DeFi must learn from crypto hacks

Recent crypto hacks should come as a wake-up call for DeFi’s risk management teams.

February’s Bybit breach smashed records to become the biggest hack in crypto history. More than $1.4 bln was stolen by North Korean cybercriminals in the blink of an eye, with the audacious heist making headline news around the world.

But while close attention was paid to the brazen theft itself, there wasn't enough scrutiny of how these hackers then managed to start laundering this ETH so it could be cashed out anonymously.

Centralized exchanges and DeFi protocols both have lessons to learn from this devastating incident — for different reasons. And both have strong reasons to prevent future stains on the reputation of the crypto industry. 

CEXes should make changes

For the trading platforms relied on by millions of users around the world, significant changes must be made to the way transactions are signed. Depending on a user interface summary is no longer good enough — instead, it's crucial to manually decode calldata. Then, and only then, can executives be confident that funds being moved from a cold wallet will go to their intended destination.

Other cutting-edge solutions include "intelligent co-signers" who validate the transaction itself, as well as the signatures. This ensures suspicious requests are automatically rejected, even if all required approvals are present. 

Transactions can now be simulated before signatures take place, coupled with real-time threat intelligence that flags high-risk call data. And making a concerted shift to multi-party computation — where private keys are split into multiple shards and never fully assembled — can prove to be a compelling alternative to smart contracts.

In recent crypto hacks, interfaces were manipulated — deceiving well-intentioned executives into authorizing malicious transactions accidentally. It's clear that a pattern is beginning to form, and it's unacceptable for CEXes not to adapt in response to this established threat.

DeFi needs to defy hackers

The first step is to make it prohibitively difficult for hackers to treat exchanges like their own personal piggy bank, with robust safeguards that close off attack vectors. Unfortunately, though, cybercriminals are renowned for evolving their tactics and finding new ways of breaching security.

That means essential improvements need to be made to prevent hackers taking the next step, which is when they attempt to move illicit funds through decentralized platforms. 

Bybit CEO Ben Zhou's frustration was palpable when he was attempting to freeze the vast amounts of ETH swiped from his platform in February. Blockchain analytics showed that the funds were being spread across a myriad of wallets in hundreds of transactions — splitting the $1.4 bln into countless shards. On the When Shift Happens podcast, he described attempting to contact the platforms where the crypto had been moved — by the time he received a response, the funds had been transferred on to somewhere else.

This is why DeFi protocols need to ramp up efforts to prevent hackers and other bad actors from taking advantage of their infrastructure. A blend of risk intelligence, transaction monitoring, wallet screening and risk management software can all play a role here — without compromising on decentralization.

Some solutions utilize 24/7 real-time intelligence, while others also incorporate human-based intelligence to enable rapid response to incidents as they unfold. When paired with an advanced, multitasking risk management dashboard tailored for DeFi, this technology can screen interactions and transactions against blacklisted addresses, assign wallets to monitoring zones, and apply real-time risk scoring for addresses [wallets and tokens]. This layered approach allows for the detection of malicious activity within seconds, empowering security teams to interpret behavioral anomalies, collaborate with external intelligence providers, and take swift action in complex or ambiguous situations where human judgment is essential.

Suspicious wallets and IP connections can be blocked before funds are lost. Beyond detection and blocking, some systems also feature analytics and attribution modules that identify and isolate assets and users with high potential for risk exposure, while automatically generating compliance-grade reporting files for regulators or partners.

There's nothing wrong with healthy competition between exchanges and DeFi protocols. Customers deserve choice. But a hack against one platform needs to be treated like an attack against them all. Projects need to rally together and cooperate — both to prevent exploits, and to limit the damage when breaches occur. Close collaboration isn't just good   PR, it's an opportunity to form a united front against the thieves who jeopardize this industry's future. Every single hack dents consumer confidence — and if they keep on happening, regulators may be left with no choice but to impose restrictions that penalize law-abiding crypto users and developers, not just malicious actors.

Is self-regulation the future?

DeFi’s defining characteristics — permissionless access,self-executing code that replaces centralized intermediaries, non-custodial — attract good actors and bad actors alike. By design, DeFi protocols are open to all users and don’t oversee, manage or ‘police’ like a centralized alternative would. A non-custodial approach means DeFi developers cannot freeze illicit funds going through their platform. 

Lawmakers and media outlets don’t always appreciate how DeFi platforms work — and as a result, developers are often accused of other people's activity, even though they weren't personally responsible for these transactions. 

Recent crypto hacks need to serve as a wake-up call. Responsible DeFi developers must rally together to create sound governance and security models that keep up with technological advancements. Careful protocol design, layered defense systems and continual security reviews have the potential to make crypto hacks no longer worthwhile for opportunistic thieves. 

And here’s the deeper truth: if crypto fails to self-regulate, it could become one of the most compelling counterarguments against the free market itself.

Traditional finance (TradFi), despite its flaws, operates under a clear set of enforced rules created by regulators — creating trust and security based on centralization. DeFi, in contrast, prides itself on eliminating intermediaries and embracing pure market dynamics. But ongoing events show that absolute freedom, without even a thin layer of coordination or safeguards, may not be sustainable.

Perhaps the ideal is not a 100% free market, but a 85% one — where that remaining 15% serves as a programmable rule layer designed to uphold security, prevent abuse, and foster trust. Not to replicate TradFi’s bureaucracy, but to implement automated, transparent, and minimally invasive standards for AML, fraud detection, risk attribution and so on.

This isn’t about top-down control, so much as protocol-level guardrails: smart, modular layers that allow DeFi to preserve openness while ensuring accountability. These could be community-driven, open-source standards embedded directly into protocols, dApps and interfaces — a collective effort to reduce systemic threats without compromising decentralization.

DeFi doesn’t need to copy TradFi’s model to mature — it just perhaps needs to recognize that freedom without responsibility might ultimately create chaos. The goal isn’t to restrict innovation, but to future-proof it through shared standards, ethical design, and resilience.

Yes, it will take time. Yes, it will take investment. And yes, it will require experimentation and a few false starts. But in the long run, the dividends will be enormous.

Stay tuned for more insights on DeFi security from 1inch!