The Resolv incident in March 2026 led to a stablecoin losing around 70% of its value, preceding a wave of notable DeFi exploits that included the Drift and KelpDAO incidents in April.
Direct financial losses aside, so many failings happening in such short order is a signal of a broader problem — and no, it’s not that DeFi protocols are broken, like some loudly worry. The real issue is how the industry defines what “DeFi” actually is.
The Resolv case showed a pattern that just keeps repeating: systems marketed as “decentralized” still in truth rely on centralized control points, and that’s where the failure occurs.
The Illusion of Decentralization
Many protocols labeled as DeFi still depend on admin keys, upgradeable contracts, or multisig governance structures. These mechanisms are often introduced as safety features — a way to fix bugs or respond to emergencies. There is nothing inherently wrong about this desire, but the problem is that, in practice, such measures only end up creating risks of a different type.
If a small group of actors can change critical protocol parameters, introduce new collateral, or modify contracts, they effectively control the system. That is not decentralization in its true state. It is closer to a hybrid model (what the market often calls “CeDeFi”) where trust is still placed in people rather than in code.
Any system that allows value extraction through privileged access should not be treated as trustless. The problem is that an average user often does not really see this difference until something breaks.
Audits Don’t Solve Governance Risk
There is a common belief that audits are the primary line of defense in DeFi. That is only partially correct. Yes, they are important, and no protocol serious about its safety should ever neglect them — but audits by …
Full story available on Benzinga.com
