A16Z Crypto Calls for Shift in DeFi Security, Norms Over Code

The decentralized finance (DeFi) sector is facing intensified scrutiny over persistent security breaches throughout 2024. In response, A16Z Crypto has called for a structural shift in how protocols secure digital assets. Instead of relying solely on self-executing code, the firm recommends standardized security practices backed by community norms.

🚨 A16Z CRYPTO CALLS FOR A SHIFT IN DEFI SECURITY MODELS#a16z Crypto is urging #DeFi to move away from the long-held idea of “code is law” toward “norms are law,” warning that code alone is no longer sufficient to secure complex on-chain financial systems. The firm advocates… pic.twitter.com/N48FpJM2AX

— CoinRank (@CoinRank_io) January 20, 2026

A16Z Focuses on Shifting Toward Security Norms Over Solely Trusting Code

A16Z Crypto is encouraging DeFi developers to embrace an alternative structure that puts operational norms and best practices on par with code. The company also claims that code, though important, is not able to foresee and avert all possible vulnerabilities of more and more sophisticated protocols. This layered defense model would allow the projects to be proactive in response to threats as they change.

Immutability checks, simulating attack and security sharing standards are encouraged to developers. Such standards would minimize technical debt as well as encourage a sense of accountability in decentralized systems. A16Z is of the opinion that this collaborative methodology can minimize system wide risk.

The rationale behind this strategic recommendation is that code is no longer adequate anymore. As the new attack vectors appear regularly, great operational norms may become a welcome safety net. In addition, norms are able to evolve more quickly than code patches or governance votes.

2024 Experiences DeFi Exploits with Massive Losses.

In 2024, hackers have emptied more than $649 million in DeFi protocols due to vulnerabilities and system bugs. This increase in the number of attacks demonstrates the vulnerabilities of the current designs of smart contracts and lack of coherent security policies. Some of the major protocols were breached in the millions of dollars through ignored permissions and logic errors.

As per CoinRank, such monetary losses indicate that audits will not ensure safety. A large number of the compromised protocols had been audited by third parties before utilization. Consequently, code assessment on its own has failed to work effectively with the conditions of threats at present.

A16Z states that platforms should take a culture of constant review and proactive risk mitigation. Disregarding the changing threats, projects might experience the failure of their operations and the lack of the possibility to restore the confidence of users. Unified security culture is presented as one of the main measures to reduce exposure in the future.