一线审计大神预警：所有DeFi都不安全，快撤！

Original: Odaily Planet Daily (@OdailyChina)

Author: Azuma (@azuma_eth)

"I believe all DeFi is now insecure."

This assertion made by OpenZeppelin founder Manuel Aráoz on X yesterday hit the already stagnant DeFi market like a depth charge.

Manuel even stated that he has already started advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols once considered low-risk like Aave, MakerDAO, and Compound.

This is not alarmist nonsense from an outsider. Quite the opposite: Manuel himself is one of the core builders of the DeFi security system, and OpenZeppelin is one of the industry's leading security audit firms. Its contract libraries, security standards, and audit frameworks have penetrated almost the entire DeFi world.

The reason for Manuel's complete change in attitude is AI. Manuel pessimistically believes that the capabilities of AI Coding Agents in identifying and exploiting smart contract vulnerabilities are increasing exponentially.

This means problems that previously required top-tier white-hat teams weeks to discover can now be scanned by AI in minutes. Where hackers once needed long-term study of protocol logic, AI can now automatically analyze attack paths. The "public transparency" that was once DeFi's advantage has now become the best training corpus for attackers.

Manuel also raised a more fatal issue: smart contract security is essentially a highly asymmetric game – the defender must fix all vulnerabilities, while the attacker only needs to find one to steal funds. As AI begins to exponentially enhance attack efficiency, this asymmetry is rapidly becoming unbalanced.

The Cold Reality: DeFi is Already an ATM for Hackers

Looking back at DeFi security incidents over the past few months, you'll find Manuel's concerns are not an exaggeration.

April was arguably the worst month in DeFi history.

• On April 1st (April Fools' Day), Drift Protocol was stolen $280 million due to an admin permission hijacking and multi-signature execution vulnerability (see details in "April Fools' Joke? Drift Protocol Hacked for Over $280 Million, Potentially the Second Largest DeFi Heist on Solana").
• Then on April 19th, Kelp DAO lost $292 million after its bridging protocol was breached (see "DeFi Hacked Again for $292 Million; Is Even Aave No Longer Safe?"). Hackers subsequently escaped via lending protocols like Aave, casting a shadow of bad debt and its knock-on effects over the entire DeFi ecosystem.

Entering May, the number of incidents didn't decrease but rather spread further.

• On May 15th, THORChain suffered an attack where a newly joined node operator exploited a vulnerability in the GG20 Threshold Signature Scheme (TSS) to reconstruct the vault's private key and directly execute outbound transactions, causing losses exceeding $10 million.
• On May 18th, Verus's bridging protocol was attacked. The attacker forged cross-chain import payloads, bypassed verification to withdraw assets from Ethereum reserves, stealing approximately $11.58 million.
• On May 19th, Echo Protocol on Monad was attacked due to a private key leak. The attacker minted 1000 eBTC (worth $76.7 million) and withdrew funds via Curvance using a previously tested attack path.
• On May 24th, StablR, a compliant stablecoin issuer under the MiCA regulatory framework, was attacked. Hackers profited over $2.8 million by minting additional EURR and USDR, causing EURR and USDR to de-peg.
• On May 25th, the SquidRouter module was attacked, resulting in the theft of approximately $3 million in assets from 86 Gnosis Safe wallets.
• On May 27th, the deployer's private key for StakeDAO was leaked on Arbitrum. The attacker minted approximately 5.45 trillion vsdCRV and exchanged part of it for 43.7 ETH before escaping.

The high frequency of security incidents has sounded the alarm. From on-chain code to off-chain management, DeFi seems to be losing ground across the board.

AI Has Become the Nuclear Weapon of Hackers

Why has the DeFi offense-defense dynamic accelerated towards collapse this summer? Beyond traditional hacking techniques, the rapid advancement of large AI models is becoming the ultimate weight tipping the scales.

In the past, finding a complex smart contract vulnerability (especially those involving cross-chain, multi-layer nesting, or extremely hidden reentrancy logic) required top hackers weeks or even months of code analysis. However, with the maturation of AI agents possessing ultra-long context windows, strong logical reasoning, and the ability to autonomously call tools, this has undergone a qualitative change.

• Second-Level Scanning & Global "Zero-Day" Vulnerability Discovery: Attackers only need to feed open-source codebases to new-generation AI reasoning models. The AI can then, within seconds, deduce hundreds of extreme interaction scenarios like a senior security expert, precisely pinpointing boundary conditions that human auditors might miss when fatigued.
• Automated Attack Script Generation: AI can not only find vulnerabilities but also automatically write, test, and deploy "hacker smart contracts" designed to drain funds.
• Perfect Orchestration of Off-Chain DevOps and Social Engineering: AI can impersonate a perfect developer for phishing attacks or monitor DeFi teams' GitHub commit history 24/7. Once a team uploads sensitive information or unverified fix code, the AI can launch an attack within seconds – far faster than a human security team's response time.

In this AI-empowered security conflict, hackers possess nearly unlimited ammunition and second-level attack speeds thanks to AI, while DeFi, constrained by slow-paced governance voting, multi-signature confirmations, and lagging security audits, struggles to mount a corresponding defense.

Last month, Anthropic, the AI development company behind Claude, officially announced its new-generation model, Mythos (see "Anthropic Created the Most Powerful AI Model Ever, but Dares Not Release It..."). It is the first model in human history with total parameters exceeding the tens of trillions scale (by comparison, current mainstream models have parameters ranging from hundreds of billions to one trillion). Its training cost reached a staggering $10 billion.

However, due to Mythos's specialized capabilities in cybersecurity (Anthropic disclosed that using Mythos, the company identified thousands of zero-day vulnerabilities in just a few weeks), Anthropic dares not even publicly release the model directly for fear of malicious use by hacker groups. Instead, it plans to first let leading tech companies trial it through a "Glass Wings" project to proactively identify and patch potential vulnerabilities.

The current DeFi security situation is already this severe. It's hard to imagine what new threats the industry's security defenses will face after Mythos is publicly released.

The Biggest Issue: The Risk-Reward Ratio Is Long Broken

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important question now is to sit down and do the math.

For a long time, users chose to deposit funds into DeFi to chase annual percentage yields (APYs) several times higher than traditional finance. During bull markets or the peak of liquidity mining frenzies, yields of 10%, 20%, or even higher were sufficient to offset people's psychological expectations regarding "potential technical risks."

Today, however, this fundamental logic has long been shaken, even overturned. The risk-reward ratio of DeFi is now unbalanced. On the reward side, as the market enters a phase of competition for existing liquidity and safety cushions are built up, the real yields of most mainstream, relatively reliable DeFi protocols have fallen back into single-digit territory. On the risk side, users' principal is exposed to a black box that could be breached by AI at any moment or drained instantly by a flash loan. Once a protocol is hacked, tokens going to zero and liquidity pools being drained often happen within minutes, with no legal, insurance, or central bank guarantee available.

Gambling a 100% loss of principal for a roughly 5% annualized yield is clearly not a good deal.

Manuel's words might be somewhat absolute, but they tear away DeFi's last fig leaf. Facing the reality where hackers have adopted AI as a standard weapon and security incidents continue to erupt across the industry, if you are not mentally prepared to lose 100% of your principal for a certain yield, then "withdrawing funds quickly and securing profits" is perhaps the most rational and risk-management-compliant choice in the current market cycle.