Manuel Aráoz, co-founder of smart contract security firm OpenZeppelin, went public on May 26 with a blunt recommendation that people should get out of DeFi, all of it, including the blue chips.
According to him, AI-powered coding agents have tilted the security game so far toward attackers that no protocol can currently be trusted to hold user funds.
Aráoz’s Warning
The software engineer wrote in a post on X;
“PSA: I now consider all of DeFi unsafe.”
He also said he has been privately advising friends and family to exit all DeFi positions, naming Aave, MakerDAO, and Compound as protocols he no longer considers safe.
His reasoning is based on asymmetry: defenders must find and fix every vulnerability, while attackers need only one to cause damage. Now, with AI coding agents capable of scanning smart contracts faster and more thoroughly than any human security team can, Aráoz feels the asymmetry has become unworkable.
OpenZeppelin itself recently noted that crypto companies lost more than $3.4 billion to hacks in 2025; however, it blamed most of that theft on compromised credentials, operational failures, and code shipped between audits, rather than on smart contract bugs.
This year has also seen a rollercoaster of attacks, with more than $650 million stolen in April alone. Of that amount, $292 million came from an exploit on KelpDAO, with another $285 million siphoned from Drift Protocol following what experts say were months of social engineering.
Pushback From X Users
Against that backdrop, Aráoz’s warning landed hard, but people immediately pushed back. One of those criticizing the post was Aave Chan Initiative founder Mark Zeller, who held nothing back.
His counter was data-driven: he pointed out that fewer than 10% of DeFi issues in the past year stemmed from code-level vulnerabilities, with most failures, according to him, tracing back to poor risk parameters, collateral mismanagement, and weak operational security, not AI-assisted exploits.
Several others echoed Zeller’s view, though with slightly less heat. Phoenix Lab co-founder Sam McPherson indicated that smart contracts of blue-chip DeFi platforms were “quite safe these days” and pointed to opsec failures as the real culprit behind most of the major hacks that have happened recently.
Another X user, Polaris Finance developer Robert, made a similar distinction, saying that actual smart contract exploits are “almost non-existent these days.” He added that recent breaches have largely involved centralized components that allow human control rather than the immutable code beneath them.
Ethereum co-founder Vitalik Buterin also has a different view on AI and its effect on crypto security, writing earlier this month that AI-assisted formal verification could actually make crypto systems more secure over time. According to him, developers can use AI to write both the code and the mathematical proofs of its correctness.
The post AI Coding Agents Have Made All DeFi Unsafe, Security Expert Says appeared first on CryptoPotato.
