Michael Egorov of Curve Finance: DeFi Needs To Match Security Standards Seen in Space or Nuclear Industries

Key Takeaways

• Michael Egorov, the founder of decentralized exchange Curve Finance, believes AI-security tools are a double-edged sword.
• The Curve founder thinks there needs to be a measured approach when using AI security tools.
• Egorov says it is “too early” for regulators to define clear security standards for the DeFi space.

As cybersecurity threats become increasingly sophisticated, organizations are finding it harder to detect and deter bad actors through traditional methods.

This has led to a rapid increase in the adoption of AI-driven security tools offering advanced threat detection and real-time responses.

However, Michael Egorov, the founder of Curve Finance and a decentralized finance heavyweight, told CCN that utilizing these tools is a “double-edged sword” for DeFi businesses.

Egorov, who founded Curve in 2020, has always developed all of his solutions and products independently, personally writing the code and identifying potential bugs.

AI and Security

Egorov believes that utilizing AI tools to find vulnerabilities within DeFi applications, although not yet available, would likely benefit both hackers and defenders.

“Such tools don’t exist yet, but it would make a lot of sense for them to be effective”

“AI can potentially be highly useful when it comes to simulating and analyzing the execution of smart contracts, allowing to identify potentially exploitable issues which could be missed otherwise,” he said.

However, attackers could also begin using the same tools to find vulnerabilities to exploit.

“But regardless of how the methodology might change, if there are vulnerabilities to be found, then you can expect that they will be exploited sooner or later,” Egorov elaborated.

“AI could assist both in scanning for weaknesses and help hackers with refining their attack schemes for greater efficiency,” he added. “Which means this is going to be a double-edged sword, even at the best of times. And having source code unverified cannot protect against such a threat.”

With this in mind, Egorov believes the most crucial focus should be to ensure there are no vulnerabilities to begin with.

AI and Smart Contracts

The Curve founder has not entirely ruled out AI’s role in security but has reservations about where it should be deployed in its current technological state.

“One thing I would definitely advise against is using artificial intelligence to write the actual smart contracts,” Egorov shared.

“Given the current level of development of this technology, AI-written code cannot yet match human developers in quality or security.”

However, the founder is open to using AI to write automated tests for smart contracts. Although he warned that developers should not rely on it entirely “because even AI can miss things.”

Role of Regulation in DeFi Security

Traditional financial institutions operate under strict regulatory frameworks that allow for oversight and intervention in cases of fraud or security breaches.

However, with DeFi putting control directly in users’ hands, regulators have had a hard time figuring out how to govern the industry.

“I feel that it’s still too early to expect global regulators to establish clear security standards, particularly when it comes to the DeFi space,” Egorov said.

“Regulators are used to a world where financial institutions can be held accountable, transactions can be reversed, and security breaches can be managed through centralized control. None of this applies in DeFi,” he added.

One approach Egorov proposed was for regulatory agencies to work with the DeFi community to develop “standards and practices that align with the nature of decentralized systems.”

However, he further noted that regulation alone cannot eliminate threats. “It has to be balanced out by technological advancement within the industry itself as well as shifting the mindset of DeFi developers,” he continued, adding, “I believe that higher quality of code and a stronger commitment to rigorous code audits are the way to go,” he added.

Traditional Finance vs. DeFi

Egorov believes that instead of attempting to adopt methods from traditional finance, the DeFi industry needs to adopt the level of security seen in the space or nuclear industry.

By its nature, TradFi and DeFi are very different in their approaches to security. In TradFi, it’s all built around internal networks protected from external threats, Egorov said, adding:

“Once the network is breached, it’s pretty much over: Any recovery of funds has to rely on transaction reversibility and centralized oversight. DeFi, on the other hand, operates in a permissionless environment where hackers are always present.”

“So instead of adopting TradFi’s methods, I would say that DeFi should constantly aim for the highest possible level of code quality—the kind seen in the space or nuclear industries, where failure is simply not an option.”

Despite this, Egorov can see benefits in adopting some ethics that have long been seen in TradFi. “TradFi has a long-standing history in risk management, compliance and security audits, and DeFi could stand to adopt the same kind of work ethic. Though, of course, there would have to be adjustments, with the focus being on rigorous code audits first and foremost,” Egorov said.