TL;DR:
- OpenZeppelin co-founder Manuel Aráoz said he considers “all of DeFi” unsafe after nearly $630 million was stolen from protocols in April alone.
- He warned AI-powered coding agents could widen the gap between attackers and defenders by finding smart contract flaws faster than teams respond.
- April recorded 27 DeFi exploits, May added 25 more, and TVL fell about 14% from $172 billion to $148 billion amid growing security fears across users.
OpenZeppelin co-founder Manuel Aráoz has turned a DeFi anxiety into a blunt industry alarm. After nearly $630 million was stolen from decentralized finance protocols in April alone, he said he now considers “all of DeFi” unsafe and has personally advised friends and family to exit positions, even in blue-chip names such as Aave, MakerDAO and Compound. The warning lands because it attacks DeFi’s comfort zone, not just obscure protocols, suggesting that the security model underpinning the sector may be losing ground against more capable attackers and automated exploit discovery across live markets.
PSA: I now consider *all* of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
— Manuel Aráoz (@maraoz) May 26, 2026
AI-powered attackers widen DeFi’s security gap
Aráoz’s concern centers on an uneven contest between builders and hackers. In his view, defenders must secure every possible weakness in a protocol, while attackers need to find only one flaw to drain millions. The rise of AI-powered coding agents makes that imbalance more dangerous, because tools that can discover smart contract vulnerabilities may compress the time between code publication and exploitation. The threat is no longer only human persistence but machine-assisted scale, turning DeFi’s open-source transparency into a larger attack surface when defensive teams cannot review, patch and coordinate as quickly as adversaries can probe.
April showed how costly that imbalance can become. The month was the worst for DeFi hacks since the $1.5 billion Bybit exploit in February 2025, with losses driven largely by two major incidents. Drift suffered a $285 million exploit reportedly tied to a sophisticated six-month social engineering campaign, while Kelp DAO lost roughly $293 million after hackers exploited vulnerabilities connected to cross-chain bridge infrastructure. Those attacks made April’s damage feel systemic rather than episodic, especially as security researchers and blockchain analysts attributed both incidents to North Korean state-backed hacking groups targeting crypto for illicit funding.
The pressure has not faded. DefiLlama recorded 27 DeFi exploit incidents in April, followed by another 25 cases reported so far in May, even though May’s losses have been smaller. Investor confidence also appears to be reacting, with total value locked across DeFi falling about 14% since mid-April, from roughly $172 billion to $148 billion. The market is pricing security as a live adoption risk, while incidents including Verus Network’s $11.6 million Ethereum bridge exploit and Polymarket’s $573,200 breach keep reinforcing that protocol safety is no longer a back-office issue.
