Isaac Patka proposes DeFi protocol safety framework with three separate multisigs
The SEAL certifications lead wants to split emergency freezes, parameter tweaks, and contract upgrades into distinct governance layers, arguing that over 90% of DeFi incidents have nothing to do with code.
Share
Add us on Google by Editorial Team May. 31, 2026Most DeFi exploits aren’t caused by bad code. They’re caused by bad operations. That’s the core argument from Isaac Patka, certifications lead at the Security Alliance (SEAL) and co-founder of Shield3, who laid out a three-multisig architectural framework designed to give DeFi protocols a more structured approach to security governance.
The proposal, introduced on the Unchained podcast on May 29, arrives just days after OpenZeppelin co-founder Manuel Aráoz publicly declared all DeFi protocols unsafe on May 26. Patka’s framework is a direct response, and it comes with receipts: according to his analysis, over 90% of recent DeFi incidents stem from operational security failures or parameter misconfigurations, not smart contract vulnerabilities.
Three multisigs, three speeds
The first multisig handles emergency pauses. It’s designed to be fast-acting, with minimal delay, because when an exploit is draining millions in real time, you don’t want to wait 48 hours for enough signers to wake up and approve a freeze.
AdvertisementThe second multisig covers parameter updates, things like adjusting collateral ratios, fee structures, or interest rate curves. These get a short timelock, enough to give the community visibility into what’s changing without creating the kind of delay that makes protocols unable to respond to shifting market conditions.
The third multisig governs contract upgrades, the most consequential changes a protocol can make. These carry a long timelock, giving users and auditors ample time to review, object, or exit before new code goes live.
The separation isn’t just about speed. It’s about limiting blast radius. If one set of keys is compromised, the attacker gets access to one category of actions, not all of them.
The operational security problem nobody talks about
Patka’s most striking claim is the one that should make every DeFi team uncomfortable. Fewer than 10% of DeFi issues in the past year were traced back to problems in the codebase. The overwhelming majority came from operational security errors or configuration mistakes.
He coined a term for the disconnect: “decentralization theater.” It describes protocols that technically have decentralized governance structures but are, in practice, controlled by a small centralized team.
To combat this, Patka advocates for circuit breakers, automated anomaly detection, and clearly defined role categorizations within governance. SEAL has published its Multisig Security Framework, which includes these recommendations as best practices.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
