Home
News
Details

OpenZeppelin Co-Founder Warns All DeFi Is Unsafe Due to AI Coding Agents

iconCryptoPotato
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
AAVE
$62.317-1.38%
This is the logo of the coin.
Maker
----
This is the logo of the coin.
COMP
$17.847.92%
This is the logo of the coin.
ETH
$1,667.77-1.07%
AI summary iconSummary

expand icon
OpenZeppelin co-founder Manuel Aráoz warned on May 26 that AI-powered coding agents have made DeFi protocols unsafe, urging users to exit positions in major projects like Aave, MakerDAO, and Compound. He claimed attackers now have the edge as AI can spot vulnerabilities faster than human teams. The AI + crypto news sparked debate, with figures like Vitalik Buterin and Mark Zeller countering that most DeFi exploit risks come from operational errors, not code flaws. Major DeFi smart contracts are still seen as secure.

Manuel Aráoz, co-founder of smart contract security firm OpenZeppelin, went public on May 26 with a blunt recommendation that people should get out of DeFi, all of it, including the blue chips.

According to him, AI-powered coding agents have tilted the security game so far toward attackers that no protocol can currently be trusted to hold user funds.

Aráoz’s Warning

The software engineer wrote in a post on X;

“PSA: I now consider all of DeFi unsafe.”

He also said he has been privately advising friends and family to exit all DeFi positions, naming Aave, MakerDAO, and Compound as protocols he no longer considers safe.

His reasoning is based on asymmetry: defenders must find and fix every vulnerability, while attackers need only one to cause damage. Now, with AI coding agents capable of scanning smart contracts faster and more thoroughly than any human security team can, Aráoz feels the asymmetry has become unworkable.

OpenZeppelin itself recently noted that crypto companies lost more than $3.4 billion to hacks in 2025; however, it blamed most of that theft on compromised credentials, operational failures, and code shipped between audits, rather than on smart contract bugs.

This year has also seen a rollercoaster of attacks, with more than $650 million stolen in April alone. Of that amount, $292 million came from an exploit on KelpDAO, with another $285 million siphoned from Drift Protocol following what experts say were months of social engineering.

Pushback From X Users

Against that backdrop, Aráoz’s warning landed hard, but people immediately pushed back. One of those criticizing the post was Aave Chan Initiative founder Mark Zeller, who held nothing back.

His counter was data-driven: he pointed out that fewer than 10% of DeFi issues in the past year stemmed from code-level vulnerabilities, with most failures, according to him, tracing back to poor risk parameters, collateral mismanagement, and weak operational security, not AI-assisted exploits.

Several others echoed Zeller’s view, though with slightly less heat. Phoenix Lab co-founder Sam McPherson indicated that smart contracts of blue-chip DeFi platforms were “quite safe these days” and pointed to opsec failures as the real culprit behind most of the major hacks that have happened recently.

Another X user, Polaris Finance developer Robert, made a similar distinction, saying that actual smart contract exploits are “almost non-existent these days.” He added that recent breaches have largely involved centralized components that allow human control rather than the immutable code beneath them.

Ethereum co-founder Vitalik Buterin also has a different view on AI and its effect on crypto security, writing earlier this month that AI-assisted formal verification could actually make crypto systems more secure over time. According to him, developers can use AI to write both the code and the mathematical proofs of its correctness.

The post AI Coding Agents Have Made All DeFi Unsafe, Security Expert Says appeared first on CryptoPotato.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.