DEX Security Concerns: Trust Crisis and Industry Solutions Amid Closed-Source Controversy

Recently, high-performance decentralized exchange Hyperliquid was publicly criticized by industry expert Kyle Samani for issues related to closed-source code and centralized control of nodes, accusing it of representing “all the wrong directions” in the crypto industry.

This controversy quickly escalated. Although community opinion largely supported Hyperliquid, the incident reflected the core trust challenges faced by decentralized exchanges.

Event Recap: Closed-Source Controversy and Market Response

In early 2025, concerns about Hyperliquid’s lack of decentralization began to ferment within the community. An employee from node operator ChorusOne pointed out that Hyperliquid runs with “closed-source code,” which in practice “enslaves” node operators.

Even more concerning was data showing that Hyperliquid controls 81% of staked HYPE tokens. Analysts noted: “If a single entity controls 1/3 of the staked amount, they can halt the chain; if they control 2/3, they have full control over the network.”

In February of this year, Kyle Samani, co-founder of Multicoin Capital, criticized the project, bringing the controversy to a peak. He publicly stated that Hyperliquid represents “all the wrong directions” in the crypto industry, highlighting its founders leaving their home country, closed-source code, and permission controls.

Market reactions to the controversy were swift and clear. The HYPE token price experienced significant volatility, dropping 15% during the dispute.

Industry Response: Hyperliquid’s Defense and Commitments

In response to the criticism, the Hyperliquid team issued a series of statements via social media platform X. Regarding the closed-source code issue, the team explained: “Node code is currently closed-source. Open source is important. The project will open source once development reaches a stable state.”

They further defended that Hyperliquid’s development speed surpasses most projects by several orders of magnitude, and the scope is broader. They promised that “the code will be open-sourced when it is safe to do so.”

To address concerns about node centralization, Hyperliquid announced the launch of a “Foundation Delegation Program” to support high-performance validators, thereby enhancing decentralization. The team also stated that the validator set will expand as the network matures, ensuring a more decentralized and resilient infrastructure.

Interestingly, support for Hyperliquid within the crypto community has been quite strong. Steven pointed out that Hyperliquid refuses VC investments, completed one of the largest community airdrops in crypto history (approximately $9 billion), and protocol revenue is used for buybacks rather than team cash-outs.

Security Challenges: Multi-Dimensional Risks Faced by DEXs

The Hyperliquid controversy is not an isolated incident; it reveals systemic security challenges faced by decentralized exchanges. According to 2025 data, attackers have extracted over $2.3 billion from crypto protocols.

Access control vulnerabilities caused losses of $1.6 billion, making them the most destructive attack vector. OWASP’s 2025 Top 10 Smart Contract Risks list access control flaws at the top, with improper permission implementation and role-based access control vulnerabilities enabling attackers to gain unauthorized control over smart contracts.

Price oracle manipulation was given an independent category in the 2025 update, reflecting the increasing sophistication of attacks that manipulate price data to target DeFi protocols. These attacks are particularly dangerous because protocols often integrate off-chain data lacking redundancy or circuit breakers.

Logic errors and reentrancy attacks remain persistent threats to smart contracts. Developers often underestimate reentrancy risks, especially in yield farming and lending protocols, where complex token interactions can create unexpected callback opportunities.

Security Practices: How Industry-Leading DEXs Respond

Faced with complex security challenges, leading decentralized exchanges have developed a series of mature security practices. As the most mainstream DEX, Uniswap has been deployed on nearly 40 blockchain networks, with a total locked value of approximately $4.98 billion.

Uniswap has undergone multiple security audits, possesses a robust governance structure, and maintains a continuous innovation roadmap, including the upcoming V4 version, which is expected to introduce customizable hooks, on-chain limit orders, and dynamic fee structures.

PancakeSwap, as a leading platform in the BNB Chain ecosystem, offers significantly lower trading fees compared to Ethereum-based alternatives. The platform has expanded into a comprehensive DeFi ecosystem, including yield farming, NFT marketplace integration, prediction markets, and gaming features.

Notably, Gate, as a leading industry exchange, also places high importance on security practices. Public information shows that Gate has been audited by reputable security firms like Hacken and has implemented multi-layer security architectures to protect user assets.

Evolution of Audits: From Code Checks to Normative Verification

As attack methods continue to evolve, DEX security audits are shifting from traditional vulnerability scanning toward a more systematic “norms as law” paradigm. The traditional “code is law” philosophy is evolving into “norms as law.”

This means that even new types of attacks must meet the same security properties to ensure system integrity. By 2026, this shift is reflected in the practices of multiple top auditing firms.

Industry-leading blockchain auditing companies such as CertiK, Hacken, and Quantstamp have combined formal verification, static analysis, and expert manual review to assess contract correctness and security risks. These firms have audited thousands of projects, safeguarding hundreds of billions of dollars in digital assets.

Manual code review remains crucial for detecting logical flaws and complex attack vectors. Meanwhile, continuous monitoring and incident response capabilities are becoming increasingly important. Some audit firms now offer real-time on-chain monitoring and security scoring tools to help projects track threats post-deployment.

Summary

For decentralized exchanges, building and maintaining user trust requires multi-dimensional efforts. Code transparency is fundamental. While platforms like Hyperliquid may delay open-sourcing due to development speed considerations, in the long term, audited open-source code is the cornerstone of trust.

Community governance participation is also vital. Platforms like Uniswap involve UNI token holders in governance decisions, entrusting key upgrades and parameter adjustments to the community.

Multiple audits and bug bounty programs have become industry standard practices. Many exchanges have established bug bounty programs worth millions of dollars, encouraging white-hat hackers to discover and report potential vulnerabilities.

Insurance funds and risk reserves provide a final line of defense in extreme situations. Some leading DEXs have set up insurance funds to protect user funds in case of exploits or abnormal market conditions.