Top-tier audit authority warns: All DeFi is unsafe, withdraw now!
- Core View: OpenZeppelin founder Manuel Aráoz believes that with the exponential enhancement of AI's ability to identify and exploit smart contract vulnerabilities, the DeFi ecosystem has become extremely unsafe, with a severely imbalanced risk-reward ratio. He advises users to withdraw their funds.
- Key Elements:
- OpenZeppelin founder warns all DeFi is no longer safe and advises friends and family to withdraw funds from blue-chip protocols like Aave and MakerDAO.
- AI coding agents can scan open-source code in seconds to unearth zero-day vulnerabilities and automatically generate attack scripts, dramatically exacerbating the asymmetry between attack and defense.
- April 2025 was the most severe security month in DeFi history, with Drift Protocol and Kelp DAO losing $280 million and $292 million, respectively.
- Attacks continued to spread in May, with multiple protocols including THORChain, Verus, Echo Protocol, and SquidRouter being compromised in succession.
- Anthropic trained a 10-trillion-parameter AI model called Mythos, capable of identifying thousands of zero-day vulnerabilities, but its public release was restricted due to excessive risk.
- The real yields of current mainstream DeFi protocols have dropped to single digits, while the principal could be reduced to zero in an instant due to an AI-driven attack, resulting in a severely imbalanced risk-reward ratio.
Original: Odaily Planet Daily (@OdailyChina)
Author: Azuma (@azuma_eth)
“I believe all DeFi is now insecure.”
This assertion left by OpenZeppelin founder Manuel Aráoz on X yesterday dropped like a depth charge, once again shaking the already stagnant DeFi market.
Manuel even stated that he has begun advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols once considered low-risk, such as Aave, MakerDAO, and Compound.
This is not some alarmist talk from an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security system, and OpenZeppelin is one of the industry's leading security audit firms. Its contract libraries, security standards, and audit frameworks have permeated almost the entire DeFi world.
The reason for Manuel's complete change in attitude is AI. Manuel pessimistically believes that AI Coding Agents' ability to identify and exploit smart contract vulnerabilities is increasing exponentially.
This means that problems that previously required top white-hat teams weeks to discover can now be scanned by AI in minutes; past hackers needed long-term research of protocol logic, but now AI can directly automate the analysis of attack paths; previously, DeFi's “openness and transparency” was an advantage, but now it has become the best training corpus for attackers.
Manuel also mentioned an even more fatal issue: smart contract security is essentially a highly asymmetric game – the defender must fix all vulnerabilities, while the attacker only needs to find one to steal funds. With AI beginning to exponentially enhance attack efficiency, this asymmetry is rapidly becoming unbalanced.
The Cold Reality: DeFi as an ATM for Hackers
Looking back at DeFi security incidents over the past few months, you'll find that Manuel's concerns are not exaggerated.
April was arguably the worst month in DeFi history.
- On April 1st (April Fools' Day), Drift Protocol lost $280 million due to an administrative privilege hijacking and multi-signature execution exploit (see details in “April Fools' Joke? Drift Protocol Hacked for Over $280 Million, Possibly the Second Largest DeFi Heist on Solana”).
- Then on April 19th, Kelp DAO lost $292 million after a bridge protocol was breached (see details in “DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?”). The hacker subsequently used lending protocols like Aave to launder the funds, casting a shadow of bad debt and its knock-on effects across the entire DeFi ecosystem.
Entering May, security incidents did not decrease but rather spread further.
- On May 15th, THORChain suffered an attack where a newly joined node operator exploited a vulnerability in the GG20 Threshold Signature Scheme (TSS) to reconstruct the vault's private key and directly execute outbound transactions, causing losses of over $10 million.
- On May 18th, Verus's bridge protocol was attacked. The attacker forged a cross-chain import payload, bypassed verification, and withdrew assets from Ethereum reserves, stealing approximately $11.58 million.
- On May 19th, Echo Protocol on Monad was attacked due to a private key leak. The attacker minted 1000 eBTC (worth $76.7 million) and withdrew funds via Curvance using an attack path that had been tested previously.
- On May 24th, StablR, a compliant stablecoin issuer under the MiCA regulatory framework, was attacked. The hacker profited over $2.8 million by minting additional EURR and USDR, causing EURR and USDR to depeg.
- On May 25th, the SquidRouter module was attacked, resulting in the theft of approximately $3 million in assets from 86 Gnosis Safe wallets.
- On May 27th, a deployer's private key for StakeDAO was leaked on Arbitrum. The attacker minted approximately 5.45 trillion vsdCRV tokens and partially exchanged them for 43.7 ETH before fleeing.
The high frequency of security incidents has sounded the alarm. From on-chain code to off-chain management, DeFi seems to be losing ground across the board.
AI Has Become a Nuclear Weapon for Hackers
Why has the DeFi offensive-defensive dynamic accelerated towards collapse this summer? Beyond traditional advancements in hacking techniques, the rapid progress of AI large models is becoming the ultimate catalyst breaking the balance.
In the past, finding complex smart contract vulnerabilities (especially those involving cross-chain operations, multi-layer nesting, or deeply hidden reentrancy logic) took top hackers weeks or even months of code analysis. However, with the maturation of AI agents possessing ultra-long context windows, strong logical reasoning, and autonomous tool-calling capabilities, this has undergone a qualitative change.
- Second-level Scanning and Global “Zero-Day” Vulnerability Discovery: Attackers only need to feed open-source codebases to next-generation AI reasoning models. In seconds, the AI can simulate hundreds of extreme interaction scenarios like a veteran security expert, precisely identifying boundary conditions that human auditors might miss due to fatigue.
- Automated Attack Script Generation: AI can not only find vulnerabilities but also automatically write, test, and deploy “hacker smart contracts” designed to drain funds.
- Perfect Orchestration of Off-chain DevOps and Social Engineering: AI can disguise itself as a perfect developer for phishing attacks or monitor DeFi teams' GitHub commit history around the clock. Once a team uploads sensitive information or unverified patch code, AI can launch an attack within seconds – far faster than a human security analyst's response time.
In this AI-powered security war, hackers wield nearly unlimited ammunition and second-level attack speeds thanks to AI, while DeFi, constrained by slow-paced governance voting, multi-signature confirmations, and lagging security audits, struggles to mount an adequate defense.
Last month, Anthropic, the AI development company behind Claude, officially announced its next-generation model, Mythos (see details in “Anthropic Created the Most Powerful AI Model Ever, But Dares Not Release It...”). This is the first model in human history to surpass 100 trillion total parameters (in comparison, mainstream current models range from hundreds of billions to one trillion parameters). Its training cost reached an astonishing $10 billion.
However, due to Mythos's specialized capabilities in cybersecurity (Anthropic disclosed that the company identified thousands of zero-day vulnerabilities using Mythos in just a few weeks), Anthropic is hesitant to directly release the model publicly for fear of malicious use by hackers. Instead, it plans to first let major tech giants trial and audit the model through a “Glass Wings” program to preemptively patch potential vulnerabilities.
Given the already severe state of DeFi security, it is difficult to imagine what new threats the industry's defenses will face after Mythos is publicly released.
The Biggest Issue: The Risk-Reward Ratio Has Long Been Broken
For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important issue now is to sit down and do the math.
For a long time, users chose to deposit funds into DeFi seeking annual percentage yields (APY) several times higher than traditional finance. During bull markets or the height of yield farming mania, returns of 10%, 20%, or even more were sufficient to cover the psychological expectation of “potential technical risks.”
But today, this fundamental logic has long been shaken, if not overturned. The risk-reward ratio in DeFi is broken. On the returns side, as the market enters a phase of zero-sum competition and safety cushions thicken, the real yields of most major, relatively reliable DeFi protocols have fallen back to single digits. On the risk side, user principal is exposed to a black box that could be breached by AI at any moment, with funds emptied in seconds by a flash loan attack. If a protocol gets hacked, tokens can go to zero, and liquidity pools can be drained within minutes, with no legal recourse, insurance, or central bank to cover the losses.
Risking a 100% loss of principal to chase roughly a 5% annualized return is clearly not a good deal.
Manuel's words might be slightly absolute, but they tear off DeFi's last fig leaf. Facing the reality where hackers have adopted AI as a standard weapon and security incidents within the industry are constantly erupting, if you are not prepared for the psychological expectation of losing 100% of your principal for the sake of some yield, then “withdrawing your funds as soon as possible and locking in safety” is likely the most rational, risk-management-compliant choice in the current market cycle.
