The solution to the centralization is DeFi's evolution

THESE DAYS ARE FULL OF DISCUSSIONS ABOUT AAVE SECURITY INCIDENTS。

The main process of the event was as follows:

The attackers attacked KelpDAO ' s certification mechanism and, by falsifying cross-chain information, allowed LayerZero ' s cross-chain bridge to cast more than 110,000 rsETHs in the main network, which were then deposited into Aave as collateral, lending approximately $236 million in WETH/ETH。

This operation led directly to the removal of a huge amount of liquidity on Aave from WETH/ETH. As a result of the fermentation of the security incident, a large number of road assets that had been stored on Aave were removed in bulk. This has resulted in a rapid spread of liquidity depletion to almost all mainstream assets in Aave。

Worse still, the wave spread to the Solana ecology, causing considerable strain on the liquidity of various types of lending agreements in Solana。

For a description of the whole event, see the post-text link。

There is no doubt that the impact of the accident on the entire DeFi ecology was enormous, and therefore various online commentary articles on the matter have emerged。

However, the vast majority of these articles, apart from simply exaggerating emotions, do not clarify the crux of the incident, much less view its impact objectively. Many articles attribute all the problems to DeFi without analysis, and even unprovokedly shout the fallacies of “decentralized dead”。

In fact, the core cause of the security incident was the significant security risks associated with the design of the KelpDAO certification mechanism。

LayerZero provided a set of DVN (distributional authentication network) mechanisms that allow road protocols to confirm messages when they cross the chain. Since DVN is a distributed certifier, the agreement to call this certifier should configure the mechanism in a distributed way -- using multiple signatures to confirm a message。

But KelpDAO uses only one single signature to confirm the message。

This leaves a loophole in the attacker -- the attacker can confirm anything by attacking this signature。

Another, more typical, scenario allows us to better understand the problem:

OFTEN, SOME LARGE INSTITUTIONS (E.G. CEX EXCHANGES) HOLD LARGE BITCOIN ASSETS. FOR THE STORAGE OF THESE LARGE BITCOIN WALLETS, THESE INSTITUTIONS USE MULTIPLE WALLETS RATHER THAN SINGLE WALLETS。

If only a single wallet was used, as long as its single signature was broken, the entire wallet's bitcoin would be ruined. The use of multiple wallets, even if one or more signatures are broken, will remain safe as long as the threshold for multiple signatures remains。

This is the basic knowledge and basic common sense that should be shared by a slightly safer operator and designer in an encrypted ecology。

And yet the KelpDAO team is missing even this basic awareness -- it's using the highly central design of a single signature that led to this huge disaster。

It is also proof that, in the DeFi world, decentrized configurations must be the hallmark of every key link in order to ensure the security of the entire mechanism。

So it is absurd to say “decentralized dead”。

Of course, Aave was never innocent in this accident either. Its problem was that the potential risks posed by encumbered assets did not attract timely vigilance。

In January 2025, the governance forum in Aave had sent a reminder to KelpDAO that assets might be at risk. But Aave didn't do anything about it。

Another similar agreement, Spark (from MakerDAO), stopped rsETH in time。

The very different operation of these two agreements on this security threat shows us a huge gap in the management of safety winds。

This operation by Spark reminds me of a previous security accident by MakerDAO。

THAT WAS IN MARCH 2023, WHEN THE COLLAPSE OF THE SILICON VALLEY BANK RESULTED IN A SEVERE BREAKDOWN OF DAI ' S LARGEST MORTGAGE ASSET, USDC, WHICH CAUSED DAI ' S PRICE TO FALL BY $1 IN A SHORT PERIOD OF TIME。

This is also a DeFi disaster caused by centralization. It exposed the lack of defence of the MakerDAO against centralization problems at the time。

However, since then, MakerDAO has begun the process of re-emerging, contributing directly to the Endgame Plan and accelerating its decentrization and asset diversification process in order to prevent the impact of similar centralized risks on agreements。

That is why we have seen Spark today, and we have seen the soundness of Spark in this incident。

The re-emergence of MakerDAO is an indication of the problems that require greater vigilance and protection from the risks of centralization of the various components of projects throughout the ecology。

This will allow for a stronger and more viable DeFi system in the long run。

This is how MakerDAO came along, and this is how Aave and all the other DeFi systems have to go。

The DeFi mechanism is not the cause of security accidents, but the central thinking and centralization that have long been used in the subconscious of actual operators is at the root of the problem。

It is the right direction for the evolution of DeFi, and the right way for DeFi to address similar problems, that it confronts the risks of centralization on a continuous basis。

reference link: https://x.com/lanhubiji/status/20457779703051460715