On May 26, 2026, Manuel Aráoz — co-founder and former CTO of OpenZeppelin, the firm that practically wrote the book on smart contract auditing — posted a message that sent shockwaves through the decentralized finance community. “I now consider *all* of DeFi unsafe,” he wrote. “Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.” He went further, advising friends and family to exit positions in blue-chip protocols like Aave, MakerDAO, and Compound. With Bitcoin trading near $76,000 and the total value locked in DeFi having fallen from $172 billion in mid-April to $148 billion, the warning landed at a moment of acute market stress.
The Threat Landscape
The numbers backing Aráoz’s warning are stark. Over the past year, more than $1.1 billion has been lost to DeFi exploits. April 2026 alone accounted for $635 million across 28 reported hacks. The Verus DeFi protocol lost $11.58 million through a bridge exploit on Ethereum, where an attacker funded their wallet through Tornado Cash before draining tBTC, ETH, and USDC. But the real concern is not any single exploit — it is the structural shift in how vulnerabilities are discovered and weaponized.
Research from venture capital firm a16z validates the accelerating offensive capability of AI agents, noting that they have consistently identified core vulnerabilities in historical DeFi exploits. Even when agents failed to complete an exploit end-to-end, they often reached the stage that gives attackers a starting point. The implication is clear: a tool that reliably identifies weak points dramatically reduces the expertise barrier to launching an attack.
Anthropic has taken the extraordinary step of restricting public access to its unreleased Claude Mythos model precisely because of its capacity to autonomously discover and weaponize software flaws. When one of the world’s leading AI companies voluntarily limits its own product, the threat level speaks for itself.
Core Principles
The asymmetry Aráoz describes is fundamental. DeFi protocols are open-source by design — their code, governance structures, and integrations are publicly auditable. This transparency is a feature, not a bug, but it also means that AI agents can study every line of code around the clock, at machine speed, for near-zero marginal cost. Human auditors, no matter how skilled, cannot match that coverage.
However, OpenZeppelin itself has pushed back on the most alarmist reading of Aráoz’s warning. The security firm noted that most large losses in recent months have stemmed from operational failures rather than flaws in audited contract code — stolen private keys, bridge spoofing, social engineering, and access control breakdowns. This distinction matters enormously for how individual investors should respond.
The first core principle, then, is separating protocol risk from operational risk. A flawlessly audited smart contract is useless if the deployer key is compromised. A battle-tested bridge is meaningless if the team falls for a social engineering attack. Defense must be holistic.
Tooling & Setup
For investors who choose to remain active in DeFi despite the elevated threat environment, a layered security approach is essential. Start with hardware wallets from established manufacturers — never sign transactions from a hot wallet holding significant funds. Enable multi-signature governance on any protocol treasury you control. Use hardware security keys for two-factor authentication on every exchange and DeFi dashboard.
For protocol operators, the tooling requirements have escalated. Continuous monitoring platforms that flag unusual transaction patterns in real time are no longer optional — they are baseline infrastructure. Bug bounty programs need to offer competitive rewards that match the potential haul from an exploit. Formal verification of smart contract logic, once a nice-to-have, should now be standard for any protocol managing more than nine figures of TVL.
The emergence of AI-powered defense tools offers a potential counterweight. Several security firms now deploy adversarial AI agents that continuously probe their clients’ own contracts, simulating attack vectors before malicious actors can discover them. This red team approach at machine speed represents the most promising path toward restoring equilibrium between attackers and defenders.
Ongoing Vigilance
The Crypto Fear and Greed Index sits at 34 as of May 26, deep in Fear territory. Bitcoin’s implied volatility has fallen to 36 percent, an eight-month low, suggesting the market expects range-bound price action in the near term. But low volatility often masks accumulating leverage — current derivatives data shows that a break above $80,447 would trigger $1.245 billion in cumulative short liquidations across major centralized exchanges, while a drop below $73,416 would liquidate $739 million in longs.
This leverage backdrop means that any security incident — a major exploit, a governance attack, a bridge failure — can cascade through the market far faster than in previous cycles. Maintaining reduced exposure, setting strict stop-losses, and keeping emergency exit plans updated are not paranoid precautions; they are prudent risk management.
For those following Aráoz’s advice and reducing DeFi exposure, consider that Bitcoin itself, held in self-custody, eliminates smart contract risk entirely. The trade-off is opportunity cost — you miss yield — but in an environment where AI agents can find and exploit vulnerabilities faster than human auditors can patch them, capital preservation deserves a higher weighting in the risk-reward calculus.
Final Takeaway
The debate between Aráoz and his critics is not really about whether DeFi is safe or unsafe — it is about the rate of change in the threat landscape. The tools available to attackers have improved dramatically in 2026, and the defensive ecosystem is racing to catch up. Whether you choose to exit DeFi entirely or stay active with enhanced precautions, the worst possible response is complacency. The security assumptions that held in 2024 do not hold today. Recalibrate accordingly.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making investment decisions.
araoz built openzeppelin and even hes saying get out. thats not fud thats the guy who wrote the security standards telling you the game changed
manuel built the tools everyone uses and hes calling it. when the person who wrote the audit framework says get out, maybe listen
$635 million in April alone across 28 hacks. that number should be the headline on every crypto site, not the BTC price
defenders need to fix every bug, attackers need one. thats the whole problem in one sentence tbh
1.1 billion lost in a year and people still ape into unaudited protocols. the asymmetry araoz describes is exactly why
advising friends and family to exit Aave and MakerDAO is a big deal coming from someone at that level
the verus exploit using tornado cash to fund the wallet is just the standard playbook at this point. mixers gonna mixer