Odysseus

Security is not an issue in TradFi, more than anything is an issue in, you know, most other services because of the long settlement. Right. You can go back, as we said, do a couple of meetings, pay a couple of, you know, millions or tens of millions, but you can fix the damage. In crypto, a hack is a physics event. It's closer to an aerospace. Right. Because if you have an issue in an airplane, people die. In crypto, okay, if you have an issue, people don't die, but it's still very severe and you have this irreversible damage. And now we see, like, systemic, even

Ryan Sean Adams

bankless nation. Welcome to the podcast. We're here with Dan Elitzer from Nascent and also Odysseus from Filex Systems. Guys, it's great to have you on, although the circumstances are not fantastic. We're talking about a hack today. How are you guys doing, though?

Dan Elitzer

Doing well. Thanks for having us.

Odysseus

Thank you for having us. Yes.

David Hoffman

Let me give us a sit rep just so we can kind of just move forward through some of the details and then we'll kind of dive in a little bit deeper on some of the important details here. So, April 18th, we had a hack in Defi likely. North Korea's Lazarus Group is kind of who everyone is assuming is behind this attack, exploited Kelp Dao's layer 0 powered bridge to create 116,000 RS ETH tokens. That is the restaked ETH token out of Kelp DAO without any backing. So extra tokens minted. They then deposited those tokens into AAVE v3 across Arbitrum and Ethereum mainnet to borrow $236 million in wheat. So unbacked RS ETH tokens deposited into AAVE allowed them to withdraw real ETH from the AAVE system, leaving aave with about $280 million in bad debt that it cannot recover. As a result, some panic withdrawals have followed $5 billion in ETH outflows, with Justin sun pulling out $150 million just alone. In response to this attack, AAVE paused the RS ETH markets and the weth reserves across multiple chains just to kind of constrain the damage. And now it's got $180 million in bad debt. The TVL and AAVE plunged from 26 billion to 17 billion. Kind of as like panic withdrawals happened. Interestingly, turn of events, the Arbitrum Security Council recovered $70 million in ETH in a pretty unprecedented violation of chain state, basically seizing the stolen assets by Dao governance vote. Kind of opening up Pandora's box about what immutability means on layer twos. There are a ton of conversations that kind of sprawl out from this. And maybe just to add some context, this hack doesn't actually even break into the top 10 in terms of dollar value lost. But it seems that this hack is a top three, if not a number one hack in terms of just this significance of some of the implications of the future of the defi industry and the security of on chain assets. Dan, I want you to check me in that statement and talk to me about like why this event, specifically why this nature of this hack is so significant for the state of Defi.

Dan Elitzer

There's a number of reasons I think. One is that we're seeing such major protocols. I wouldn't CALP actually had a lot of value in it, but layer 0 is widely used across the ecosystem and AAVE is frequently held up as one of the most trusted names in Defi, obviously the largest in terms of tvl. And so to see them affected in this way by an exploit really shakes people. And I think it also is really significant because this is due to the composability that we've all been so excited about with Defi. And here we're seeing the downsides of composability when you have not just eth, but you've got like staked eth in a liquid staking form deposit into eigen layer, so it's restaked there, you've got a liquid restaking wrapper, you're bridging that to other chains, you're using that as collateral. It's. You've got these levered loops going. There's just so many things happening here and it. There's a lot of things that had to go wrong for us to be in the state. A lot of people have been playing the blame game saying like, you know, who, who's responsible here? And I think the answer is if any of these parties had been more buttoned up, everybody from, from kelp to layer 0 to AAVE to AAVE borrowers, potentially even the EF, like there's, there's so many different places that you can point fingers, but if anybody had really, really done their job, the damage would have been less than it was.

Sponsor/Ad Host

When the market pulls back, most people just wait. They hold cash, hoping things stabilize. But there's another move, and that's where Nexo comes in. Nexo is a platform built to help

David Hoffman

keep your digital assets productive.

Sponsor/Ad Host

You can earn daily interest on supported crypto assets through their yield product or get funds through a crypto backed credit line without having to sell any of your assets. So if you want optionality, Nexo gives you both sides of the equation. You can put your assets to work or borrow against them when you need flexibility. Nexo has been around since 2018 and has over 8 billion in assets on the platform and has paid out more than $1.3 billion in interest to clients globally. So if you're a new US user, there's a welcome incentive waiting for you

David Hoffman

when you sign up.

Sponsor/Ad Host

Check it out at the link in the Show Notes and as always, this is not investment advice. In 2024, emerging markets generated over $115 billion in annual yield for investors. With yields ranging between 10 to 40%, these are some of the highest, most persistent yields on earth. The problem defy can't access them. BRICS changes this Built on mega eth, BRICS takes emerging market, money markets and sovereign carry and turns them into composable primitives. You can access Straight Wallet While defi investors earned 3 to 6% on stablecoins and T bills, institutions have been harvesting 10 to 50% yields backed by sovereign monetary policy. BRICS connects these worlds with institutional grade tokenization, local banking rails compliance across jurisdictions and real time stablecoin settlement. Bricks does the heavy lifting so Defi can finally access real collateral and structured products on top of real world yield. Even the best carry trades can be within reach. Bricks brings DeFi's promise to the emerging world and brings emerging market yield to your wallet.

David Hoffman

Let the yield flow with Bricks some exciting news.

Ryan Sean Adams

We are launching a new podcast to help people figure out the crypto cycle how to navigate it. The best crypto cycle investor I know his name is Michael Nadeau. He runs the DEFI Report. This is the guy that sent me a sell alert before the 10:10 price drop happened. His cycle analysis has been absolutely on point. I've been following him for years and this year we started recording weekly podcast episodes. Each one we get into his portfolio, what he's holding, the market structure, entry targets, fair market value of Bitcoin and ether and where we are in the cycle, there's new episodes that are released every Wednesday. They're 30 minutes, they're short, they're punchy. I think this crypto cycle is harder to navigate than most. So let's do it together. Go subscribe to this podcast, Search the Defi Report Wherever you get your podcast, YouTube, Apple, Spotify or find a link in the Show Notes There's a New episode waiting for you now.

David Hoffman

Yeah, there's also just a nature of just like the level of sophistication because it required the threading of a needle across like three needles. Right. You needed to have exploited layer zero and then that had to align with the risk management in AAVE and also with, with, with KelpDAO's utilization of layer 0. All of these things kind of had to align and then for the attacker to attack all of them at once. Odysseus, maybe we can get into what I hope is like the most technical part of this episode, but also keeping it high level because you know me Ryan, we're not technical. We have a lot of non technical listeners. So while also doing a technical job, keeping it high level, can you just inform us about how this exploit actually happened? How did this work?

Odysseus

Yeah, so we're still getting information. We still don't know how the attackers were able to actually get access to layer 0 systems, but they seem to be able to have pretty deep access into the systems. And what they did basically was to replace the RPC nodes they have deployed with a malicious RPC node which showed fake data. Right. And this fake data were piped into the validator network, which was not a network, which was just one node, was a one of one. And based on this fake data it said, oh, there is a deposit on unichain of this amount of restrict eth of kelpdos eth. So what I should do is send a message to the receiving end on Ethereum through withdraw now the eth. Right. So on the receiving side it received this message, validated it and then released all these ETH that were then used in AAVE to be able to exchange them for eth. Right.

Dan Elitzer

Well to be very clear, released the RS eth so the RS eth could be deposited into aave.

Odysseus

Yeah, exactly. Yeah.

David Hoffman

Okay, so layer zero cross chain messaging protocol. Part of this industry is we have networks upon networks. You want these things to kind of like work as a seamless experience. Layer 0 is in pursuit of that allows for messages to be passed across chain and from the user experience that it looks like assets can go across chain because layer zero will lock up assets on one chain, mint IOUs on another chain. And so far as layer zero protocol works, those IOUs are equivalent if in the best case that part is what failed. And then you also, Odysseus, you said that the DVN the one of one, there's the layer zero protocol and then there's like a surrounding validator layer validity layer that audits everything and like passes, you know, verification saying like, hey, this is working as intended. That surrounding layer is what got exploited. It should have said, hey, this is not working as intended. But it's instead because there was weak security, KelpDao only used 1 DVN. That 1 DVN was the target of the exploit and the DVN passed a message of, you know, thumbs up when it should have passed a message of thumbs down, which is what allowed North Korea to withdraw excess RSE tokens that it shouldn't have. All, all of this checks out, right?

Odysseus

Yeah. Exactly.

David Hoffman

How sophisticated was this exploit? Like in, in the, in the grand scheme of how difficult it was to do the, the number of moving parts, how difficult of an, of an exploit was this?

Odysseus

Probably one of the most sophisticated exploits we have seen, I would say the level of access they had into layer zero systems because not only they replaced the, you know, the RPC nodes with a malicious version, but after performing the attack they also replaced them again with the original binaries and also they, they basically cleared up all the evidence in logs such that the alerting Systems of Layer 0 would not go off. Right. So it's a very sophisticated attack because of the level of access they had. It's actually very scary.

David Hoffman

And what are the takeaways? What do we need to know because it's so sophisticated, what lesson does that teach us or what worry should we have?

Odysseus

I think as the space, we have focused a lot on the smart contract level security which has a lot, you know, developed. And I would say we're in a very, we're in a good spot in terms of sophistication. As you know, the previous breach attacks were smart contract level vulnerabilities. But now with this attack with Drift before, we're actually seeing the social layer being the actual attack vector where they manage to get access to people, their computers and through the, probably through to the systems. Right. So it's the human link that is actually now the weakest.

Ryan Sean Adams

As you guys were talking about that like, you know, David, you're, you're talking about this and Dan and Odysseus and we were saying we have got Kelp Dao and we've got Layer zero and we've got rse and the RSE was the thing that was hacked. It wasn't eth. I'm, I'm trying to like, it's so much to track, right? So like even, even for myself being just like enmeshed in defi, it was a, it took a little bit for me to Put together all the pieces. I'm wondering, how in the world would you explain this to a normie? How would you explain this to, like, your parents or your grandma in terms of what happened? Because something like this is inconceivable in tradfi, right? It's almost like you'd have to explain. You'd have to say, okay, okay, Mom, Dad. So you want to know what happened to this defi? Imagine bank of America. They have a balance sheet and they have a bunch of mortgage loan obligations and a nation state like North Korea. Kim Jong Un was able to reach in there and steal all the houses. And so a portion of their debt on their balance sheet was bad debt, you know, 280 million worth. And that's the problem we're facing. We've got kind of a balance sheet issue. You'd have to explain it, like, something like that, because this just can't happen in tradfi. And I'm almost asking for, like, what's your best explanation of what happened to a normie, Dan? Like, how would you. How would you tell this to someone on the street that's just like, oh, I heard there was a hack in defi and it was kind of bad. What was it? Can you explain this in simple terms?

Dan Elitzer

Yeah, I mean, I, I think you honestly, you really can't. That's, that's the main. That's the main issue here, is that, like, it's not understandable by normies. I, I do want to push back a little bit on the idea that, like, this is inconceivable in tradfi. We've. We've also seen massive levels of fraud in tradfi and even things like the Swift Network, Right. For transferring money, where we had that case where I think it was the bank of Bangladesh, there were all these, like, fake messages to the Fed trying to transfer, like, a billion dollars doing that. So, like, we have absolutely seen incredibly large compromises and issues in the traditional financial system as well. The difference, and I think Odysseus did a great job calling this out, is that this is fundamentally different in that when we mess up in defi, the. The money is gone. And, you know, with. With the possible exception of things like the action the Arbitrum Security Council took, where we're able to fight back in some cases, there's, I think, a lot of pros and cons to actions like that that we need to talk about and go deeper on. But in Trad 5, there's potentially at least a window of recovery and correction. And here, where it's also really bad, is the trickle through to individual users. So frankly, we just need to fix this. We need to, I think every single party involved, and not just involved here across the ecosystem, everybody needs to step up their game because yeah, it was layer 0 and KelpDao and AAVE involved this time. There, there is, there are absolutely things they could do better, but I don't think there's any team in the ecosystem that could say nothing like this could ever happen to us. So we just all need to level up. And that's, that's the answer. It's like it just needs to be safer so that we can have grandma use it and not have to understand these things, because these things really aren't possible because of the layers of security that we build into the system at every level.

Ryan Sean Adams

And that's what I mean by this being inconceivable in tradfi. It's not that fraud doesn't exist or bad assets that aren't really backed in the way that we think they're backed. You know, that stuff all exists in tradfi. What doesn't exist is in instant settlement and bearer assets that once you take them, they're gone. So even the example I gave of suddenly all the North Korea stole all of the mortgages, you can't really steal a mortgage. It's just like an iou. In this case, they're literally, it's like they're literally stealing all of the assets, they're literally stealing all of the houses. So Odysseus, I know you've thought about this. How would you underscore for people outside of defi and crypto, how this is different than tradfi?

Odysseus

Well, in crypto, a transaction, a hack is a physics event. I think it goes back to whether you can clawback or not, whether you can undo history. Right. The main difference is that in tradfi you can have all these issues, but at the end of the day you do a couple of meetings. It's expensive. But because of this long settlement, you can sort of circle back and fix it right here. You can't. The ledger is a truth and the ledger is immutable by design. So this amazing thing that brings the capital efficiency, which is why tradfi is adopting crypto, is because it's more capital efficient, is also the same thing that creates these problems right now. And so much pain. Right. It's like a double edged sword.

Ryan Sean Adams

I want to ask another question because we mentioned three parties in particular and maybe there's more than three involved here. But we mentioned layer zero, we mentioned AAVE and we mentioned KelpDAO and they're the, the protocol group behind the RS ETH that was actually minted and actually stolen and taken. So there's been a lot of blame going around and I'm curious from you guys, like, who's responsible for this? Whose fault is it?

Dan Elitzer

Everybody's right. Every, everybody involved has some amount of fault. Where should the buck stop? Well, I think that's, that's for each of them to individually determine. So within, I think the big question has been the Kelp DAO team basically has the ability to decide, hey, we've got this eth backing. Are we going to treat the bridged RS ETH and the native RSE on Ethereum as exactly the same and give everybody equivalent haircuts if we need to haircut this? Or are we going to say that really this was a bridge exploit? We're actually going to push all of the haircut to the L2s and say that we're going to, you know, fully back the L1RS ETH and that has ripple effects for they in terms of how they need to handle this. What I will say is we're all speculating right now. None of us, I believe, are in the rooms where there are, I'm sure, negotiations and deals and capital injections and things like this that are being discussed. I think it's unfortunate that whatever those discussions are taking as long as they have, but I do expect that at least a couple of the parties involved will have some form of deal or injection or negotiated thing happening to help them be less impacted. But they're ultimately responsible for their own users and the decisions that led to those users being hurt.

Ryan Sean Adams

So everyone's at fault. But I wonder if we could be more granular in. Because they're at fault in different ways, I would say. Right, so I'm going to simplify this and then, and then you guys, you know, correct me or tell me where I got things wrong. Right. So obviously layer zero, they got infiltrated somehow. So whether this was some kind of a sophisticated nation state social engineering hack to, you know, give North Korea access to their servers, you know, there's obviously an issue there. They also let their customers configure things in a way that was like a one of one DVN kind of validator, I mean that shouldn't have been the default configuration. There were some security issues with respect to that. So there's a set of things that layer zero could have Done differently. Kelpdao, to your point, I suppose they shouldn't have configured Things and trusted layer 0 in the way that they did without really investigating. Okay, like how could this bridge fail and in what ways? Because ultimately it's their customers that were affected, all of the RS eth holders. And then I guess on the AAVE side, they let this collateral into their global shared risk platform for all collateral. So they looked at RSE and they didn't discount it from a risk perspective in the way maybe they should have. Maybe they let too much in. For instance, maybe they didn't assign a risk profile that would say like, okay, this is significantly more risky because we've daisy chained all of these different bridges and layer two together. It's more risky than just plain old vanilla wrapped eth, which is what a lot of their depositors actually, you know, have is wrapped eth. So AAVE should have risk assessed this more. Layer 0 should have had more security, better defaults, particularly with this amount of money. Kelp Dao shouldn't have used layer zero in this way. Is that roughly fair in terms of Odysseus, where you design the detailed blame here?

Odysseus

I would totally agree with how you position it is. Of course layer zero got infiltrated. It's problematic that we're suggesting default configs that were not secure enough. You know, my assumption is that, you know, they want to allow their customers to go to market very quickly and as you know, easy as possible. So they were, you know, doing that and then they never circled back to these default configurations. As the team grew and their ability to execute better grew, they didn't circle back to say, okay, now we need to step it up, right, because they were offering it as a service, right? It's not helpdad who's running the servers, right. And then Kelp of course, should have investigated or understood better. And I think that's there's like, I think two reasons why breach hacks have historically been the worst. On one side you have bridges being a huge pile of money sitting in one contract. But on the other side is that the mental models are very weird. It's not easy to reason about IOUs and you know, where, where the attack vectors are and who you need to trust, which I think also is what resulted to aave, maybe not risk assessing it properly. I'm sure that for a lot of users, they don't know they have IOUs.

Ryan Sean Adams

There's another party that maybe we can assign some blame or maybe this is a system or structure problem. Odysseus you just mentioned that so many of these are bridge hacks. And the thing that we just saw this week was yet another bridge hack. Maybe it's a fault of the architecture and the system that we've built on top of Defi and Ethereum that we have to depend on all of these bridges in the first place. And you could say, and I've seen some make this argument, that this is downstream a result of the Layer two roadmap, for instance, where you know, the hack didn't happen on layer one mainnet, it happened because we had bridges to different L2 type systems. And you could also say, well maybe it's the fault of the technology. We've relied on these optimistic roll up seven day withdrawal type bridges. The UX and the friction behind that has been so terrible that we've had to rely on, you know, maybe I'm oversimplifying this, but like multi Sig style, weaker bridge type configurations of the type that that layer zero put in place and we just had to do that. Or else what? Or else Defi wouldn't grow, or else we'd have no new users. And that was downstream Of Ethereum layer 1 not having the technology or a scaling strategy. And so we've, we push things into more rickety, less secure solutions just for UX and for users. Do you think that's a credible charge that just like the architecture is to blame here?

Odysseus

Yeah, it's, you know, I think it's just a result of the same reason why roll ups are not great. The same reason why bridging sucks. Why even account abstraction is not great, is because the protocol was unable to coordinate and make decisions about these things. Right. And just pass the back to the app layer to coordinate. And then things had to be bolted on in, you know, weird ways. Right. And because the protocol couldn't offer better assurances, people just regressed to the quickest, easiest, cheapest, better UX solution, which is you just have a multisig that decides things. Right.

Dan Elitzer

I want to push back a little bit on, on the blame here, going to the architecture. Like could the architecture have been better to give us better options within ethereum and Ethereum's L2 ecosystem? Absolutely. But I think it's also unrealistic to say that we're going to have, even if we Ethereum had executed perfectly right, we scaled L1 much better. We actually have canonical bridges with all these L2s on Ethereum and like we got all the stuff we want from that roadmap, there are still going to be other chains.

Odysseus

Right.

Dan Elitzer

There are, there's too much incentive to have multiple L1s that are making different design trade offs and different go to market trade offs, different trust trade offs. And because we're going to have meaningful assets on multiple chains, there's going to need to be some way to connect those. Could we connect them better? Yes, but it's not all going to happen natively within one L1 plus its own native L2 ecosystem. It's we, we have to have solutions that are reasonable solutions to use to bridge assets across much more kind of varied chains.

David Hoffman

But Dan, doesn't that mean that if we had a environment in which we had real time ZK proving, which is somewhat recent in terms of the tech tree that we have in crypto, but we do have it now and the Ethereum Economic zone out of the gnosis end of things and the Zisk side of things is like a possible way to have these much more performant canonical bridges that would, that wouldn't need a third party bridge, it would actually be part of the actual protocol. And so while I'll take your point, no one's is going to stop the perpetual incentive to build another layer one. Nonetheless they're with a real time ZK proving ecosystem inside of Ethereum's own network. Wouldn't that have actually solved that component of the exploit stack? Like the famous Elon Musk quote is the best component is no components.

Dan Elitzer

Yeah, yeah, but I think even that though it's not guaranteed free from failure. Right. There could be problems in the ZK cryptography or in the implementation. Any additional layer of complexity more things can break. And so I think we just need to do a better job of both pricing that risk that's coming in and also building in layers of redundancy. Right. One of the things that the Athena team did, they are also using layer zero. They have a more secure. They had a two of two. They just announced they've updated it to I think a four or four when they turned it back on but they also had rate limits essentially I think it was like 10 million per hour as the max that could be moved via layer 0 across chains. So there are different things that you can do, rate limits, circuit breakers that say we are going to assume at some point any of our trust assumptions can break.

Odysseus

Right.

Dan Elitzer

And so if you build your system with the assumption that any individual component can break and ideally that like maybe two different components, three different, however many components break that you still can limit the damage. Right. I think everybody has to assume Both in the crypto ecosystem more generally. You are going to get hacked at some point. Some level of your personal security, your infrastructure is going to get exploited at some point. And you need to have a plan for what to do when that happens and to limit the damage that can be created in that event. And I think too many teams have been like we're just going to do everything we can to like stop anything bad from happening. Guess what? You can't. Something bad is going to happen and you needed to make sure that you've eliminated the damage that will occur when that happens.

David Hoffman

Let's talk about who got hurt in all of this and also just the current state of things because things are not completely resolved as it stands. So just to kind of list off the parties that are taking haircuts, that's the AAVE ether depositors. There's now not enough ether in the AAVE system to return all the deposited ether to everyone who deposited it. So there is some amount of like under collateralized amount of ETH in the AAVE system. RSER holders broadly this is the KelpDAO retaked token. RS ETH is now 15% unbacked because that amount got minted or released by the layers of your bridge when it shouldn't have. There's also the AAVE DAO umbrella stakers. That's kind of like the AAVE insurance fund. We don't really know the outcome of this, but the whole point of the umbrella insurance fund is to meant to ensure against bad debt. AAVE now has bad debt likely wiping out the stakers. We don't know how much or who are the sakers who are involved. That's something that AAVE the DAO is going to have to determine. Those are who those are all the parties I think got hurt in this. But there's also, there are currently funds stuck in AAVE. So ether USDC USDT tether. The utilization in AAVE is at 100% meaning anyone who's deposited these things cannot withdraw them because there's not enough assets to withdraw. There's not enough liquidity for people to exit this position. My big question Dan, is I, I don't know the answer to this. How does this get resolved? Like if I have ether in AAVE or if I have have money in a. How, how do I get my money back?

Dan Elitzer

Yeah. So right now the answer is like you, you largely don't. I think fluid came up with an interesting way to allow people to kind of like swap out and be an exit by trading Their a wef for the different backing. I think they've got we eth and some other stuff in there. The way that I think this is going to get resolved is that there will be some deal cut, some capital injection coming in. I think AAVE does have the ability to recapitalize here. The AAVE token, while it is taking a hit, is still quite valuable. The team is strong experience, they've got a lot of brand equity and trust built up in the ecosystem. I would assume that they are working around the clock to cut some sort of deal to help protect as many of their users as possible. I don't know when that will be announced, what the shape of it, who would be involved, anything but like there's no way they're not having those conversations. When AAVE is in trouble like this, it ripples across the ecosystem. We've seen even other lending protocols, you know, morphos, seen outflows. I think actually Spark might be the only one with kind of net inflows at this point. Fluid saw outflows. Others, like people just are pulling capital back. When you've got these funds running strategies at size where they're 3, 4, 5x levered on some of these like eth loops and kind of carry trade loops on stables. This, this is bad. Everybody wants to get out and either we're going to start seeing some liquidation soon, that's going to kind of like forcibly kind of unwind some of this, or we're going to see some form of capital injection and bolstering of trust. Because right now what we're seeing is a bank run and it is having contagion effects across the ecosystem.

David Hoffman

I know we, you just mentioned this, Dan, but I really want to underscore some of the details here. The, the risk parameters that any borrowing lending protocol should have. Where we're now using words like circuit breakers and rate limits. Can we just like emphasize, underscore that one more time? What in this, in the context of defi. In the context of a borrowing lending protocol, what is a rate limiter? What is a circuit breaker, how my AAVE or another protocol implement them. And I think we're all as an industry kind of understanding that this needs to be standard circuit breakers and rate limits need to be standard in protocols moving forward. Can you just like define these things and, and why they're so important for borrowing lending protocols moving forward?

Dan Elitzer

Yeah. So for rate limits within a given protocol, you say, hey, no more than this amount of deposits, withdrawals, mints can occur within X number of Blocks ideally.

Ryan Sean Adams

Right.

Dan Elitzer

Because that we can be much more certain on blocks than timestamps. And then the idea of like a circuit breaker is like, hey, rather than hard limiting, saying just we're going to prevent this action, you actually can circuit, have a circuit breaker where it says we're going to pause other functions of the contract should we go over those limits within a given time period. And so that's, that's the difference is like rate limits just like says, hey, you can only take this action up to a certain volume within a certain period of time. Circuit breakers say if you exceed those limits on the rate limits, we actually pause other functionality as well. And the very I think nuanced thing here, because we spent a lot of time looking at this a few years ago and trying to come up with more of a universal circuit breaker system that could be used, you can actually make problems worse in some cases by having a circuit breaker because you can have parties try to maliciously trigger the circuit breaker.

David Hoffman

Right.

Dan Elitzer

You get grief attack again, given the interconnectedness we see across the system. Yeah, you can start griefing systems or you can be trying to say like, hey, we're trying to mess with this protocol over here, so we're going to trigger circuit breakers in this other protocol so users can't then like pull liquidity over here to go rescue positions over there. There are a lot of additional kind of like second and third order effects that you need to think about when you're implementing both rate limits and circuit breakers.

Ryan Sean Adams

Dan, would AAVE v4 have reduced the exposure here? This is like the idea of AAVE4 is you have kind of some separation of, of risk and, and pools, you know, in some way that morpho separates some of that risk. Would that have helped here?

Dan Elitzer

Potentially it depends on like, I think AAVE v4 has more tools that could have mitigated it. But again it comes down to the implementation. Layer 0 had more ways that you could have used their infrastructure to make this safer that then weren't used in this case. So just the mere existence of AAVE V4 would not have lessen the impact here. But it is possible, using some of the tools available on AAVE before it could have limited the damage.

Ryan Sean Adams

There's another wrinkle to this story which has led to a philosophical question for crypto into defi. And that was something that happened yesterday, which we'll call this the arbitrum recovery. So there was about 30,000 stolen ether in the hacker's hands on the layer two arbitrum. So this is arbitrum one, of course. So off of Ethereum and on the layer two. At some point yesterday, Arbitrum Security Council used emergency powers to freeze and move those funds to a locked wallet. They didn't disrupt any other users on the chain, they just targeted this one specific case. They grabbed the funds they essentially stole from the hacker who had already stole. So they theft from the thief in order to recover these funds. The implications of this are interesting. Like first of all, North Korean hackers must have left the eth on Arbitrum because they thought it was safe. They didn't really think through that this could happen, that the Security Council could step in. The Security Council itself was that, Is that what's the multi sig on that? Is that like a 9 of 12 or something like that? So 9 of the parties had to agree to make this a regular state change out of 12. And they, they got those nine parties to agree and then they executed the method. But essentially that's kind of like if 9 of 12 on the security Council agree, it's kind of God mode over anything that happens on Arbitrum. And so there were many who celebrated this as like, hey, we got the money back. This is fantastic. We've helped save Defi. Now again, this is only 30 million of the $280 million hack. So it kind of takes the edge off, particularly for the RS eth affected users on Arbitrum, but doesn't completely get all of the funds returned. But there are many who are celebrating this, of course, and indeed that's got to be the gut reaction. Right? So somebody stole the money. It's North Korea, you know, who knows what that, that those funds are going for? And we just took it back.

David Hoffman

One small detail. You said 30 million, Ryan. 70 million was recovered by arbitrary.

Ryan Sean Adams

70 million.

Odysseus

Thank you.

David Hoffman

The $290 million hack, I see.

Ryan Sean Adams

Yes, yes, 30,000. 30,000, but 70 million, okay. And so, and others are saying, well, you know, I didn't know we had this back door. We've crossed some Rubicon. Now this is a stage one roll up. So we know on paper they have this authority and ability. But now once they've exercised it, maybe they'll be asked to exercise it for all sorts of things. You know, in fact, I.

David Hoffman

Smaller hacks.

Ryan Sean Adams

Yeah. You know, recovered funds, $10 track. Recover, recover funds.

David Hoffman

Oops, I lost my private keys.

Ryan Sean Adams

What are the implications, do you think, for this decision? Decision? And is this, is this what we want from our L2s? Like ultimately in this case, maybe you'd argue that it was a good thing. But does it have implications downstream?

Odysseus

I think it has, actually. I think it's a good thing that we did this since we have the power. But it's going to circle back, right? Because with the Clarity act, which was an attempt from the industry, you know, dc to regulate crypto, there was a lot of roll ups that were making the argument that we should be regulated like Ethereum or Solana because of our design. Right. And now they've proven that that's not the case. And you know, there is a lot of people in, especially in D.C. that are very anti crypto. We saw that with the previous administration and they're taking notice, right? They're taking notes. And I think when the roll ups try to make the same argument again, this will circle back and this could even get worse if. If in the next administration we have a much different outlook against crypto, which could be very well used to do another witch hunt. Which was also one of the major arguments why people were saying that for drift, for example, Circle did well not to freeze the funds.

Dan Elitzer

I also want to make clear it's not just an L2 issue, right? This, if we start to see a future administration or any government start to come down, the idea that they could start making demands of node operators on L1 to, you know, not sequence transactions for certain addresses or to all agree to a fork where there's an irregular state change, like absolutely, pressure could come to L1s as well. So I think ultimately, at the end of the day for all of these systems, the ultimate, ultimate, ultimate root of trust comes down to the social layer. And so I think we just need to be aware of that. And I think while I, I do think that this was a good action in this case when we, when we view it in isolation, I think, you know, were I on the Security Council, I likely would have gone along with this. I think that a lot of people who are right to celebrate it in the moments we're going to look back on this and it really has the potential to set bad precedent in a lot of ways going forward. I don't know that given the ability exists that we could have expected them to do otherwise, but it's. I think we're going to be talking about this decision quite a few times in the years to come.

Sponsor/Ad Host

You would have never thought two years ago that you could soon be trading tokenized oil on Metamask, but here we are. I've been using MetaMask since 2017 and we all remember buying NFTs with it in 2021 and now in 2020 26. If you haven't checked in on Metamask recently, let me tell you, you can trade tokenized stocks, funds and commodities along with leveraged perpetuals, prediction markets and even yes, you can gaseously swap between crypto tokens across networks too. There's advanced security features like MEV and front run protection and even a debit card so you can actually spend your crypto directly at merchants all around the world. And it's all self custodial, everything you want to trade in one place. This is the open money future we've

David Hoffman

all been waiting for.

Sponsor/Ad Host

Check out the new Metamask is already on your phone or in the link below.

David Hoffman

Quick shout out to okx they are

Sponsor/Ad Host

live in the States building the new Money app and Wall street is taking notice. The parent company of the NYSE just invested at a 25 billion valuation and took a board seat. That's the New York Stock Exchange coming to crypto, not the other way around. And why OkX? It's the only app combining a full centralized exchange and self custody wallet in one place. Sex trading, dex access on chain activity all in a single interface. Nora bouncing between five apps, copying pasting addresses or bridging tokens in separate tabs. They support Bitcoin, Ethereum, Solana Base and more. Millions of tokens just a few clicks and an infrastructure that processes trillions in transactions and keeps assets fully backed. OkX users are set to get tokenized New York Stock Exchange stocks and derivatives later this year. Traffi and Defi finally in the same app. Head to the link in the show notes, download OKX and see why it's the NYSE go to for going bankless in the United States, not investment advice services not available in New York and Texas.

David Hoffman

It seems that though the code is law like standard was never really going to be our future anyways and something like this was inevitably going to happen. We were going to have some sort of state violation chain state violation by some sort of layer two because they could and so I kind of see this as like you know, a fork in the road but are also like our destiny nonetheless. And now like it's coming in an era in which like crypto is entering its like tradfi era and you know tradfi has all of these like legal constraints because it's you know, human governance systems and ultimately at the end of the day we have our layer twos have not created like perfect one to one immutability as with the Layer one, and that's where a lot of finance is happening. And so it seems like we're kind of destined for this outcome where, you know, we got, we did the code is law thing as far and we took it as far as we could. And now we are in our human governance, controls over people's assets era, admitting to that. And we're probably going to be leaning into that moving forward because, you know, we, we had, it's, you know, Ethereum's 17 years, 16 years old now. No, 11 years old now. That's a different number. And like we, we had our chance to make the perfect immutable system. We didn't, we didn't perfectly create it. Maybe, maybe we got it at the layer one. Maybe we don't even want to create it. Like at the end of the day, I'm kind of saying like the best system is the one that does the right thing rather than the one that always upholds, you know, code is law. And I think a lot of people, Ryan's, Ryan's going to throw a flag in a second. Yeah, but a lot of people are coming to like, kind of terms with that is like the systems that we want are the systems that do the right thing. And doing the right thing requires some level of human governance.

Ryan Sean Adams

Well, that's the whole thing. Like who decides what the right thing actually is? I mean that's the entire. And here we go with like Jason,

David Hoffman

democracies and governance and all this kind of stuff.

Ryan Sean Adams

But, but okay, so let me ask you guys this because I think this is worth like really, really talking about. So I think you can run both experiments. It's fine to have both experiments. Right. So you have some environments that's Ethereum L1, let's say that's Bitcoin, where code actually is law and you're, you're playing Diablo 2 on hardcore mode where like things happen and it's actually dead. It's, everything's over.

David Hoffman

Die. You die.

Ryan Sean Adams

Yeah, yeah, you have actual bear instruments. And then every layer two or other chains or assets or smart contracts, they have to make a decision. They have to either decide that code is law or it's not really law. Right. They have to either prioritize decentralization or some sort of intervention. What I think goes away is this messy middle area where we're like, we kind of talk about decentralization in Code is Law, but we actually do have, you know, a button that we can push for emergency situations and reverse certain actions. I think that is untenable and you know, to be fair, that's what the, the stages in L2B are actually for. You know, you have stage one, which is you still have a Security Council, and you get to Stage two, there's no Security Council. Right. It's kind of much more a code is law world. But the question for these L2S is, is that where they actually want to go?

David Hoffman

Do we actually want Stage two?

Ryan Sean Adams

Do users even want Stage two? Right. Because, like, if I'm a user on Arbitrum, I'm kind of like, whoa, I don't, you know, I'm glad that they did that. If I'm an RS Eth owner on Arbitrum, it's a feature, it's not a bug necessarily now. And am I worried that Arbitrum is going to unilaterally, like, you know, steal my. Not, not. Not really. Not so much. So this comes down to user preference and ecosystem preference. But I think what's going to have to happen is if an Arbitrum decides to not be Stage two, kind of fully decentralized, and, and try to match Ethereum, what they're going to have to do is become a lot more fintech, like in terms of making these decisions much faster and having escape hatches quicker

David Hoffman

and having, and having like, structure to structure these decisions.

Ryan Sean Adams

We're seeing, yeah, the ability, they need to kind of ramp that up and have it like automated. Right. And to publish the rules. Like, we're even seeing this with USDC and Circle right now, which is like, when does Jeremy Lair and Circle decide to like, freeze USDC or not? Like, the reaction time is not quick enough or appropriate enough to, to meet kind of the actual market need and demand. You guys want to say stuff, so go ahead.

Odysseus

Dan.

Dan Elitzer

Yeah, well, so, so I, I'm in full agreement with you that we need to very clearly define what actions can be taken under what circumstances. But it's also great that you brought up, you know, Circle and Tether right here because the idea that L1 Ethereum is somehow different and is. Is fully code as law. Like, no, false. Like, what if there. And I think just as you brought this up on, on Twitter the other day, like, what if there's like a compiler bug related to like weth? Like we've got like rap Eth being used. Like, what if there's like we get Infinite Mint on weave, right?

Ryan Sean Adams

Okay.

Dan Elitzer

Like, do we think there's not going to be a lot of social pressure discussion, like, hey, do we fork to fix this? There's going to be two forks who ultimately chooses the fork. I can tell you today if Tether and circle say this is canonical Ethereum chain, we are, we are honoring USDT and USDC only on this chain, not on the other one. Like, I'm sorry guys, like, that's the winning one. And do they have governments coming and men with guns saying, like, you must choose this chain fork. Okay, they're choosing that chain fork. Like it's, it's again, it is ultimately like social all the way down. Even at L1, it's just the bar for reaching that level is considerably higher.

David Hoffman

The, the bar being higher I think is the key point here because like, just because it's all social all the way down. Like we're even watching Bitcoin governance elevate bips about what to do with satoshi's coins. And so even Bitcoin isn't removed from the same conversation, but it is a level of like messiness and structurelessness. The more you go down, like you go down to the like Bitcoin governance and you see just complete chaos. You go to Ethereum governance, still chaos, but somehow working. And then you go to Arbitrum and It's like a nine of 12. And so there is like a gradient of messiness. And just because it's humans all the way down, which I totally agree with, doesn't mean we get to just capitulate to the point where like, oh, it's all, it's all human governance at the

Odysseus

end of the day.

Ryan Sean Adams

But the first two are different though. So in the Bitcoin case and the Ethereum case, I would argue that that's kind of like hard fork governance. That's partially why the bar has to be so high. It has to be something to your point, Dan, that's existential. Now whether USDC and Tether withdrawing their support from Ethereum meets that standard. I think you'd say it does because that would wreak havoc on all Ethereum defi. And so you'd say that's existential. That would cause a fork. Others would say maybe not. And that's why there's a fork, right? Potentially. But there's no like 9 of 12 multisig. Do you know? It gets, it gets the same thing with Bitcoin. It gets resolved in this messy, fork driven, governance, structureless type of way. And that makes it such that the bar is quite high. Has to be something existential before you actually trigger that. But Odysseus, you wanted to chime in.

Odysseus

Yeah, I think it's an interesting observation. Is that you know, when Sui had a big hug, they had a rescue. Baratain did the same. And then when the Drift hacker hugged Drift, what did he do? Or you know, they do. They moved to Ethereum immediately. They didn't stay in Solana. So it's also very interesting how they perceived decentralization. But in Arbitrum they stayed for two days, right?

Ryan Sean Adams

Yeah, that's interesting. You think they thought that, thought they were safe then on Arbitrum probably, you

Odysseus

know, safe and tired.

Ryan Sean Adams

But yeah, North Korea was not checking on L2B then. They had no idea this was a stage one and that there was a Security Council.

Odysseus

They probably didn't know what the Security Council could do or how quickly they would coordinate.

Ryan Sean Adams

So this will never work again for an L2 is kind of what's happening

David Hoffman

exploit will not happen on a layer

Ryan Sean Adams

two anymore because for every L2 that's stage one or under, the funds won't be kept there, they'll be moved somewhere else.

David Hoffman

Well, this is now kind of like user expectations, probably on Layer twos.

Ryan Sean Adams

Oh yeah.

David Hoffman

If I get exploited, even if it's not, if it's on optimism or base or anything, like if me, a Coinbase customer, gets my assets exploited on base, you bet your ass I'm tweeting to Jesse and Brian to go recover my funds.

Ryan Sean Adams

And not just tweeting necessarily. Right. There could be some people with stolen assets who just take this to civil court in some way. If you have the ability to freeze the money and refund the funds, you're morally obligated to do so, are you not? And then ethically, the game theories evolve.

Dan Elitzer

This right here, right? Lazarus is learning very fast. They've adapted a lot over the past few years and to a disappoint, like they're going to get the funds off the rollup real fast. It seems very unlikely that roll up teams would be able to respond faster than what the current expectations are that users have in terms of the ability to relatively instantly bridge large amounts of funds back to L1 or to some other chain. So they're not going to leave it there to be frozen for future hacks.

Ryan Sean Adams

What do you think the L2s, the big L2s actually do? Like for instance, do you think Arbitrum 1 ever becomes a stage 2? Do you think maybe this is a better question. Do you think Base ever becomes a Stage two at this point in time? I just saw the new base update.

Dan Elitzer

I mean, they just communicated that. Yeah, they're working on that with the new update.

Ryan Sean Adams

Yeah, they communicated that, but if you read the blog post, they said now technically we can do this, but it's still a matter of them actually removing the Security Council. And again, is that, is that what users want even? Is that what, what, you know, I, I think there, it will be a major decision as to whether they actually remove the Security Council, remove their ability to update the thing and make it fully decentralized. Stage two, like, I think that there's a pretty good chance that they never actually get there because that's just not what the ecosystem actually wants.

Dan Elitzer

Just wait, just wait until the lawsuits start coming, right? They, yeah, I think Coinbase is going to want the ability to say, sorry, we can't take.

Ryan Sean Adams

So you think the lawsuits will push layer twos to stage two?

Dan Elitzer

Actually, I think, I think the, the legal liability is going to be the, the biggest thing that's going to push L2s in that direction because they don't want again, Pandora's box is open. Where do you cut the line? Is it $70 million? Is it, you know, $30 million? Is it $10 million? Is it $10? Like, I don't know, where's the line?

Ryan Sean Adams

That's what I mean about following out the middle ground here. Right. Because it either pushes you to do like fintech reimbursements, fraud detection, all of these things and you become more fintechy

David Hoffman

and then you're going to demand more control over your user deposits.

Ryan Sean Adams

Exactly. Or it pushes you to go full stage two and hands off. There's no way you can reverse anything.

Odysseus

I don't think stage two will happen. The problem with why protocols don't go to stage two, right, is because Ethereum development is disconnected from rollups. Right. The proof system they have is the most complicated part of the whole roll up design is the thing that holds them back. It's, I think it's an insane amount of technical like tech debt and baggage. Right. That's why they're not fast enough. That's why they're not better, you know, they're, you know, slower than Solana. And the problem is that with every Ethereum upgrade, most people don't know that, but these proof systems break all the time. And they break because the Ethereum L1 development happens almost in isolation from them. Right. They suddenly they have a new one upgrade and there is some very tiny change in the protocol and that breaks the proof system and they have to work two months to fix it. I think that's the reason why they're not in stage two and I think they will Find other ways to either not have a liability, maybe, you know, Coinbase spins out base, or they become, you know, fully regulated and they totally lean into it. But from a technical point of view, I don't. Unless Ethereum and roll ups are more enshrined, I don't see them being able to get to stage two. Like it's technically infeasible.

Dan Elitzer

That's, that's fair. Guys, I don't. You're the host to tell me if you want to go a different direction, but I'd love to talk about like practically where are we at and what does this all mean for builders, for users? Because I think we're in a very interesting interim phase, right, in the evolution of the industry and in the development of technology that we're seeing right now.

Ryan Sean Adams

Yeah, let's do that now. Because to your point, right, So I think for the average Defi user, the average person that's in the bankless audience, you know, trying to actually go bankless, they're a little scared right now, right? And that's why you've seen some of the Defi withdrawals. You've got AI with Mythos and with all of this, you know, cutting edge thing that seems to give black hats and hackers some sort of advantage and maybe they're adapting faster than, you know, white hat and crypto can kind of adapt to it. So you've got this uncertainty with AI and then you've just got this slew of hacks and I'm not sure if it's been larger than previous years. I've looked at some data and it's just like last year was kind of larger, you know, by this time, but some pretty large hacks at blue chip aave, you know, the EF just came out with a post recently or Vitalik just called AAVE Safe Defi. Hey, we can finally get kind of close to risk free yields, right? And that turns out not to be the case. So users in Defi are scared. So yeah, Dan, what do we do? What are the lessons? What are the takeaways? Where do we go from here?

Dan Elitzer

Well, I think first I want to just stage set and that it's not just about Defi. I think for everything digital like we are in like the, the probably 12 month period of max danger because we are now seeing AI systems at a certain level and not even like the Mythos models, but like the, the current generation models. When you put them into the right harness, they're able to find insane 0 days not just in smart contracts, but in traditional, like Web2, like operating systems, browsers, like all of these things. It is really, really scary what is possible now. And luckily that's mostly concentrated in the hands of I think some of the good guys. But as we've seen the open weight models that are going to be like, you know, fully open and people can use them for whatever they want, Those are maybe six months, maybe 12 months at most behind. So we are in this period where we have all these deployed smart contracts. We've got all this deployed just like Web2 infrastructure that was built and tested and secured under human security assumptions for how you can go about securing that. And so there's a lot of vulnerable shit throughout the stack. Sorry, that is, that is just out there and live right now. And so we have to like there is a race right now between the white hats and black hats in terms of who can secure existing systems faster. Once we get into 2027 and beyond, all systems that are deployed going forward are going to be like rigorously superhuman, tested and secured both upfront and an ongoing basis by best in class kind of super intelligent security models. So this period until we get to that point, we've kind of cleaned up all that backlog is the period of max danger. What do we do? We, we go kind of like old school on this. It is the rate limits, it is the circuit breakers, it is just defense in depth on everything. Think, think about every layer of your stack from smart contracts to front ends, DNS records, individual employee and workspace accounts, your, your, your physical hardware using isolated hardware for like security critical actions. Do like multiple channel confirmations with the other people that you need to coordinate with to take these secure actions, like all of the things, do them. Now is the time where you need to step up and make it happen. This goes for every organization in crypto especially but anybody who is building anything in the digital world, which is like everybody.

David Hoffman

One thing I was hearing from Justin Drake is about the implications of the Ethereum protocol architecture with a multi client design. Ethereum has four or five running clients. Swiss cheese model. A bug in one client doesn't show up in another client. Meaning that there's not one exploit that can take down Ethereum because of the level of redundancy. He was saying that in a post AI world, post mythos world, it's actually likely that Ethereum collapses down to one single super hardened client built by AI, formally verified by AI. So rather than having multiple clients, we just have this, this one absolutely just rock solid client. And this is so like Ethereum at the client level is going to be rebuilt. We're also rebuilding Ethereum with the lean chain anyways with seems like we're rebuilding basically the Internet because all human written software is kind of now like analog in a sense and we need to move to like what is the new digital. And new digital is now written by AI, not written by humans. It seems like the entire Internet is going to get rebuilt, Ethereum being no exception. But also that means that Defi is also kind of going to need to be rebuilt from the ground up with AI formally verified and maybe just architected differently. Rather than the shared liquidity models of aave, you have the more segregated side silos of Morpho. Dan, what do you think about like just the architecture difference, the new age requirements of Defi in terms of architecture as we move forward? How will Defi be impacted?

Dan Elitzer

Yeah, I mean to be honest, I think the some of the insights with layer zero is like it's not the wrong approach to have kind of limited, modular, permissionless infrastructure. We just need to raise the standards for how that infrastructure is then deployed and maintained. And so to the point about like Morpho, I think these isolated models which AAVE before also moves in that direction as well. I think we need to break it up so you can like limit the collateral damage around any type of exploits that happen, but we need to do a better job setting the defaults really high in terms of security that we do around each of these modules. Right. I was talking with the Morpho team and others and been like, okay, how are we continuing to level up security? And I think one of the things that you do is the morpho markets at the base level, incredibly minimal. But then you need to think about, okay, let's be really clear about the Oracle and how the Oracle is being set up and used in that module. Okay, now let's look up at the vault and the curators there. Right. That you can't really rate limit or circuit break morpho markets like that, just not part of it. But you can rate limit or circuit break around the vaults and how they reallocate between markets. You can make sure you don't have a lot of excess liquidity sitting there in markets waiting to be borrowed in the event of an exploit. So you can be sitting maybe in like kind of wrapped Treasuries or something like that. In the meantime there are all sorts of different things that you can do to limit blast radius and I think that's what's going to be, be Done is you don't want big monolithic pools where a lot of capital sits. That's monolithic lending pools, that's bridges. And to the extent that you want those things in the market, which I do think we do, there's a lot of demand for those for good reasons. We just need to layer additional protections on top of those so that you're still going to be exposed to a lot of different risks, but you can limit the damage should any of those risks come to fruition.

David Hoffman

Odysseus, you wrote an article that was written, released yesterday, I believe, titled Crypto Security Needs an Aerospace Mindset. Maybe talk to us about just like the. What you're advocating here in this, this article, because you're advocating for kind of just like a regime change in what it means to be a defi builder. Talk to me about the contents of this article.

Ryan Sean Adams

This wasn't released yesterday, was it? This was released in February.

David Hoffman

Oh, really? Excuse me. Well, I read it yesterday.

Odysseus

Yeah, yeah. I mean, it goes. You know, the core point is what we made at the start of conversation, which is in tradfi, crypto is finance, right? So naturally we take a lot of mental models from traditional finance and we apply them in crypto. And for most things it works, right? It's a vault, is really like a hedge fund, right? A curator is really a fund manager. But security really doesn't map out very well because security is not an issue in TradFi, more than anything is an issue in, you know, most other services because of the long settlement, right? You can go back, as we said, do a couple of meetings, pay a couple of, you know, millions or tens of millions, but you can fix the damage. In crypto, a hack is a physics event, right? It happened. It's closer to an aerospace, right? Because if you have an issue in an airplane, people die, right? In crypto, okay, if you have an issue, people don't die, but it's still very severe and you have this irreversible damage. And now we see like systemic event, right? It's this isolated event with layer 0 and KAPL ended up becoming a systemic risk and a systemic incident for the whole of crypto. So I think this is the change in the mindset where security needs to be as if our life depends on it, because as we see, it does.

Ryan Sean Adams

What does aerospace do that we can adopt?

Odysseus

They just have very concrete gates. Failure is not an option, right? So formally verifying systems, having systems that are extremely simple, simplicity is directly correlated with security, means that you can understand it, you can audit it, you can formally verify it. And basically you have a lot of stages where you want to make sure that failure is not an option. The system can't fail, and if it fails, it's isolated to that subsystem and you have multiple systems for redundancy.

Dan Elitzer

Yeah, redundancy. I think that, that, that to me is also one of the big things here is that we need to make sure that if anything breaks, there's something else behind it to catch it. And I know that, like you know, Filax with, with your kind of credible layer, this is one of the things that you provide and that I think there's, there's a number of solutions that are starting to come out with this mindset to think about. Okay, we can trust the curators, we can trust the people who are choosing default settings and what are the different parameters we should have in lending markets, things like that. Okay, how do we actually make sure that it's not just them saying they're going to do this or just doing it within a certain module on chain? Can we create additional systems on top that essentially recheck these values that are critical values from a different perspective or a different validation point? I think that is really important because the more you can have systems that either one of them can block bad state from occurring in contracts, that is what's going to give us that next step, function improvement in terms of the security that we can promise to users.

Ryan Sean Adams

Odysseus. Is that what the credible layer does that Dan just mentioned? What does Filix do on that?

Odysseus

Yeah, so we've built effectively a very powerful circuit breaker that allows protocols to, to do runtime enforcement. So we enforce certain checks during the transaction as it's added to the block, effectively making sure that bad states or bad outcomes can happen. But failure is not an option in the systems. Like that's the new mindset because so far we say, oh, we did. It's a process oriented mindset. So far we say we did audits, right. Or we did testing. We focus on the process, but nobody's really saying that the failure is not an option. If you see auditors never take liability, protocols never take liability, all the terms of service, they say, this is alpha software, experimental software, use it at your own risk. The whole of crypto is built on the assumption that nobody is liable about anything.

David Hoffman

When you talk about coding up that doesn't allow for bad outcomes. How do you actually define what a bad outcome is in the system?

Odysseus

This gets a bit technical, but effectively, you know, The EVM is constrained, right? Naturally. So we have created an extension of that in solidity. So it's approachable by developers that allow them to define constraints that to define outcomes that are not possible to define in regular evm. So that's the policy and then you have the circuit breaker that runs during block production, so it's integrated with the network. And if a transaction breaks, this policy is not allowed to be added to the network.

Dan Elitzer

And I think one of the interesting things there that helped me wrap my head around this was the idea that there are things like there are bad states, right? The, the amount borrowed from a lending protocol should never, under any circumstances, right? With traditional ones, not uncollateralized ones, should never exceed the value of the collateral, right? You can, you can hard code that maybe that's supposed to be checked through different paths of different interactions that you're having with the contract. But what the credible layer lets you do is say this is a state. It doesn't matter what's in the transaction, where it goes. Do not include any transaction in a block. Do not sequence it if the end result is an invalid state based on these rules that we've predefined. And I think that's very different from the traditional way of doing security analysis where you're saying like, hey, we're going to step through the changes here and like check each thing along the way. Are there any paths that can get us to a bad state? And instead you're just saying what is a bad state? I don't care how you get there, you're not allowed to go into this.

Ryan Sean Adams

So I think as we wrap up this episode, the question that's lingering in my mind that maybe other listeners have is, is defi going to be okay? Like are we going to make it through this? And it seems very much as we look at April 2026, we are in a, a different type of scale limitation. So in previous cycles maybe defi scale was limited because Gary Gensler wouldn't let us do it and the regulation was pushing against us. Or maybe it was block space was too expensive and Ethereum wasn't scaling. Those are not the constraints for defi scaling anymore. It seems like the primary constraint, if I were to ask people on the bankless journey or even those outside, is security? Like they're worried that their on chain funds are going to be hacked. That's the scale limiter now. So I want to turn this question to both of you individually. Do you think defi is going to be okay? Are we Going to make it through this period, you said Dan. Maybe it's a 12 month period of time. We've got a lot of hardening to do. What do you think Dan?

Dan Elitzer

Yeah, we're going to make it through this, but it's every team needs to kind of commit to this individually. I think we need to be very clear about where the risks are and how we're approaching, if not solving them, mitigating them to the greatest extent possible and being willing to take a fair amount of pain and expense in terms of getting there. Security spend is always a very hard item for teams to stomach paying for, but it really is necessary and I think we need to do a better job just calling this out and making clear where teams are doing the minimum they need to to get into market quickly and grow and what it looks like when you're actually doing this to the nth degree and making sure that your users are as absolutely safe as you can possibly make them. So I think we will get there, but we need to start doing a better job as an industry coming up with standards and enforcing those standards and holding teams accountable for meeting those standards.

Ryan Sean Adams

Odysseus, do you think we're going to make it? And if we do make it, what's, what's on the other side for us? What's, what's the good part?

Odysseus

I think we're going to make it. Every team, as Dan said, needs to ask themselves a very simple question. Why would a user prefer my Yield over a 4% yield that is insured by the FDIC? Right. They have to answer that question and if they answer honestly, we're going to make it right? Because the answer to that question were, you know, show them where they need to be better to get to be accountable, to invest in security. I think it's also up to the security teams like us to provide better tooling and better products that are easy to use. They're not insanely expensive. You know, I think if we're being blunt about it, part of the fault so far has been on the security and the auditors themselves. Like if you think how much money adapt a protocol a startup had to spend to audit a protocol, it killed a lot of the innovation or it forced teams to take to cut corners. Right. So it's also up to the security team, not to the security industry to rise to the occasion like serve the industry better.

Dan Elitzer

I think I disagree on that.

David Hoffman

Last I saw a smirk out of

Dan Elitzer

Dan Market sets the price. There were so few qualified humans to actually do the high quality Audits, I think they're expensive because you get what you pay for on that front. I think now we're starting to break that connection with some of the AI systems. We're seeing a lot of good ones out there. I think the stuff I'm close with the Cantina team and so I've seen some of the stuff their Apex system has done both in Web three and Web two. It's, it's insane. And all of these solutions, or even some like pretty decent open source ones as well, they're, they're doing a great job. They're already at kind of security researcher level. Not even like junior security researcher. They're probably LSRs. Like the best systems are LSRs that you can run at a fraction of the cost and run repeatedly. So I think, I don't think it's fair to blame the security firms previously for their high cost because that's what it costs to get the type of expertise that you want to secure systems.

Ryan Sean Adams

Well, you know who we can agree on blaming is North Korea. Okay. And all the black hat hackers. They are definitely doing us no favors. But I heard both of you say we're going to make it and we're going to get through this. And appreciate you coming on Bankless and explaining all this. Dan and Odysseus, thanks for having us.

Odysseus

Thank you so much.

Ryan Sean Adams

Guys. Gotta let you know, of course on an episode like this, crypto is risky. You can lose what you put in. But we are headed west, still the frontier. It's not for everyone, but we're glad you're with us on the Bankless journey. Thanks a lot,

Odysseus

Sam.