Why Calling Out Bad Security Practices in DeFi Isn't 'Grave Dancing'

Summary

The video discusses the legal and liability implications of recent DeFi hacks, particularly the $300 million Kelp DAO exploit involving Layer Zero's bridge. Speakers examine who is responsible when infrastructure fails, the role of default configurations, and the growing risk of litigation as retail users enter DeFi. No specific investment recommendations are made.

• Recent DeFi hacks include Resolv, DRIFT, and Kelp DAO, with losses in 2026 already exceeding 2025.
• The Kelp DAO exploit involved a one-of-one verifier bridge configuration, leading to $300 million in stolen assets.
• 47% of teams using Layer Zero chose a high-risk one-of-one verifier setup, raising questions about default configurations.
• Finger-pointing between Kelp and Layer Zero highlights unclear duty of care in DeFi.
• Plaintiffs are likely to sue all involved parties, but negligence standards are still undefined.
• Retail users entering DeFi may trigger more lawsuits, as they expect consumer protections akin to traditional finance.
• The banking-as-a-service (BaaS) analogy shows that the entity with the customer relationship bears liability.
• DeFi legal structure remains fragmented, with regulators and courts still defining responsibilities.