Andre Cronje says much of decentralized finance is “no longer DeFi” in the strict sense, as developers debate whether circuit breakers and other emergency controls are now necessary to protect users from exploits.
Flying Tulip’s founder told Cointelegraph in an interview that many protocols are no longer immutable public goods, but rather “teams of for-profit businesses” with upgradable contracts, offchain infrastructure and operational controls.
This change changes the security model, he said. While early DeFi protocols were largely defined by immutable intelligent contracts, newer systems often depend on proxy updates, multisigs, infrastructure providers, administrative processes and human response teams, according to Cronje.
“I think what we have today, including Flying Tulip, is no longer DeFi. It’s not decentralized finance. It’s not immutable code,” Cronje said. “These are teams running a for-profit business.”
The comments come after April’s DeFi exploits pushed the security narrative beyond intelligent contract audits and toward operational risk issues. On Thursday, Flying Tulip added a circuit breaker designed to delay or queue withdrawals in the event of unusual outflows. The move follows major incidents involving decentralized exchange Drift Protocol and capture platform Kelp, which resulted in estimated losses of approximately $280 million and $293 million, respectively.
Andre Cronje of Flying Tulip (left) and Ezra Reguerra of Cointelegraph (right). Source: Cointelegraph
The risks of DeFi go beyond intelligent contracts
Cronje said the industry focuses on audits when many systems can be changed by developers or controlled through administrative processes.
“The overall industry focus is still very much on the contract side, not the TradFi side,” Cronje told Cointelegraph, adding that many recent exploits involved “traditional Web2 elements” such as infrastructure access, compromise, and social engineering.
He said protocols with upgradable contracts require established checks and balances on who can update the code, who approves changes and whether appropriate time locks and multisig controls are in place.
Related: Ethereum supporters pledge up to 30,000 ETH to recover rsETH after bridge incident
Curve Finance and Yield Basis founder Michael Egorov shared the view that recent incidents show that risks are increasingly related to centralization and off-chain dependencies, and not just intelligent contract bugs.
“The vast majority of recent DeFi exploits did not result from code errors,” Egorov told Cointelegraph. “This happened because of the risk of centralization – single points of failure that operate off-chain.”
Egorov said that the Aave, Kelp and LayerZero intelligent contracts were not hacked in the recent rsETH incident, arguing that the compromise occurred in the offchain infrastructure. He said DeFi protocols could be exposed to “the entire threat tree,” with the greatest risk often being related to people rather than code.
Circuit breakers divide DeFi builders
Cronje said the Flying Tulip circuit breaker was not designed to permanently block withdrawals, but to create a window of response when outflows exceed normal parameters. “Our circuit breaker is not really designed for us to stop or prevent anything,” he said. “This is to give us time to react.”
The Flying Tulip system gives a team about six hours, although Cronje says smaller or less geographically dispersed teams may need 12 to 24 hours or even longer. He said the tool makes sense for contracts holding users’ funds, but it should be viewed as one layer of audits, distributed multi-signals, time locks and other controls.
“Security is always a multi-layered approach,” Cronje said. “It’s never like ‘this is the one thing’ that makes you indestructible.”
Related: Aave asks Arbitrum to send 30,000. ETH from Kelp exploiter to ‘DeFi United’
Egorov was more cautious. He said circuit breakers might make sense in theory, but only if they’re implemented in a way that doesn’t create a modern privileged attack surface. “Circuit breakers are controlled by humans, which means they can become a potential security vulnerability themselves,” Egorov told Cointelegraph.
He warned that if emergency controls allow signatories to change the contract code or block payouts, compromised signatories could turn the safeguard into a drain or centralized freezing mechanism. A better long-term answer, he believes, is to design systems that can operate safely without manual intervention.
“The goal of DeFi design should be to minimize human-centric failure points, not to increase them,” Yegorov said. “DeFi must be secure, and security comes from decentralization.”
Standard Chartered says the Kelp episode shows the resilience of DeFi
Standard Chartered described the Kelp episode as a sign of DeFi’s growing problems, rather than a fatal failure.
In a Wednesday research note shared by Cointelegraph, the bank said the April 18 theft exposed systemic risk after the impact spread to Aave, but said the more than $300 million raised by the DeFi United coalition and structural changes such as Aave V4 and the Ethereum Economic Zone suggest the sector is developing stronger defenses.
The DeFi United website shows that more than $321 million has been raised or transferred. Source: DeFi United
The bank said these improvements could reduce reliance on bridges, which it described as the main attack vector in recent cryptocurrency hacks.
Warehouse: AI-powered hacks could kill DeFi – unless projects start acting now
