Security Pioneer Warns DeFi Is Unsafe as AI Threats Expose Smart Contract Vulnerabilities

Crypto Security Pioneer: 'I Now Consider All of DeFi Unsafe'

Crypto projects in the decentralized finance (DeFi) sector have faced a wave of security incidents lately, and now, one of the earliest figures in smart contract auditing has declared the entire DeFi space unsafe. This point of view was shared on X by Manuel Aráoz, co-founder of OpenZeppelin. He has gone so far as to privately advise friends and family to exit all DeFi positions, including what many view as low-risk "blue chips" such as Aave, MakerDAO, and Compound. Aráoz pointed to advances in artificial intelligence as the core reason for this shift in the reliability and trustworthiness of DeFi apps. "Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds," he explained. Late last year, Anthropic released data showing AI agents had become far more capable at spotting and potentially exploiting bugs in crypto smart contracts. At that stage, the progress mostly involved issues humans had already identified. Things shifted earlier this year with the release of Anthropic's Mythos model. The system is so powerful that Anthropic keeps it under tight restrictions and makes it available only to a limited group of partners. According to Anthropic, it has uncovered critical bugs in software that had run in production environments for decades without anyone noticing the flaws. Due to the security implications for the crypto space, exchanges, such as Coinbase, have reportedly reached out to Anthropic to gain access to Mythos. To Aráoz's point, a major DeFi hack last year sent a chill across the DeFi sector because it hit a vulnerability in a smart contract that had operated in the wild for years, survived multiple audits, and carried a reputation for being solid. The $120 million exploit itself played out in a way that echoed the penny-skimming scheme from the movie Office Space. More recently, April stood out as the worst month on record for the sheer volume of crypto hacks, with incidents occurring at a pace of nearly one per day. North Korea has been linked to the vast majority of funds stolen through these attacks this year, though the regime issued a rare denial of involvement last month. Just this past weekend, another incident occurred when stablecoin issuer StablR saw its system compromised. The setup relied on a 1-of-3 multisignature wallet for minting, meaning a single key could approve actions, and an attacker gained control of one key, added themselves as administrator, removed the legitimate operators, and minted roughly $13.5 million in unbacked stablecoins. They swapped the tokens on decentralized exchanges and walked away with around 1,115 ether, valued near $3 million at the time. As the StablR incident illustrates, the reality is that far from all hacks trace back to smart contract bugs. Social engineering and centralized attack vectors often play the decisive role, even in projects that market themselves as decentralized. Admin privileges, key management failures, and poor operational security frequently open the door wider than any code flaw. Despite these centralized points proving to be repeated weak links, some in the crypto industry agree with Aráoz that a form of gated DeFi may be the only realistic path forward for now. Uttam Singh, senior developer relations engineer at blockchain infrastructure provider Alchemy, called for circuit breakers, timelocks on changes, security councils with emergency halt powers, and rate limits on new asset listings. He argued the space simply is not mature enough yet to run without those safeguards for now. Others pushed back sharply. Aave Chan Initiative founder Marc Zeller called Aráoz's position "a moronic thing to say," noting that less than 10% of DeFi issues in the past year stemmed from the actual codebase. Some critics went further and labeled Aráoz's comments as nothing more than fear marketing for the benefit of OpenZeppelin. Aráoz clarified that he never limited the problem to smart contract code alone but to broader security, which includes parameters, mechanism design, and opsec. "Coding agents are superhuman at finding those vulns too, and my point holds," he wrote. It should be noted that OpenZeppelin took to X to clarify that Aráoz's comments do not match the company's official position on this matter, as Aráoz left the company in 2019. The pair of Uniswap founder Hayden Adams and Aave founder Stani Kulechov also pointed out that the same AI tools being used by attackers can also be used for defense, which should, ironically, make these systems even more resilient and secure over time. "DeFi is constantly evolving, but pretending the industry hasn't matured significantly or that AI is only a net negative for DeFi security is simply not true," Kulechov posted on X. "The same AI capabilities attackers use are also increasingly used by security researchers, auditors, and whitehats to strengthen protocols. DeFi Will Win" Bitcoin itself is thought to be somewhat safer from the same class of AI-driven attacks. Ethereum and similar platforms rely on Turing-complete smart contract languages such as Solidity, and that design allows for highly complex, stateful logic with countless possible interactions, which expands the attack surface dramatically. Bitcoin's scripting language, by contrast, is deliberately not Turing-complete and is intended to keep the system simpler and more predictable. That said, Jack Dorsey's Block has already launched an initiative called Project Loupe that uses AI agents to proactively scan open-source Bitcoin-related software for vulnerabilities, like what Adams and Kulechov mentioned as a counterargument to Aráoz's claims. The project generates detailed reports with proof-of-concept test cases and offers free scanning as a service to help maintainers stay ahead. The goal is to flip the asymmetry by giving defenders the same powerful tools attackers are already using.

DeFi Security Split Widens as AI-Linked Threats Fuel Debate

AI-linked threats in DeFi spark debate after major losses and ongoing exploits, with experts split on whether the sector is breaking or adapting to rapidly advancing attack capabilities. Warnings that artificial intelligence is reshaping decentralized finance (DeFi) security are dividing the crypto community over whether DeFi is becoming fundamentally unsafe or entering a new phase of defensive adaptation. Manuel Aráoz, founder of the blockchain security platform OpenZeppelin, took to X late Tuesday to say he considers "all of DeFi unsafe," citing the growing ability of AI coding agents to identify smart contract vulnerabilities. The claim has sparked debate within the crypto community, with some arguing that smart contract flaws are not the primary driver of DeFi hacks, while others say protocols must use AI to strengthen defenses and stay ahead of attackers. The discussion follows a wave of DeFi security incidents in April, which contributed to the highest monthly crypto losses since February 2025, with some security analysts linking the surge to the rise of agentic AI. Yu Xian, founder of blockchain security firm SlowMist, responded to Aráoz's claim by highlighting a "dual threat" from AI-empowered attackers, including black-hat hackers using AI tools and organized groups skilled in social engineering. He said DeFi project teams should urgently adopt advanced AI tools to detect security risks in live code and DevOps processes, while also running regular checks covering both on-chain and off-chain attack paths. Yu also argued that DeFi teams must become "more diligent and ruthless than black hats" as automated attack capabilities continue to evolve. While some security analysts link the rise in DeFi attacks to AI, there is still limited public forensic proof that AI directly executes such exploits, according to Meir Dolev, co-founder and chief technology officer of blockchain security platform Cyvers. "What is verified is the broader trend," Dolev told Cointelegraph, pointing to reports on AI-enabled crypto scams from Chainalysis and the Federal Bureau of Investigation. Source: Cyvers Still, Dolev said DeFi remains uniquely exposed because its code is public, funds move instantly, contracts are composable, and attackers "only need one mistake to succeed." "The most exposed areas are smart-contract logic, admin keys, DevOps, front ends, signer workflows, and human-layer social engineering. AI makes each of these attack surfaces easier to probe and scale," the exec said. Related: Squid and Safe Labs say third-party module behind $3.2M exploit Despite growing concerns, Dolev says abandoning DeFi is not the practical answer. He urged that the focus should shift away from periodic audits toward continuous, real-time security. He also outlined measures such as AI-assisted code review, regular red-team exercises, DevOps hardening, stronger key management, real-time transaction simulation and pre-signing risk scoring. "DeFi is still fixable, but only if security becomes an always-on execution-layer control, not a pre-launch checkbox," Dolev said.

No DeFi Is Safe Anymore, Warns Top Crypto Security Executive -- Why Is He Urging Everyone To Exit Positions?

Aráoz said he has advised friends and family to exit even major DeFi protocols, including Aave, MakerDAO, and Compound. A growing debate over the role of AI in crypto security erupted this week after leading security developer Manuel Aráoz warned that decentralized finance may no longer be safe for investors. Aráoz argued that AI-powered coding agents are dramatically shifting the balance between attackers and defenders in crypto markets. His comments come as DeFi hacks have surged over the past year, wiping out billions across protocols and lending platforms. Manuel Aráoz Says AI Has Changed The Security Equation In a post on X, Aráoz wrote: "PSA: I now consider all of DeFi unsafe." He added that coding agents are "superhuman at finding vulnerabilities, and smart contract security is too asymmetric." Aráoz explained that defenders need to fix every bug while "attackers need just one exploit to steal funds." The remarks sparked immediate debate across crypto circles as Aráoz is one of the sector's best-known security figures. One X user noted: "Seeing Manuel saying this is no joke." Aráoz, co-founder of OpenZeppelin and Decentraland, has created tooling and audit frameworks widely used across DeFi. It comes as AI advances continue to spark fear across the crypto community. Aráoz also escalated his warning, revealing that he had already advised people close to him to reduce their exposure to decentralized finance entirely. "I've been privately advising friends and family to exit all DeFi positions, including low-risk 'blue chips' like Aave, MakerDAO & Compound." The statement rattled parts of the crypto community because the protocols he named are considered among the most established lending systems in the industry. Aave Founder and Crypto Users Push Back The comments quickly triggered backlash from several prominent DeFi figures, including Marc Zeller, founder of the Aave Chan Initiative and a leading contributor within the Aave ecosystem. Zeller dismissed the warning outright, writing: "What a moronic thing to say." He added: "Less than 10% of past year DeFi issues are due to codebase." According to Zeller, most recent failures have instead been tied to: "bad parameter configuration, collateral blow up and poor opsec." "First: calm down, kid," Aráoz responded. He clarified that his concerns extended beyond coding errors alone. "Second: I never said the problem was smart contract code, but security (which includes parameter configuration, mechanism design and opsec)." He added that coding agents are "superhuman" at finding vulnerabilities as well. In a separate post, Zeller claimed most DeFi issues are due to "pure incompetence... but it's easier to blame AI." He said that AI would ultimately be positive and improve overall on-chain safety. Other crypto users also challenged Aráoz's position, arguing that AI-related security risks are not unique to decentralized finance. One X user wrote: "By the same token, aren't custodians also in the same risk category?" The user questioned that if AI was as good as was being made out, the existential threat would also put exchanges such as BitGo and Coinbase at risk. DeFi Hack Losses Have Surged Following Major Exploits The debate comes as DeFi hack losses have climbed sharply over the past 12 months. According to DefiLlama data, over $1.1 billion has been lost to DeFi-related exploits during the past year alone. One of the largest incidents occurred in April, when attackers exploited KelpDAO infrastructure in an attack that ultimately created major losses across the wider DeFi ecosystem. The breach involved roughly 116,500 rsETH tied to KelpDAO's LayerZero-linked bridge infrastructure. The stolen assets were later used as collateral inside Aave before attackers borrowed against them, leaving the lending protocol exposed to significant bad debt. The incident became one of the biggest DeFi security events of 2026. Aave Has Struggled To Recover Since The Exploit The fallout has been especially visible on Aave. Aave's total value locked has fallen sharply since the April exploit, dropping from roughly $26.4 billion to around $14.6 billion within weeks. Data from AaveScan also shows that both supplied assets and outstanding borrows have declined significantly, signaling that users have continued to pull liquidity from the platform. Borrow demand has also weakened. This suggests traders are reducing leverage rather than reopening positions after the exploit, said CCN analyst Abiodun Oladokun. User activity has also deteriorated. Weekly active addresses spiked immediately after the incident as users unwound positions, but participation has since fallen to its lowest level since 2024.