The phrase “Code is Law” is often tossed around in the decentralized finance (DeFi) industry, posing that DeFi is able to self-regulate because code is intended to be used exactly how it was written. As CoinDesk reporter Andrew Thurman said, “Where one man might see an exploit, another may just see ‘crypto trading’.”

Under this self-regulation, the hacker of Indexed Finance is willing to argue in court that his or her permissible exploit of the DeFi protocol should be considered a fair game arbitrage trade. As the industry grows in size, the exploits grow more serious, with Cream depositors losing $130 million last week. Shortly after, it was announced that Aave had a similar vulnerability and tens of billions of dollars in deposits were at risk.

You’re reading an excerpt from Money Reimagined, a weekly look at the technological, economic and social events and trends that are redefining our relationship with money and transforming the global financial system. Subscribe to get the full newsletter here.

Triple digit yield and price appreciation have been enough to bring $256 billion in total value locked (TVL) into DeFi and there are no signs of slowing down. Could the current growth rate be sustainable with inherent risk stemming from exploits and counterparty concentration becoming more obvious?

DeFi developers will undoubtedly learn from their mistakes and the industry will naturally become safer over time. However, the Aave vulnerability showed investors that no protocol is 100% safe. While it may stand against the ethos of DeFi, smart contract insurance and regulation could become key in onboarding the next generation of risk-averse DeFi users.