DeFi Security Debate Intensifies as AI Threats Expose Smart Contract Vulnerabilities

DeFi Security Split Widens as AI-Linked Threats Fuel Debate

AI-linked threats in DeFi spark debate after major losses and ongoing exploits, with experts split on whether the sector is breaking or adapting to rapidly advancing attack capabilities. Warnings that artificial intelligence is reshaping decentralized finance (DeFi) security are dividing the crypto community over whether DeFi is becoming fundamentally unsafe or entering a new phase of defensive adaptation. Manuel Aráoz, founder of the blockchain security platform OpenZeppelin, took to X late Tuesday to say he considers "all of DeFi unsafe," citing the growing ability of AI coding agents to identify smart contract vulnerabilities. The claim has sparked debate within the crypto community, with some arguing that smart contract flaws are not the primary driver of DeFi hacks, while others say protocols must use AI to strengthen defenses and stay ahead of attackers. The discussion follows a wave of DeFi security incidents in April, which contributed to the highest monthly crypto losses since February 2025, with some security analysts linking the surge to the rise of agentic AI. Yu Xian, founder of blockchain security firm SlowMist, responded to Aráoz's claim by highlighting a "dual threat" from AI-empowered attackers, including black-hat hackers using AI tools and organized groups skilled in social engineering. He said DeFi project teams should urgently adopt advanced AI tools to detect security risks in live code and DevOps processes, while also running regular checks covering both on-chain and off-chain attack paths. Yu also argued that DeFi teams must become "more diligent and ruthless than black hats" as automated attack capabilities continue to evolve. While some security analysts link the rise in DeFi attacks to AI, there is still limited public forensic proof that AI directly executes such exploits, according to Meir Dolev, co-founder and chief technology officer of blockchain security platform Cyvers. "What is verified is the broader trend," Dolev told Cointelegraph, pointing to reports on AI-enabled crypto scams from Chainalysis and the Federal Bureau of Investigation. Source: Cyvers Still, Dolev said DeFi remains uniquely exposed because its code is public, funds move instantly, contracts are composable, and attackers "only need one mistake to succeed." "The most exposed areas are smart-contract logic, admin keys, DevOps, front ends, signer workflows, and human-layer social engineering. AI makes each of these attack surfaces easier to probe and scale," the exec said. Related: Squid and Safe Labs say third-party module behind $3.2M exploit Despite growing concerns, Dolev says abandoning DeFi is not the practical answer. He urged that the focus should shift away from periodic audits toward continuous, real-time security. He also outlined measures such as AI-assisted code review, regular red-team exercises, DevOps hardening, stronger key management, real-time transaction simulation and pre-signing risk scoring. "DeFi is still fixable, but only if security becomes an always-on execution-layer control, not a pre-launch checkbox," Dolev said.

No DeFi Is Safe Anymore, Warns Top Crypto Security Executive -- Why Is He Urging Everyone To Exit Positions?

Aráoz said he has advised friends and family to exit even major DeFi protocols, including Aave, MakerDAO, and Compound. A growing debate over the role of AI in crypto security erupted this week after leading security developer Manuel Aráoz warned that decentralized finance may no longer be safe for investors. Aráoz argued that AI-powered coding agents are dramatically shifting the balance between attackers and defenders in crypto markets. His comments come as DeFi hacks have surged over the past year, wiping out billions across protocols and lending platforms. Manuel Aráoz Says AI Has Changed The Security Equation In a post on X, Aráoz wrote: "PSA: I now consider all of DeFi unsafe." He added that coding agents are "superhuman at finding vulnerabilities, and smart contract security is too asymmetric." Aráoz explained that defenders need to fix every bug while "attackers need just one exploit to steal funds." The remarks sparked immediate debate across crypto circles as Aráoz is one of the sector's best-known security figures. One X user noted: "Seeing Manuel saying this is no joke." Aráoz, co-founder of OpenZeppelin and Decentraland, has created tooling and audit frameworks widely used across DeFi. It comes as AI advances continue to spark fear across the crypto community. Aráoz also escalated his warning, revealing that he had already advised people close to him to reduce their exposure to decentralized finance entirely. "I've been privately advising friends and family to exit all DeFi positions, including low-risk 'blue chips' like Aave, MakerDAO & Compound." The statement rattled parts of the crypto community because the protocols he named are considered among the most established lending systems in the industry. Aave Founder and Crypto Users Push Back The comments quickly triggered backlash from several prominent DeFi figures, including Marc Zeller, founder of the Aave Chan Initiative and a leading contributor within the Aave ecosystem. Zeller dismissed the warning outright, writing: "What a moronic thing to say." He added: "Less than 10% of past year DeFi issues are due to codebase." According to Zeller, most recent failures have instead been tied to: "bad parameter configuration, collateral blow up and poor opsec." "First: calm down, kid," Aráoz responded. He clarified that his concerns extended beyond coding errors alone. "Second: I never said the problem was smart contract code, but security (which includes parameter configuration, mechanism design and opsec)." He added that coding agents are "superhuman" at finding vulnerabilities as well. In a separate post, Zeller claimed most DeFi issues are due to "pure incompetence... but it's easier to blame AI." He said that AI would ultimately be positive and improve overall on-chain safety. Other crypto users also challenged Aráoz's position, arguing that AI-related security risks are not unique to decentralized finance. One X user wrote: "By the same token, aren't custodians also in the same risk category?" The user questioned that if AI was as good as was being made out, the existential threat would also put exchanges such as BitGo and Coinbase at risk. DeFi Hack Losses Have Surged Following Major Exploits The debate comes as DeFi hack losses have climbed sharply over the past 12 months. According to DefiLlama data, over $1.1 billion has been lost to DeFi-related exploits during the past year alone. One of the largest incidents occurred in April, when attackers exploited KelpDAO infrastructure in an attack that ultimately created major losses across the wider DeFi ecosystem. The breach involved roughly 116,500 rsETH tied to KelpDAO's LayerZero-linked bridge infrastructure. The stolen assets were later used as collateral inside Aave before attackers borrowed against them, leaving the lending protocol exposed to significant bad debt. The incident became one of the biggest DeFi security events of 2026. Aave Has Struggled To Recover Since The Exploit The fallout has been especially visible on Aave. Aave's total value locked has fallen sharply since the April exploit, dropping from roughly $26.4 billion to around $14.6 billion within weeks. Data from AaveScan also shows that both supplied assets and outstanding borrows have declined significantly, signaling that users have continued to pull liquidity from the platform. Borrow demand has also weakened. This suggests traders are reducing leverage rather than reopening positions after the exploit, said CCN analyst Abiodun Oladokun. User activity has also deteriorated. Weekly active addresses spiked immediately after the incident as users unwound positions, but participation has since fallen to its lowest level since 2024.