OpenZeppelin Co-Founder Warns ‘All of DeFi Is Unsafe’ as Crypto Hacks Surge

Manuel Araoz, co-founder of crypto security company OpenZeppelin, warned that he now considers “all of DeFi unsafe.” The statement shocked many in the crypto community because OpenZeppelin is one of the most respected security firms in decentralized finance and has audited some of the industry’s largest protocols.

Araoz said he has even advised friends and family to leave DeFi positions entirely, including investments in major “blue-chip” protocols.

OpenZeppelin Founder Raises Alarm Over AI-Powered Exploits

In a post shared on X, Araoz explained that rapid advancements in AI coding agents are making decentralized finance increasingly dangerous.

According to him, modern AI systems are becoming “superhuman” at identifying vulnerabilities inside smart contracts.

He warned that DeFi security has become highly asymmetric because defenders must fix every possible vulnerability while attackers only need to discover one weakness to steal funds.

Araoz stated that, “Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric.”

He added that he has privately advised close contacts to exit all DeFi positions, including exposure to major protocols such as, Aave, MakerDAO and Compound

The comments quickly spread across crypto markets because those platforms are generally viewed as some of the safest and most battle-tested protocols in decentralized finance.

OpenZeppelin Plays Major Role Across Crypto

OpenZeppelin has become one of the most influential security firms in the blockchain industry over the last several years.

The company has audited smart contracts and security systems for major crypto platforms including, Uniswap, Coinbase, Aave, Compound and MakerDAO

Because of the company’s reputation, Araoz’s warning is being taken seriously by many traders and developers. His concerns arrive during one of the worst periods for DeFi exploits since the massive Bybit hack earlier this year.

DeFi Losses Continue Climbing

According to market data, nearly $630 million was stolen from DeFi protocols during April alone. That made April one of the worst months for DeFi hacks since February 2025, when Bybit suffered a massive $1.5 billion exploit.

Several major attacks heavily damaged market confidence.

One of the biggest incidents involved a $285 million exploit targeting Drift after attackers reportedly used a six-month social engineering campaign.

Another attack drained roughly $293 million from Kelp DAO by exploiting vulnerabilities connected to its cross-chain bridge infrastructure. Security researchers have widely linked both attacks to North Korean state-backed hacking groups.

According to market tracking data, April alone saw 27 separate DeFi exploit incidents.

So far in May, the market has already recorded roughly 25 additional DeFi exploit cases.

Some recent attacks include an $11.6 million exploit targeting Verus Network’s Ethereum bridge and a $573,200 security breach involving Polymarket

Polymarket later suggested the incident may have involved a compromised private key tied to internal wallet operations.

DeFi TVL Continues Falling

Investor confidence across decentralized finance has also weakened sharply in recent weeks.

Total value locked (TVL) across DeFi protocols has reportedly dropped around 14% since mid-April. The market’s TVL declined from approximately $172 billion down to nearly $148 billion.

Analysts believe the constant stream of exploits, bridge attacks, governance hacks, and private key compromises is causing many investors to reduce exposure to DeFi products.

Araoz’s comments have now intensified a larger debate happening across the crypto industry.

Others believe the industry is simply facing growing pains similar to the early internet era.