일선 감사 전문가 경고: 모든 DeFi가 안전하지 않다, 빨리 철수하라!

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

"I believe all DeFi is now insecure."

This assertion left yesterday on X by Manuel Aráoz, founder of OpenZeppelin, hit the already stagnant DeFi market like a depth charge.

Manuel even stated that he has begun advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols once considered low-risk, such as Aave, MakerDAO, and Compound.

This is not alarmist talk from an outsider. Quite the opposite. Manuel himself is one of the core builders of DeFi's security framework. OpenZeppelin is one of the industry's leading security audit firms, and its contract libraries, security standards, and audit frameworks have permeated almost the entire DeFi world.

The reason for Manuel's complete change in attitude is AI. Manuel pessimistically believes that AI Coding Agents' ability to identify and exploit smart contract vulnerabilities is increasing exponentially.

This means that problems that once took top white-hat teams weeks to discover can now be scanned by AI in minutes; attack paths that hackers previously needed to research protocol logic for long periods can now be analyzed automatically by AI; the "public transparency" that was once a DeFi advantage has now become the best training corpus for attackers.

Manuel also mentioned a more fatal problem: smart contract security is essentially a highly asymmetric game – defenders must fix all vulnerabilities, while attackers need only find one to steal funds. With AI beginning to exponentially enhance attack efficiency, this asymmetry is rapidly becoming imbalanced.

The Cold Reality: DeFi Has Become an ATM for Hackers

Looking back at DeFi security incidents over the past few months, you'll find Manuel's concerns are not exaggerated.

April was arguably the worst month in DeFi history.

• On April 1st (April Fools' Day), Drift Protocol suffered a $280 million theft due to an administrator rights hijack and multi-signature execution vulnerability (see April Fools' Joke? Drift Protocol Hacked for Over $280 Million, Potentially the Second Largest DeFi Heist on Solana).
• Then on April 19th, Kelp DAO lost $292 million after a bridge protocol was breached (see DeFi Hacked Again for $292 Million: Is Even Aave Now Insecure?). The hacker subsequently fled via lending protocols like Aave, casting the entire DeFi ecosystem into the shadow of bad debt and its knock-on effects.

Entering May, incidents not only failed to decrease but spread further.

• On May 15th, THORChain was attacked. A newly joined node operator exploited a vulnerability in the GG20 Threshold Signature Scheme (TSS) to reconstruct the vault's private key and directly execute outgoing transactions, causing losses of over $10 million.
• On May 18th, Verus's bridge protocol was attacked. The attacker forged a cross-chain import payload, bypassed verification to withdraw assets from the Ethereum reserve, stealing approximately $11.58 million.
• On May 19th, Echo Protocol on Monad was attacked due to a private key leak. The attacker minted 1,000 eBTC (worth $76.7 million) and withdrew funds via Curvance using a previously tested attack vector.
• On May 24th, StablR, a compliant stablecoin issuer under the MiCA regulatory framework, was attacked. The hacker profited over $2.8 million by minting EURR and USDR, causing EURR and USDR to depeg.
• On May 25th, the SquidRouter module was attacked, leading to the theft of approximately $3 million in assets from 86 Gnosis Safe wallets.
• On May 27th, the private key of the StakeDAO deployer was leaked on Arbitrum. The attacker minted approximately 5.45 trillion vsdCRV and partially exchanged it for 43.7 ETH before fleeing.

The high frequency of security incidents has sounded the alarm. From on-chain code to off-chain management, DeFi seems to be losing ground on all fronts.

AI Has Become the Nuclear Weapon for Hackers

Why is the DeFi offense-defense dynamic accelerating towards collapse this summer? Beyond the evolution of traditional hacking techniques, the rapid advancement of large AI models is becoming the ultimate weight tipping the balance.

In the past, finding a complex smart contract vulnerability (especially those involving cross-chain, multi-layer nesting, or highly concealed reentrancy logic) required top hackers weeks or even months of code analysis. However, with the maturation of AI agents possessing ultra-long context windows, strong logical reasoning, and autonomous tool-calling capabilities, this has undergone a qualitative change.

• Instantaneous Scanning & Global "Zero-Day" Discovery: Attackers only need to feed open-source codebases to next-generation AI reasoning models. The AI can then, in seconds, deduce hundreds of extreme interaction scenarios like a senior security expert, precisely pinpointing boundary conditions that human auditors might miss when fatigued.
• Automated Attack Script Generation: AI can not only find vulnerabilities but also automatically write, test, and deploy "hacker smart contracts" designed to drain funds.
• Perfect Orchestration of Off-Chain DevOps & Social Engineering: AI can impersonate a perfect developer for phishing or monitor DeFi teams' GitHub commits around the clock. Once a team uploads a fix patch containing sensitive info or one that hasn't been properly verified, AI can launch an attack in seconds – far faster than a human security engineer's response time.

In this AI-augmented security war, hackers have virtually unlimited ammunition and attack speeds measured in seconds, while DeFi, constrained by slow governance votes, multi-signature confirmations, and lagging security audits, struggles to mount a corresponding defense.

Last month, Anthropic, the AI company behind Claude, officially unveiled its next-generation model, Mythos (see Anthropic Created the Most Powerful AI Model Ever, but is Afraid to Release It...). This is the first model in human history with total parameters exceeding the 100 trillion mark (for context, current mainstream models have parameters in the hundreds of billions to one trillion range), with a staggering $10 billion training cost.

However, due to Mythos's specialized capabilities in cybersecurity (Anthropic disclosed that in just a few weeks, using Mythos, it identified thousands of zero-day vulnerabilities), Anthropic is hesitant to release the model publicly for fear of malicious use by hackers. Instead, it plans to first implement a "Glass Wings" program for leading companies to trial and troubleshoot, preemptively patching potential vulnerabilities.

The current security situation in DeFi is already this dire; it's hard to imagine what new threats the industry's security defenses will face after the public release of Mythos.

The Biggest Problem: Risk-Reward Ratio is Out of Balance

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important question now is to sit down and do the math.

For a long time, users chose to deposit funds into DeFi seeking annual percentage yields (APY) several times higher than traditional finance. During bull markets or the frenzied days of yield farming, returns of 10%, 20%, or even higher were sufficient to cover the psychological expectation of "potential technical risk."

Today, however, this fundamental logic has been shaken or even overturned. DeFi's risk-reward ratio is already out of balance. On the yield side, as the market enters a zero-sum game and safety buffers thicken, the real yields from most major, relatively reliable DeFi protocols have fallen back to single digits. On the risk side, user principal is exposed in a black box that could be breached by AI at any moment or drained instantly via flash loans. If a protocol suffers a hacker attack, tokens can go to zero and liquidity pools can be drained in minutes, with no legal recourse, insurance, or central bank to cover the losses.

Risking a 100% loss of principal to chase an APY of around 5% is clearly not a good deal.

Manuel's words might be somewhat absolute, but they tear off DeFi's last fig leaf. In the face of the reality where hackers have adopted AI as a standard weapon and security incidents are constantly erupting, if you are not mentally prepared to lose 100% of your principal for the sake of some yield, then "withdrawing your funds as soon as possible and securing your profits" might be the most rational and risk-management-sound choice in the current market cycle.