Andre Cronje says much of decentralized finance is “no longer DeFi” in the strict sense of the word, as builders debate whether circuit breakers and other emergency controls are now needed to protect users from exploits.
The founder of Flying Tulip told Cointelegraph in an interview that many protocols are no longer immutable public goods, but rather “teams running profitable businesses” with upgradeable contracts, off-chain infrastructure and operational controls.
That shift changes the safety model, he said. While early DeFi protocols were largely defined by immutable smart contracts, newer systems often rely on proxy upgrades, multisigs, infrastructure providers, administrative processes and human response teams, according to Cronje.
“I think what we have today, including Flying Tulip, is no longer DeFi. It is not decentralized finance. It is not immutable code,” Cronje said. “They are teams that run businesses for profit.”
The comments come as April’s DeFi exploits pushed the security narrative beyond smart contract audits and into issues of operational risk. On April 23, Flying Tulip added a withdrawal circuit breaker, designed to delay or queue withdrawals during abnormal outflows. The move follows major incidents involving the decentralized Drift Protocol and the recommissioning of platform Kelp, with estimated losses of approximately $280 million and $293 million respectively.
Andre Cronje of Flying Tulip (left) and Ezra Reguerra of Cointelegraph (right). Source: Cointelegraph
DeFi risks go beyond smart contracts
Cronje said the industry is focusing on audits, where many systems can be changed by developers or monitored through administrative processes.
“The focus of the entire industry is still very much on the contract side and not on the more TradFi side,” Cronje told Cointelegraph, adding that many recent exploits have involved “traditional Web2 things” such as infrastructure access, compromises and social engineering.
He said protocols with upgradable contracts need traditional checks and balances around who can upgrade code, who approves changes and whether there are proper time slots and multisig controls.
Michael Egorov, founder of Curve Finance and Yield Basis, shared the view that recent incidents show that risks are increasingly linked to centralization and offchain dependencies, rather than just bugs in smart contracts.
“The vast majority of the most recent DeFi exploits are not due to errors in the code,” Egorov told Cointelegraph. “They happened because of centralization risks – single points of failure that live outside the chain.”
Egorov said that Aave, Kelp and LayerZero smart contracts were not hacked in the recent rsETH incident, arguing that the compromise came from the offchain infrastructure. He said DeFi protocols can be exposed to “a whole range of risks,” with the biggest risks often related to people rather than code.
Circuit Breakers Divide DeFi Builders
Cronje said Flying Tulip’s circuit breaker is not designed to permanently block recordings, but to create a response window when outflows exceed normal parameters. “Our circuit breaker is not actually designed to stop or prevent anything,” he said. “It is intended to give us time to respond.”
Flying Tulip’s system gives the team about six hours, although Cronje said smaller or less geographically dispersed teams may need 12 to 24 hours, or even longer. He said the tool makes sense for contracts that include user funds, but should be viewed as one layer between audits, distributed multisigs, time slots and other controls.
“Security is always a layered approach,” says Cronje. “It’s never a ‘this is the only thing’ that makes you invulnerable.”
Egorov was more cautious. He said circuit breakers could make sense in theory, but only if they are implemented in a way that doesn’t create a new privileged attack surface. “The circuit breakers are controlled by humans, which means they could become a potential vulnerability themselves,” Egorov told Cointelegraph.
He warned that if emergency controls allow signers to change the contract code or block withdrawals, compromised signers could turn the security into a drainer or a centralized freeze mechanism. He believes the better long-term answer is to design systems that can continue to run safely without manual intervention.
“The goal of DeFi design should be to minimize human-centric failure points, not increase them,” Egorov said. “DeFi must be secure, and security comes from decentralization.”
Standard Chartered says the Kelp episode shows the resilience of DeFi
Standard Chartered framed the Kelp episode as a sign of DeFi’s growing pains rather than a fatal failure.
In a research note on Wednesday seen by Cointelegraph, the bank said the April 18 theft exposed systemic risks after the impact spread to Aave, but said the more than $300 million raised by the DeFi United coalition and structural changes such as Aave V4 and the Ethereum Economic Zone suggest the sector is developing stronger defenses.
The DeFi United site shows that more than $321 million has been raised or committed. Source: DeFi United
The bank said these upgrades could reduce reliance on bridges, which it described as a key attack vector in recent crypto hacks.