OpenZeppelin founder warns "all DeFi is insecure": AI threats make even Aave difficult to defend

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1886 words

Manuel Araoz, co-founder of crypto security firm OpenZeppelin, posted on social media that he now believes "all of DeFi is unsafe," and has begun personally advising friends and family to exit all DeFi positions, including those in Aave, MakerDAO, and Compound. (Background: Kelp DAO announces full restoration of rsETH: $293 million stolen by North Korean hackers 5 weeks ago) (Context: SquidRouterModule hit by major vulnerability! 86 Gnosis Safes hacked for $3 million) Key Takeaways - OpenZeppelin co-founder Manuel Araoz publicly advises friends and family to exit all DeFi positions including Aave and MakerDAO - DeFi suffered nearly $630 million in thefts in April, with Drift ($285 million) and Kelp DAO ($293 million) both linked to North Korean hackers - DeFi TVL has dropped roughly 14% since mid-April, with 25 more security incidents in May and 40+ protocols announcing shutdowns The person behind the most widely used smart contract security framework in the crypto world is now urging you to pull all your money out of DeFi. OpenZeppelin co-founder Manuel Araoz recently posted on social media that he has changed his view on DeFi security, and his current conclusion is that "all of DeFi is unsafe." He revealed that he has begun personally advising friends and family to exit all DeFi positions, even long-running "blue chip" protocols like Aave, MakerDAO, and Compound. PSA: I now consider *all* of DeFi unsafe. Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds. — Manuel Aráoz (@maraoz) May 26, 2026 AI Has Made Attack and Defense Completely Asymmetric The core problem Araoz points to is the structural asymmetry between attackers and defenders. He stated that AI coding agents are "superhuman" at finding smart contract vulnerabilities, and this capability inherently favors attackers. Defenders must patch every single vulnerability, while attackers only need to find one to walk away with the funds. These words carry particular weight coming from the founder of a security firm. OpenZeppelin's smart contract library is used by the vast majority of Solidity developers worldwide, and Araoz's understanding of DeFi security is not theoretical. His judgment essentially says: under the current technical architecture, DeFi's security model is fundamentally tilted in favor of attackers. Losses Continue to Mount Since April The data is on Araoz's side. DeFi protocols lost nearly $630 million in April alone, making it the worst month for losses since Bybit was hacked for approximately $1.5 billion in February 2025. Among these, two major exploit incidents—Drift ($285 million) and Kelp DAO ($293 million)—were both attributed by tracking organizations to the North Korean state-backed hacker group Lazarus Group. Market confidence has clearly been shaken. The total value locked (TVL) in DeFi protocols has dropped about 14% since mid-April, from approximately $172 billion to $148 billion. May has brought no relief either, with 25 security incidents to date, including the Verus Network cross-chain bridge exploit that lost $11.6 million, and an attack on Polymarket's UMA CTF Adapter that lost approximately $570,000. More than 40 protocols have announced shutdowns or entered liquidation mode in the first five months of this year. Statistically, North Korea-linked attackers accounted for 76% of global crypto hack losses in 2026, further climbing from 64% in 2025. The crisis of confidence in DeFi continues to spread. FAQ Why does the OpenZeppelin co-founder say all of DeFi is unsafe? Manuel Araoz believes AI coding agents give attackers an overwhelming advantage in finding vulnerabilities. Defenders must patch every vulnerability, while attackers only need to find one to steal funds. This structural asymmetry puts all DeFi protocols—including Aave and MakerDAO—at risk. How much has been stolen from DeFi in 2026? As of the end of May, over $770 million has been stolen, with nearly $630 million in April alone. The two largest incidents were Drift ($285 million) and Kelp DAO ($293 million), both linked to the North Korean hacker group Lazarus Group.

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching0 items

No similar events found (requires more data samples or embedding search; currently MVP keyword matching)

Raw Information

ID:e028804671

Source:動區 BlockTempo

Published:2026-05-27 06:48:04

Category:zh_news · Export Category zh

Symbols:Unspecified

Community Votes:+0 / −0 · ⭐ 0 Important · 💬 0 Comments