Strategy's Preferred Stock Is Now a Stablecoin. And DeFi Has a Security Problem.
A deep dive into the KelpDAO ~$290M exploit and the shifting DeFi threatscape, with practical fixes—from rate limits and timelocks to socialized insurance and limited centralization.
Key Takeaways
- KelpDAO lost ~$290M after attackers swapped an opgeth binary, poisoned RPC nodes, and forced a LayerZero one-of-one DVN failover — illustrating single-verifier oracle risk.
- Attacks now target infrastructure and keys; defenders must harden RPCs/oracles, employ end‑to‑end AI auditing, and plan for nation‑state‑level sophistication.
- Implement protocol-level friction: add slowness, checkpoints, timelocks and rate limits (e.g., ~10% daily borrow increases) to buy incident response time.
- Accept limited centralization for critical controls: regulated oversight, capitalized pause mechanisms, and pre-approved recovery flows reduce systemic collapse risk.
- Market-driven mitigations — reinsurers, independent security ratings, guarantee funds and pooled socialized insurance — can price tail cyber risk and fund hardening.
- Lending protocols differ from AMMs: reliance on external liquidity and oracles makes fully immutable lending impractical; balance liquidity, composability, and disposability.
- Preferred-stock wrappers (Apex/Stretch) offer double‑digit yields and on‑chain liquidity but face overcollateralization drag, bridge/third‑party risks, and US regulatory limits.
Original Source
Strategy's Preferred Stock Is Now a Stablecoin. And DeFi Has a Security Problem.
Visit Source