Smart contract security expert Manuel Aráoz, co-founder of OpenZeppelin, has issued a stark public warning advising people to exit all DeFi positions. He argues that AI-powered coding agents have created an unmanageable security asymmetry, making even blue-chip protocols like Aave, MakerDAO, and Compound unsafe. Critics, including Aave Chan Initiative founder Marc Zeller, quickly pushed back, citing data showing most recent crypto losses stem from operational failures rather than smart contract bugs.
Manuel Aráoz, co-founder of smart contract security firm OpenZeppelin, publicly advised people to exit all DeFi positions on May 26. “PSA: I now consider all of DeFi unsafe,” he wrote, naming protocols like Aave, MakerDAO, and Compound as unsafe.
Aráoz’s warning hinges on a perceived security asymmetry tilted by AI coding agents. He believes defenders must find every vulnerability, while attackers need only one, a challenge exacerbated by AI’s scanning capabilities.
OpenZeppelin itself recently noted that crypto companies lost more than $3.4 billion to hacks in 2025. It stated most thefts were caused by compromised credentials and operational failures rather than smart contract bugs.
Major losses this year include more than $650 million stolen in April alone. A $292 million exploit on KelpDAO and a $285 million incident on Drift Protocol were among the largest.
Industry figures immediately pushed back against Aráoz’s assessment. Aave Chan Initiative founder Marc Zeller pointed out that fewer than 10% of recent DeFi issues stemmed from code-level vulnerabilities.
Zeller argued most failures trace back to poor risk parameters, collateral mismanagement, and weak operational security. Phoenix Lab co-founder Sam McPherson similarly indicated that blue-chip DeFi smart contracts are currently “quite safe.”
Ethereum co-founder Vitalik Buterin has a different view on AI’s role in crypto security. He wrote earlier this month that AI-assisted formal verification could actually make crypto systems more secure over time.
