Crypto was born from an open-source ethos, where code was shared publicly, accessible for review and shaped by community contributions. Transparency and verifiability are foundational principles that enable trust in Bitcoin.
But as the space matured, some disadvantages of open source surfaced. Innovative smart contract platforms and decentralized finance (DeFi) applications were forked to create direct competitors — from the wave of Uniswap clones to Ethereum forks — which prioritized speed and lower fees over decentralization.
As a result, some projects opted for closed-source development to protect proprietary designs and reduce the risk of exploits, hoping to delay or deter malicious actors by making the code harder to analyze. This approach is often criticized as “security through obscurity,” where hiding vulnerabilities instead of fixing them becomes a line of defense.
Closed-source systems run counter to crypto’s original vision of decentralization and transparency. What started as a grassroots movement among cypherpunks and hackers is now increasingly mainstream and integrating with the very institutional system it once sought to disrupt.
Solana Loopscale exploit shows why open source can still be more secure
An exploit on Solana’s Loopscale protocol shows that closed source is not a one-size-fits-all solution for keeping malicious actors out. On April 26, just weeks after launching, the closed-source DeFi lending platform suffered a $5.8-million exploit.
A hacker reportedly manipulated collateral parameters to take out a series of undercollateralized loans, draining funds from the protocol.
Related: Why do crypto bros like freedom cities?
While the incident ended on a relatively positive note — Loopscale was able to negotiate with the attacker to return the funds — it reignited concerns about the prevalence of closed-source projects on Solana and in crypto more broadly.
“Jordan,” an engineer at Solana research firm Anza, called out this issue in a 2023 critique, describing closed-source DeFi protocols and wallets as one of the network’s biggest weaknesses. He argued that when a small group can change code without oversight, users are forced to blindly trust teams rather than verifiable smart contracts.
According to DefiLlama data, closed-source protocols dominated Solana’s DeFi ecosystem in its early days but shared half of the stage with open-source alternatives in late 2021. Since then, the shift has been gradual but clear. As of April 29, open-source protocols accounted for nearly 90% of the value locked in Solana’s DeFi space.
“Audited, open-source code is the best way forward. By keeping your code closed source, you are just hiding back doors, otherwise known as ‘security by obscurity.’ By being open source, getting audited and having a bounty program, protocols can get more eyes on their code while also incentivizing everyone to do the right thing,” said Max Kaplan, CTO of Sol Strategies.
Crypto is growing up and moving away from open source
Though there are strong voices pushing to keep crypto open source, many in the industry have raised concerns about a growing shift toward closed-source development.
Closed source is a standard design choice in the corporate world, used to protect intellectual property, preserve competitive advantage, and reduce the risk of exploits. Increasingly, crypto firms are adopting that same mindset — not to replace traditional infrastructure, but to integrate with it.
Many of the most prominent players in the space are no longer trying to disrupt the financial system outright. Firms are reportedly seeking bank charters, building institutional rails and engaging regulators. In that context, closed-source code isn’t viewed as a betrayal of crypto’s ideals, but rather a practical step toward becoming part of the world they once sought to displace.
This debate isn’t limited to crypto. In early 2025, China’s DeepSeek shook global markets with the release of a powerful, low-cost and open-source AI model. It showcased how open-source innovation can challenge Western AI dominance.
But according to Matt Pearl, director of the strategic tech program at the Center for Strategic and International Studies, open-source AI can be dangerous without safety guardrails.
Related: DeepSeek privacy concerns raise international alarm bells
Pearl and his co-authors argued in a February commentary that open-source AI allows anyone to download, modify and strip out safeguards. Pearl said DeepSeek can easily be jailbroken to produce malware, phishing kits or disinformation, making it more likely to be abused by cybercriminals than closed models.
Proponents wants to keep crypto open source
One common argument for closing off smart contract code is that regular users do not read it, while malicious actors do. However, Mikko Ohtamaa, founder of Trading Strategies, said this misses the point.
“Even if 99% of DeFi users are code illiterate and do not know what the code says, it takes only one honest person to debunk bad code and warn other users,” he said, adding that projects can still protect their intellectual property through licensing, citing examples like Uniswap v3’s business license model.
Research also supports the case for open-source security. A 2022 report by software firm Red Hat, based on a survey of nearly 1,300 IT leaders, found that most consider enterprise open-source software to be as secure or more secure than proprietary alternatives.
“Transparency is the fundamental property of cryptography and blockchain systems. Without transparency, there is no verify. With no verify, any low trust system like a blockchain is no better than a centralised system,” Ohtaama said.
Magazine: Ethereum is destroying the competition in the $16.1T TradFi tokenization race
