allowed to go into this.
Ryan:
[1:04:12] So I think as we wrap up this episode, the question that's lingering in my mind and maybe other listeners have is, is DeFi going to be okay? Like, are we going to make it through this? And it seems very much as we look at April, 2026, we are in a a different type of scale limitation. So in previous cycles, maybe DeFi scale was limited because Gary Gensler wouldn't let us do it. And the regulation was pushing against us, or maybe it was block space was too expensive and Ethereum wasn't scaling.
Ryan:
[1:04:48] Those are not the constraints for DeFi scaling anymore. It seems like the primary constraint, if I were to ask people on the bankless journey or even those outside, is security. They're worried that their on-chain funds are going to be hacked. That's the scale limiter now. So I want to turn this question to both of you individually. Do you think DeFi is going to be okay? Are we going to make it through this period? You said, Dan, maybe it's a 12-month period of time. We've got a lot of hardening to do. What do you think, Dan?
Dan:
[1:05:18] Yeah, we're going to make it through this, but it's every team needs to kind of commit to this individually. I think we need to be very clear about where the risks are and how we're approaching, if not solving them, mitigating them to the greatest extent possible and being willing to take a fair amount of pain and expense in terms of getting there. Security spend is always a very hard item for teams to stomach paying for.
Ryan:
[1:05:45] It really is necessary.
Dan:
[1:05:47] And I think we need to do a better job just calling this out and making clear where teams are doing the minimum they need to to get into market quickly and grow and what it looks like when you're actually doing this to the nth degree, and making sure that your users are as absolutely safe as you can possibly make them. So I think we will get there, but we need to start doing a better job as an industry coming up with standards and enforcing those standards and holding teams accountable for meeting those standards.
Ryan:
[1:06:24] Odysseus, do you think we're going to make it? And if we do make it, what's on the other side for us? What's the good part?
Odysseus:
[1:06:29] I think we're going to make it. Every team, as Dan said, needs to ask themselves a very simple question. Why would the user prefer my yield over a 4% yield that is insured by the FDIC? Right they have to answer that question and if they answer honestly we're going to make it right because the answer to that question were you know show them where they need to be better to get to be accountable to invest in security i think it's also up to the security teams like us to provide better tooling and better products that are easy to use they're not insanely expensive you know i think if we're being blunt about it part of the fault so far it's been on the security and the auditors themselves like if you think how much money a DAP a protocol a startup had to spend to audit a protocol and it killed a lot of the innovation or it forced teams to cut corners, right? So it's also up to the security team, not to the security industry, to rise to the occasion, like serve the industry better, I think.
Dan:
[1:07:39] I disagree on that last point.
David:
[1:07:42] I saw a smirk out of Dan.
Dan:
[1:07:44] Market sets the price there. There were so few qualified humans to actually do the high quality audits. I think they're expensive because you get what you pay for on that front. I think now we're starting to break that connection with some of the AI systems. We're seeing a lot of good ones out there. I think the stuff I'm close with the Cantina team, and so I've seen some of the stuff their Apex system has done, both in Web3 and Web2. It's insane. And all of these solutions, there are even some pretty decent open source ones as well. They're doing a great job. They're already at kind of security researcher level, not even like junior security researcher. They're probably LSRs. Like the best systems are LSRs that you can run at a fraction of the cost and run repeatedly. So I think, I don't think it's fair to blame the security firms previously for their high cost because that's what it costs to get the type of expertise that you want to secure systems.
Ryan:
[1:08:46] Well, you know who we can agree on blaming is North Korea, okay? And all the black hat hackers. They are definitely doing us no favors, but I heard both of you say, we're going to make it and we're going to get through this. And I appreciate you coming on Bankless and explaining all this, Dan and Odysseus.
Odysseus:
[1:09:02] Thanks for having us. Thank you so much. Guys, got to
Ryan:
[1:09:04] Let you know, of course, on an episode like this, crypto is risky. You can lose what you put in, but we are headed west, still the frontier. It's not for everyone, but we're glad you're with us on the Bankless journey. Thanks a lot.
