Rethinking the Self-Custody/Safety Binary in DeFi
Learning from the recent wave of DeFi exploits & reflections on where to go from here
April 2026 was the worst month ever for DeFi exploits: more than $600 million stolen. There was a new hack almost every day. TVL is way down. As an industry, we have to reflect on what’s gone wrong and where we go from here. I’ve been thinking about it a lot and want to share some initial reflections on safety and confidentiality – more like thinking in progress, which I intend to revisit and expand upon in the coming months as experiments roll out.
Aside from the obvious learnings around DeFi protocols limiting admin controls, improving risk analysis, and decentralizing security configurations – what can we take away from these exploits? Clearly we’re facing an existential crisis in DeFi around the pervasive vulnerabilities in all code, accelerated by powerful LLMs, everywhere across the web. I’ve written about this before: we will eventually need to formally verify everything. Web3 is a good place to start because smart contracts are relatively concise while risks of losses are high. We’ll have concrete progress to share on that soon, but a lot more people should start thinking about it now. Users should be able to verify their transactions on their side to improve trust.
In addition to formal verification research, here’s what I’ve emerged with. First, we’ve been treating self-custody and safety as if they’re a binary rather than a spectrum, to the detriment of the whole space and its users. Second, what looks like a security problem might actually be a governance problem. And third, we might be rebuilding TradFi and we just need to accept it and make sure we do it better this time around.
How do we balance the cypherpunk privacy-first code-is-law mindset – one of the reasons the crypto ecosystem exists in the first place – with the realities of mainstream growth and adoption, which clearly require providing some safety, risk management, and usability to users? Being too purist about cypherpunk values will alienate most people, but that doesn’t mean we need to rebuild central banks, either. The future of DeFi requires us to strike the right balance.
Safety and Self-Custody as a Spectrum
The early DeFi ethos was, code is law. If you self-custody your assets and participate in DeFi, you’re responsible for all the risks that come with it. You verify everything, read smart contract code for every protocol you use, inspect risk parameters and updates, understand collateralization, check every block for upgrades––all of that is on the user. The upside of that was not just that your assets were truly yours but also that the burden and risk of doing that came with a big economic upside. But “code is law” is nice until the code is wrong.
On the other side, there’s what we could call the “safety” paradigm, which looks a lot like TradFi. Someone else is holding your assets in custody, which comes with the assurance that your funds will be safe from theft, fully insured, and you expect that if something goes wrong, the counterparty will handle recovery. The reason TradFi works like this is because decades of wild west banking and theft led to a clear need and demand for protecting people’s money––at a price. It also, obviously, came with complex regulations to ensure financial institutions actually did what they said they would do.
It’s obvious that the pure self-custody philosophy can’t continue. We won’t be able to grow by onboarding the general public nor institutions to this version of DeFi because they won’t want to interact while managing all the risks by themselves. The flip side is that DeFi doesn’t pay for these risks anymore as crypto matures and becomes a backbone of financial global infrastructure. We’re paying the price for that now.
The alternative of TradFi, where banks and financial institutions provide safety for their users, also has its limits and comes with a cost. I’ve personally experienced losses from the failure of financial institutions in Ukraine, where I’m from (and the USSR before that). In recent years we’re also seen the failure of Silicon Valley Bank and the unbanking of friends and colleagues for a variety of reasons, some not even disclosed. As a Ukrainian living nomadic for a period of time, I also experienced challenges with basic “validate your address” checks by banks and account blocks on centralized crypto exchanges. Traditionally operated financial institutions move very slowly, settle slowly, they’re prone to errors, and they’re carried by the byzantine dinosaur that is cross-border finance. No one wants to recreate any of this with DeFi, either.
Crypto protocols or DAOs trying to take on this (very complicated) bank-like role naively is problematic. The decision of Arbitrum DAO in response to the Kelp/LayerZero exploit from April has opened up a Pandora’s Box. Now governments around the world know there is a precedent for such action and will lobby that what they believe to be crime should also be stoppable by Arbitrum’s DAO, and that they can potentially sue an individual on the DAO council if they don’t comply. This also turned DAO into the stewards of the decision around who should receive recovered stolen funds, which is never straightforward.
So we’ve been operating in a binary of who is responsible for funds: either you give everything up to a third party or you have complete responsibility. We need to realign this trade-off into a spectrum. Protocols can embrace elements of both self-custody and safety by offering optionality to users: too far towards either extreme is worse for users and for the whole ecosystem.
How to Implement a Self Custody-Safety Spectrum
Today’s DeFi does not provide a good user experience on most dimensions. Blind transaction signing is a topline example. We see offerings like SafeWallet providing payload checkers, but things get much more complicated in a multichain environment. The idea that many DeFi protocols seem to have, that “it’s not our responsibility,” may be philosophically aligned for protocols, but it’s not for products. Most people will come to DeFi looking for a novel financial product. So we should learn from the expensive lessons of TradFi and think from fundamental principles. As a simple example, instead of the T+1 day settlement used by banks, which comes from a combination of historical technology limitations and extra human review processes, or the other extreme where everything in DeFi is transactional at the speed of protocols, we can have T+(AI review time) allowing for adaptive risk analysis of transactions.
Similarly, rather than using KYC––which actually doesn’t stop criminals, because they can buy identity information pretty easily while also creating a new attack vector where people’s identity information is stored in one place––and no checks whatsoever in crypto, we can have in-transaction analysis augmented with lots of additional context around the account and its history, surfacing potential flags without needing personal details.
Some examples of implementing such a proactive security spectrum are already in the works on NEAR. One is SHIELD on NEAR Intents, an address/transaction level API and protection system that can indicate if there is outlier activity on particular chain or a given interaction seems suspicious: for example, if funds deposited have interacted with a compromised address, if an address that had small balance suddenly withdrew a large amount from a smart contract, or if known laundered/stolen funds are on the move. This can trigger a response to slow or pause the relevant interaction in order to contain the exposure.
Even though you might expect a service like this should exist in DeFi already, it doesn’t. No one has really addressed real-time detection of onchain security issues across a large set of networks at the same time. This means that responses to exploits and security breaches are often delayed while teams try to figure out what’s going on. And as Web3 became a lot more multichain, this coordination spans multiple ecosystems now. SHIELD allows for faster, automated notifications and actions that better protects users while also discouraging illicit activity onchain, as it will get automatically tracked.
When NEAR launched Confidential Intents recently, the team intended that it would be a place for legitimate users and institutions to be able to store and move funds freely, removing another vector of attack. The full onchain visibility of most DeFi means that attackers can know exactly how many assets someone has, where they are, and can correlate when they interact with the assets, then use that information in an exploit. At NEAR, we take user privacy as a first principle – a fundamental financial right of all people who want to exercise it, but not at the expense of safety and security.
Moving forward, I also think we should see a broader move toward Multi-Factor Authentication (MFA) for wallets. The current wallet security paradigm is not working in either the self-custody nor the safety scenario: in the case of your keys and your wallet, you have ownership, but if something goes wrong, like a supply chain injection into the software you’re running, your wallet can be drained and you have no recourse. Or, if you delegate control to some other centralized party, you may feel more secure not managing it yourself, but that third party can disappear with your funds in any number of ways.
Whereas with MFA, users can lose their private key/seed phrase and the second factor will prevent their funds from being stolen. And if the second-factor provider disappears, there is a recovery mechanism based on NEAR’s Chain Signatures that can rotate that key with an appropriate delay. All this while most day-to-day usage and transactions are done with a simple confirmation of a passkey or authenticator code. The MFA provider can also run AI analytics on transactions as a security measure, similar to how JPMorgan Chase dramatically reduced credit card fraud by leveraging AI to monitor for suspicious purchases.
All of these measures make protocols and products stronger while keeping users’ funds safer. We need bigger picture changes at a system level to address the security problems facing DeFi as an ecosystem, but in the meantime there are things we can do to protect users to rebuild trust and mitigate the effects of exploits when they do happen.
A New Era of Governance for DeFi
In traditional finance, regulations and governments are the ones to step in and provide security for depositors and consumers. In crypto, governance ranges from decisions on when to upgrade, to various parameters like asset listing and collateralization levels, to what happens in the case of a major exploit. DeFi has historically tried to minimize governance, but as the complexity of protocols (and of exploits) has grown over time, that “use at your own risk” position is less tenable.
Good DeFi governance is incredibly complicated, which is one reason why most DeFi governance is bad or incomplete. In most cases, you either have everyone out for themselves, or you empower a benevolent dictator who unilaterally makes decisions and you hope they stay benevolent. (This often defaults to founders; I’ve written before why I’m of governance without defined rules.)
A key feature of DeFi is that it doesn’t operate in a single jurisdiction, and so operating with traditional frameworks is almost impossible because it’s unclear which set of laws are supposed to govern it. Our space has been trying to figure out decentralized governance right as we’ve seen in years of struggles with DAOs – nobody has really figured it out yet. And the conditions are only getting more difficult and adversarial. So what is the best next step?
One idea I’ve been thinking about for a few years and revisited recently is a DeFi Commons. This would be a third-party group that would serve as a shared regulator for all the protocols and monitor safety across them (while getting paid in the tokens of all the participating protocols). If there’s a vulnerability, they can patch it; if there’s an exploit, they can pause; and so on. Everyone is trying to solve the same difficult problems and because DeFi has so many interconnected effects, everyone is exposed to potential exploits and contaminated funds, as we’ve recently seen. The commons could be opt-in thanks to blockchain and users could get insurance, safety guarantees, and wallets or apps the user interacts with could understand that you are protected FDIC-style. The default would be to promote apps and wallets that offer these settings, and people who want to use DeFi without it are free to do so.
This would also improve decentralization and security across crypto by making it easier and safer to do things onchain. The current reality is that most users are on centralized exchanges and operate within those confines because it’s a familiar UX and feels lower risk. That isn’t meaningfully taking advantage of the blockchain. Why wouldn’t we try to make it safer for people to move into DeFi but still get most of those benefits?
Rather than considering TradFi as a dinosaur, or as an enemy, it would be more productive to continue improving on that paradigm beyond just peer-to-peer, borderless decentralized finance. Why not do better on regulation, too? Surely we can build something more efficient and technically sophisticated than human regulators that doesn’t wander into the desert of the political systems of countries and the complexities of jurisdictions. (It would take work to figure out how this operates alongside real world regulators, but the space would also be better equipped to do so, and this would probably improve reputation over time.)
Another interesting innovation that is possible now is AI-powered governance. Instead of relying on people to make every decision and on the reaction speed of a set of people, we could have an AI system that assesses and decides. It would operate on the policy provided as a system prompt when it is set up, which is effectively its constitution. Context and tools are provided that this AI can use to access onchain and offchain state and make decisions. And stakeholders can only vote to upgrade the model and system prompt. All of this running on verifiable and private AI infrastructure is required so everyone knows that exactly the correct process was run for the expected decision. This is both more transparent and more resilient than traditional governance––every decision is logged in the immutable audit log from verifiable compute and can have an extremely fast reaction speed and process as signals arrive.
Out of the Wild West
I’ve been thinking about the historical reasons why banking and financial systems are so heavily regulated. There was a long history of bank failures and thefts and the government kept stepping in to make people whole. In turn this created a huge cost of operations, slowed down innovation, and ultimately cost more for consumers. Not to mention, as the 2008 financial crisis showed, banks can’t always be trusted to behave responsibly with users’ funds even in a super-regulated system. Globally, this continues to be a problem––even with all the regulations, Ukraine had 90 banks fail in 2014-16 alone. I have used two banks that don’t exist anymore.
DeFi is supposed to be a new paradigm that is borderless, fast, fair, open to everyone, and frees users from all these issues and costs no matter where they’re from. At the same time, DeFi has been in its Wild West era without any kind of government to step in to make people whole when things go wrong. It’s time to build protections for users by addressing fundamental problems but without using traditional bureaucracy, which we know doesn’t work. I also remember the excitement in 2020 when DeFi Summer happened and it felt like Web3 was such an interesting greenhouse of innovation. And it was. It can happen again, but hopefully smarter and safer this time.
Another important point of urgency: we have potentially billions of AI agents coming into the digital financial system very soon. This will make everything even faster and more complicated by interconnecting the real economy and onchain finance. I’m very optimistic about the convergence of AI and DeFi – especially on NEAR – and I believe it’s the future of the entire global economy. AI for intelligence, blockchain for coordination. It is critically important to improve security and resilience across every dimension so that DeFi can be trusted to support agentic commerce.
We’re only at the beginning of this technology and I’m committed to making sure we build a legacy of innovation and creating more opportunities for people, not for hacks and scams. There are many great minds in our space working through these questions. Let’s work together to kick off the next great era of DeFi.
Who exactly is in a position to criticize traditional finance when NEAR Foundation and Aurora Labs have spent millions of dollars without meaningful accountability to stakeholders?
Trust has to be earned first.
At the moment, NEAR Foundation looks more like the leadership of a banana republic, with its corruption, distribution of money to friends, and protection from opposing opinions by clown forces.
And we’re not even mentioning the fact that members of the NEAR Foundation board don’t seem to believe in NEAR themselves and continue selling tokens into the market.
A product like this already existed before. It was called Aurora Shield, and it never gained meaningful adoption.
So what is NEAR actually offering here?
Asset freezes under the vague label of “suspicious transactions”?
Or NEAR Intents support that replies once every two weeks?
The idea sounds good on paper, but the core problem remains: in this model, the final decision is still made by one person, one team, or one opaque system.
At that point, why not just use a normal bank with real customer support, clear legal responsibility, and the ability to challenge decisions in court?
And if privacy is the goal, Switzerland already exists.
DeFi safety is important. But if “protection” becomes discretionary control without accountability, then we are not improving TradFi.
We are rebuilding it with worse support and fewer legal rights.