OpenZeppelin Founder: All of DeFi Is Now Unsafe!

Manuel Aráoz, co-founder of crypto security firm OpenZeppelin, has issued a stark warning: he now considers all of DeFi unsafe, and has been personally advising friends and family to exit every DeFi position — including blue-chip protocols like Aave, MakerDAO, and Compound. His reasoning cuts to the structural core of the problem: AI-powered coding agents are now superhuman at finding smart contract vulnerabilities, and the asymmetry is brutal. Defenders must patch every bug; attackers need just one.

The warning lands against a brutal backdrop. April saw nearly $630 million stolen from DeFi protocols — the worst month since the $1.5 billion Bybit hack in February. The two largest incidents were the $285 million Drift exploit, the result of a six-month social engineering campaign, and the $293 million Kelp DAO breach targeting a cross-chain bridge vulnerability.